Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
libcef.dll

Overview

General Information

Sample name:libcef.dll
Analysis ID:1365074
MD5:5e66c360265a177475b9f73a334f9629
SHA1:d2c7594fea0a6d2810611523239a61e3d0736b33
SHA256:0d0879633e7bd7be9e0de26afc32856fb34f944b2ae378589b5eb33c9795ca39
Infos:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Installs a raw input device (often for capturing keystrokes)
PE file contains more sections than normal
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 7280 cmdline: loaddll32.exe "C:\Users\user\Desktop\libcef.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 7288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7332 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\libcef.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 7356 cmdline: rundll32.exe "C:\Users\user\Desktop\libcef.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7348 cmdline: rundll32.exe C:\Users\user\Desktop\libcef.dll,GetHandleVerifier MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7416 cmdline: rundll32.exe C:\Users\user\Desktop\libcef.dll,GetMainTargetServices MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7456 cmdline: rundll32.exe C:\Users\user\Desktop\libcef.dll,IsSandboxedProcess MD5: 889B99C52A60DD49227C5E485A016679)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • Key, Mouse, Clipboard, Microphone and Screen Capturing
  • System Summary
  • Data Obfuscation
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: libcef.dllStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
Source: libcef.dllStatic PE information: certificate valid
Source: libcef.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Source: libcef.dllString found in binary or memory: https://www.baidu.com/s?ie={inputEncoding}&wd={searchTerms}https://www.baidu.com/s?ie={inputEncoding}&word={searchTerms}https://www.baidu.com/{google:pathWildcard}/s?ie={inputEncoding}&word={searchTerms}{google:baseURL}#q={searchTerms}{google:baseURL}search#q={searchTerms}{google:baseURL}webhp#q={searchTerms}{google:baseURL}s#q={searchTerms}{google:baseURL}s?q={searchTerms}https://go.mail.ru/msearch?q={searchTerms}&{mailru:referralID}https://m.so.com/s?ie={inputEncoding}&q={searchTerms}https://m.so.com/index.php?ie={inputEncoding}&q={searchTerms}https://m.sogou.com/web/{google:pathWildcard}?ie={inputEncoding}&keyword={searchTerms}http://searchatlas.centrum.cz/?q={searchTerms}http://hladaj.atlas.sk/fulltext/?phrase={searchTerms}http://isearch.avg.com/search?q={searchTerms}http://search.avg.com/route/?q={searchTerms}&lng={language}https://isearch.avg.com/search?q={searchTerms}https://search.avg.com/route/?q={searchTerms}&lng={language}http://search.babylon.com/?q={searchTerms}http://search.conduit.com/Results.aspx?q={searchTerms}http://www.delfi.lt/paieska/?q={searchTerms}http://www.delta-search.com/?q={searchTerms}http://www1.delta-search.com/home?q={searchTerms}http://www1.delta-search.com/?q={searchTerms}http://www2.delta-search.com/home?q={searchTerms}http://www2.delta-search.com/?q={searchTerms}http://www.search.delta-search.com/home?q={searchTerms}http://www.search.delta-search.com/?q={searchTerms}http://www.yhs.delta-search.com/home?q={searchTerms}http://www.yhs.delta-search.com/?q={searchTerms}http://mixidj.delta-search.com/home?q={searchTerms}http://mixidj.delta-search.com/?q={searchTerms}http://search.goo.ne.jp/web.jsp?MT={searchTerms}&IE={inputEncoding}http://search.goo.ne.jp/sgt.jsp?MT={searchTerms}&CL=plugin&FM=json&IE={inputEncoding}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx#q={searchTerms}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx#q={searchTerms}http://start.iminent.com/?q={searchTerms}http://start.iminent.com/StartWeb/1033/homepage/#q={searchTerms}http://search.incredibar.com/?q={searchTerms}http://mystart.incredibar.com/?search={searchTerms}https://www.neti.ee/cgi-bin/otsing?query={searchTerms}&src=webhttps://www.neti.ee/api/suggestOS?suggestVersion=1&suggestQuery={searchTerms}https://nova.rambler.ru/search?query={searchTerms}https://nova.rambler.ru/suggest?v=3&query={searchTerms}http://www.search-results.com/web?q={searchTerms}http://search.snap.do/?q={searchTerms}http://feed.snapdo.com/?q={searchTerms}http://feed.snap.do/?q={searchTerms}http://en.softonic.com/s/{searchTerms}http://www.softonic.com/s/{searchTerms}http://www.softonic.com.br/s/{searchTerms}http://buscador.softonic.com/?q={searchTerms}http://nl.softonic.com/s/{searchTerms}https://search.softonic.com/?q={searchTerms}https://en.softonic.com/s/{searchTerms}https://www.softonic.com/s/{searchTerms}https://www.softonic.com.br/s/{searchTerms}https://buscador.softonic.com/?q={searchTerms}https://nl.softonic.com/s/{searchTerm
Source: libcef.dllString found in binary or memory: http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
Source: libcef.dllString found in binary or memory: http://EVSecure-ocsp.geotrust.com0
Source: libcef.dllString found in binary or memory: http://aia.startssl.com/certs/ca.crt0
Source: libcef.dllString found in binary or memory: http://aia.startssl.com/certs/ca.crt02
Source: libcef.dllString found in binary or memory: http://aia1.wosign.com/ca1-class3-server.cer0
Source: libcef.dllString found in binary or memory: http://aia1.wosign.com/ca1g2-server3.cer0
Source: libcef.dllString found in binary or memory: http://ak.apnstatic.com/media/images/favicon_search-results.ico
Source: libcef.dllString found in binary or memory: http://ak.apnstatic.com/media/images/favicon_search-results.icohttp://dts.search-results.com/sr?lng=
Source: libcef.dllString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: libcef.dllString found in binary or memory: http://arianna.libero.it/search/abin/integrata.cgi?query=
Source: libcef.dllString found in binary or memory: http://autocomplete.nigma.ru/complete/query_help.php?suggest=true&q=
Source: libcef.dllString found in binary or memory: http://buscador.softonic.com/?q=
Source: libcef.dllString found in binary or memory: http://buscador.terra.es/Default.aspx?source=Search&ca=s&query=
Source: libcef.dllString found in binary or memory: http://buscador.terra.es/favicon.ico
Source: libcef.dllString found in binary or memory: http://buscador.terra.es/favicon.icohttp://buscador.terra.es/Default.aspx?source=Search&ca=s&query=
Source: libcef.dllString found in binary or memory: http://buscar.terra.com.ar/Default.aspx?source=Search&ca=s&query=
Source: libcef.dllString found in binary or memory: http://buscar.terra.com.ar/favicon.ico
Source: libcef.dllString found in binary or memory: http://buscar.terra.com.ar/favicon.icohttp://buscar.terra.com.ar/Default.aspx?source=Search&ca=s&que
Source: libcef.dllString found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: libcef.dllString found in binary or memory: http://certificates.godaddy.com/repository100.
Source: libcef.dllString found in binary or memory: http://certs.godaddy.com/repository/1301
Source: libcef.dllString found in binary or memory: http://certs.starfieldtech.com/repository/1402
Source: libcef.dllString found in binary or memory: http://clients3.google.com/cert_upload_json
Source: libcef.dllString found in binary or memory: http://clients3.google.com/cert_upload_json)_
Source: libcef.dllString found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: libcef.dllString found in binary or memory: http://crbug.com
Source: libcef.dllString found in binary or memory: http://crbug.com/1138528
Source: libcef.dllString found in binary or memory: http://crbug.comEnum
Source: libcef.dllString found in binary or memory: http://crl.certum.pl/ca.crl0h
Source: libcef.dllString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: libcef.dllString found in binary or memory: http://crl.entrust.net/2048ca.crl0;
Source: libcef.dllString found in binary or memory: http://crl.entrust.net/g2ca.crl0;
Source: libcef.dllString found in binary or memory: http://crl.entrust.net/rootca1.crl0;
Source: libcef.dllString found in binary or memory: http://crl.geotrust.com/GeoTrustPCA-G3.crl0
Source: libcef.dllString found in binary or memory: http://crl.geotrust.com/crls/gtglobal.crl04
Source: libcef.dllString found in binary or memory: http://crl.geotrust.com/crls/secureca.crl0F
Source: libcef.dllString found in binary or memory: http://crl.geotrust.com/crls/secureca.crl0N
Source: libcef.dllString found in binary or memory: http://crl.globalsign.com/root.crl0V
Source: libcef.dllString found in binary or memory: http://crl.globalsign.net/root.crl0=
Source: libcef.dllString found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl0F
Source: libcef.dllString found in binary or memory: http://crl.godaddy.com/gdroot.crl0F
Source: libcef.dllString found in binary or memory: http://crl.godaddy.com/gds1-20
Source: libcef.dllString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: libcef.dllString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: libcef.dllString found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
Source: libcef.dllString found in binary or memory: http://crl.starfieldtech.com/sfroot-g2.crl0L
Source: libcef.dllString found in binary or memory: http://crl.starfieldtech.com/sfroot.crl0L
Source: libcef.dllString found in binary or memory: http://crl.startssl.com/sfsca.crl0
Source: libcef.dllString found in binary or memory: http://crl.startssl.com/sfsca.crl0f
Source: libcef.dllString found in binary or memory: http://crl.thawte.com/ThawtePCA-G3.crl0
Source: libcef.dllString found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
Source: libcef.dllString found in binary or memory: http://crl.thawte.com/ThawtePremiumServerCA.crl0
Source: libcef.dllString found in binary or memory: http://crl.ws.symantec.com/universal-root.crl0
Source: libcef.dllString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: libcef.dllString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: libcef.dllString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: libcef.dllString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: libcef.dllString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: libcef.dllString found in binary or memory: http://crls1.wosign.com/ca1.crl0m
Source: libcef.dllString found in binary or memory: http://crls1.wosign.com/ca1.crl0q
Source: libcef.dllString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: libcef.dllString found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
Source: libcef.dllString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
Source: libcef.dllString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only#
Source: libcef.dllString found in binary or memory: http://dts.search-results.com/sr?lng=
Source: libcef.dllString found in binary or memory: http://en.softonic.com/s/
Source: libcef.dllString found in binary or memory: http://feed.snap.do/?q=
Source: libcef.dllString found in binary or memory: http://feed.snapdo.com/?q=
Source: libcef.dllString found in binary or memory: http://find.in.gr/?q=
Source: libcef.dllString found in binary or memory: http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
Source: libcef.dllString found in binary or memory: http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.pnghttp://find.in.gr/?q=
Source: libcef.dllString found in binary or memory: http://g.symcb.com/GeoTrustPCA-G3.crl0
Source: libcef.dllString found in binary or memory: http://g.symcb.com/crls/gtglobal.crl0
Source: libcef.dllString found in binary or memory: http://g.symcb.com/crls/gtglobal.crl0.
Source: libcef.dllString found in binary or memory: http://g.symcd.com0
Source: libcef.dllString found in binary or memory: http://g.symcd.com0L
Source: libcef.dllString found in binary or memory: http://g1.delphi.lv/favicon.ico
Source: libcef.dllString found in binary or memory: http://g1.delphi.lv/favicon.icohttp://www.delfi.lv/search_all/?ie=
Source: libcef.dllString found in binary or memory: http://g1.symcb.com/GeoTrustPCA.crl0)
Source: libcef.dllString found in binary or memory: http://g1.symcb.com/crls/gtglobal.crl0/
Source: libcef.dllString found in binary or memory: http://g2.symcb.com0G
Source: libcef.dllString found in binary or memory: http://g2.symcb.com0L
Source: libcef.dllString found in binary or memory: http://google.com
Source: libcef.dllString found in binary or memory: http://google.comhttps://accounts.google.comhttps://www.googleapis.comhttps://oauthaccountmanager.go
Source: libcef.dllString found in binary or memory: http://hladaj.atlas.sk/fulltext/?phrase=
Source: libcef.dllString found in binary or memory: http://i.rl0.ru/2011/icons/rambler.ico
Source: libcef.dllString found in binary or memory: http://i.rl0.ru/2011/icons/rambler.icohttp://nova.rambler.ru/search?query=
Source: libcef.dllString found in binary or memory: http://i.wp.pl/a/i/stg/500/favicon.ico
Source: libcef.dllString found in binary or memory: http://i.wp.pl/a/i/stg/500/favicon.icohttp://szukaj.wp.pl/szukaj.html?q=
Source: libcef.dllString found in binary or memory: http://imgs.sapo.pt/images/sapo.ico
Source: libcef.dllString found in binary or memory: http://imgs.sapo.pt/images/sapo.icohttp://pesquisa.sapo.pt/?q=
Source: libcef.dllString found in binary or memory: http://isearch.avg.com/search?q=
Source: libcef.dllString found in binary or memory: http://isrg.trustid.ocsp.identrust.com0;
Source: libcef.dllString found in binary or memory: http://l.twimg.com/i/hpkp_report
Source: libcef.dllString found in binary or memory: http://l.twimg.com/i/hpkp_report2
Source: libcef.dllString found in binary or memory: http://l.twimg.com/i/hpkp_report9a
Source: libcef.dllString found in binary or memory: http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
Source: libcef.dllString found in binary or memory: http://linkurystoragenorthus.blob.core.windows.net/static/favicon.icohttp://search.snapdo.com/?q=
Source: libcef.dllString found in binary or memory: http://mixidj.delta-search.com/?q=
Source: libcef.dllString found in binary or memory: http://mixidj.delta-search.com/home?q=
Source: libcef.dllString found in binary or memory: http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
Source: libcef.dllString found in binary or memory: http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.icohttp://arianna.libero.it/search/ab
Source: libcef.dllString found in binary or memory: http://mysearch.sweetpacks.com/?q=
Source: libcef.dllString found in binary or memory: http://mystart.incredibar.com/?search=
Source: libcef.dllString found in binary or memory: http://nigma.ru/?s=
Source: libcef.dllString found in binary or memory: http://nigma.ru/themes/nigma/img/favicon.ico
Source: libcef.dllString found in binary or memory: http://nigma.ru/themes/nigma/img/favicon.icohttp://nigma.ru/?s=
Source: libcef.dllString found in binary or memory: http://nl.softonic.com/s/
Source: libcef.dllString found in binary or memory: http://nova.rambler.ru/search?query=
Source: libcef.dllString found in binary or memory: http://nova.rambler.ru/suggest?v=3&query=
Source: libcef.dllString found in binary or memory: http://o.ss2.us/0
Source: libcef.dllString found in binary or memory: http://ocsp.digicert.com0
Source: libcef.dllString found in binary or memory: http://ocsp.digicert.com0K
Source: libcef.dllString found in binary or memory: http://ocsp.digicert.com0M
Source: libcef.dllString found in binary or memory: http://ocsp.entrust.net00
Source: libcef.dllString found in binary or memory: http://ocsp.entrust.net02
Source: libcef.dllString found in binary or memory: http://ocsp.entrust.net03
Source: libcef.dllString found in binary or memory: http://ocsp.geotrust.com0
Source: libcef.dllString found in binary or memory: http://ocsp.geotrust.com0L
Source: libcef.dllString found in binary or memory: http://ocsp.globalsign.com/rootr10
Source: libcef.dllString found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: libcef.dllString found in binary or memory: http://ocsp.godaddy.com/02
Source: libcef.dllString found in binary or memory: http://ocsp.godaddy.com/05
Source: libcef.dllString found in binary or memory: http://ocsp.godaddy.com/0J
Source: libcef.dllString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: libcef.dllString found in binary or memory: http://ocsp.rootg2.amazontrust.com08
Source: libcef.dllString found in binary or memory: http://ocsp.starfieldtech.com/08
Source: libcef.dllString found in binary or memory: http://ocsp.starfieldtech.com/0;
Source: libcef.dllString found in binary or memory: http://ocsp.startssl.com/ca0-
Source: libcef.dllString found in binary or memory: http://ocsp.startssl.com/ca00
Source: libcef.dllString found in binary or memory: http://ocsp.startssl.com00
Source: libcef.dllString found in binary or memory: http://ocsp.thawte.com0
Source: libcef.dllString found in binary or memory: http://ocsp.thawte.com0;
Source: libcef.dllString found in binary or memory: http://ocsp.ws.symantec.com0k
Source: libcef.dllString found in binary or memory: http://ocsp1.wosign.com/ca104
Source: libcef.dllString found in binary or memory: http://ocsp1.wosign.com/ca108
Source: libcef.dllString found in binary or memory: http://ok.hu/gfx/favicon.ico
Source: libcef.dllString found in binary or memory: http://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q=
Source: libcef.dllString found in binary or memory: http://ok.hu/katalogus?q=
Source: libcef.dllString found in binary or memory: http://pca-g3-ocsp.geotrust.com0
Source: libcef.dllString found in binary or memory: http://pesquisa.sapo.pt/?q=
Source: libcef.dllString found in binary or memory: http://pesquisa.sapo.pt/livesapo?q=
Source: libcef.dllString found in binary or memory: http://radce.centrum.cz/?q=
Source: libcef.dllString found in binary or memory: http://report-example.test/test
Source: libcef.dllString found in binary or memory: http://report-example.test/tests
Source: libcef.dllString found in binary or memory: http://repository.certum.pl/ca.cer09
Source: libcef.dllString found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: libcef.dllString found in binary or memory: http://s.ss2.us/r.crl0
Source: libcef.dllString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: libcef.dllString found in binary or memory: http://s2.symcb.com0
Source: libcef.dllString found in binary or memory: http://s2.symcb.com0k
Source: libcef.dllString found in binary or memory: http://search.avg.com/favicon.ico
Source: libcef.dllString found in binary or memory: http://search.avg.com/favicon.icohttp://search.avg.com/search?q=
Source: libcef.dllString found in binary or memory: http://search.avg.com/route/?q=
Source: libcef.dllString found in binary or memory: http://search.avg.com/search?q=
Source: libcef.dllString found in binary or memory: http://search.babylon.com/?q=
Source: libcef.dllString found in binary or memory: http://search.babylon.com/favicon.ico
Source: libcef.dllString found in binary or memory: http://search.babylon.com/favicon.icohttp://search.babylon.com/home?q=
Source: libcef.dllString found in binary or memory: http://search.babylon.com/home?q=
Source: libcef.dllString found in binary or memory: http://search.conduit.com/Results.aspx?q=
Source: libcef.dllString found in binary or memory: http://search.goo.ne.jp/sgt.jsp?MT=
Source: libcef.dllString found in binary or memory: http://search.goo.ne.jp/web.jsp?MT=
Source: libcef.dllString found in binary or memory: http://search.imesh.net/favicon.ico
Source: libcef.dllString found in binary or memory: http://search.imesh.net/favicon.icohttp://search.imesh.net/music?hl=
Source: libcef.dllString found in binary or memory: http://search.imesh.net/music?hl=
Source: libcef.dllString found in binary or memory: http://search.iminent.com/?q=
Source: libcef.dllString found in binary or memory: http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx#q=
Source: libcef.dllString found in binary or memory: http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx#q=
Source: libcef.dllString found in binary or memory: http://search.iminent.com/Shared/Images/favicon_gl.ico
Source: libcef.dllString found in binary or memory: http://search.iminent.com/Shared/Images/favicon_gl.icohttp://search.iminent.com/?q=
Source: libcef.dllString found in binary or memory: http://search.incredibar.com/?q=
Source: libcef.dllString found in binary or memory: http://search.incredibar.com/favicon.ico
Source: libcef.dllString found in binary or memory: http://search.incredibar.com/favicon.icohttp://search.incredibar.com/search.php?q=
Source: libcef.dllString found in binary or memory: http://search.incredibar.com/search.php?q=
Source: libcef.dllString found in binary or memory: http://search.snap.do/?q=
Source: libcef.dllString found in binary or memory: http://search.snapdo.com/?q=
Source: libcef.dllString found in binary or memory: http://search.softonic.com/?q=
Source: libcef.dllString found in binary or memory: http://search.softonic.com/img/favicon.ico
Source: libcef.dllString found in binary or memory: http://search.softonic.com/img/favicon.icohttp://search.softonic.com/?q=
Source: libcef.dllString found in binary or memory: http://search.sweetim.com/favicon.ico
Source: libcef.dllString found in binary or memory: http://search.sweetim.com/favicon.icohttp://search.sweetim.com/search.asp?q=
Source: libcef.dllString found in binary or memory: http://search.sweetim.com/search.asp?q=
Source: libcef.dllString found in binary or memory: http://search.tut.by/?ru=1&query=
Source: libcef.dllString found in binary or memory: http://search.tut.by/favicon.ico
Source: libcef.dllString found in binary or memory: http://search.tut.by/favicon.icohttp://search.tut.by/?ru=1&query=
Source: libcef.dllString found in binary or memory: http://search.walla.co.il/?q=
Source: libcef.dllString found in binary or memory: http://searchatlas.centrum.cz/?q=
Source: libcef.dllString found in binary or memory: http://searchfunmoods.com/favicon.ico
Source: libcef.dllString found in binary or memory: http://searchfunmoods.com/favicon.icohttp://searchfunmoods.com/results.php?q=
Source: libcef.dllString found in binary or memory: http://searchfunmoods.com/results.php?q=
Source: libcef.dllString found in binary or memory: http://start.iminent.com/?q=
Source: libcef.dllString found in binary or memory: http://start.iminent.com/StartWeb/1033/homepage/#q=
Source: libcef.dllString found in binary or memory: http://start.sweetpacks.com/?q=
Source: libcef.dllString found in binary or memory: http://start.sweetpacks.com/favicon.ico
Source: libcef.dllString found in binary or memory: http://start.sweetpacks.com/favicon.icohttp://start.sweetpacks.com/search.asp?q=
Source: libcef.dllString found in binary or memory: http://start.sweetpacks.com/search.asp?q=
Source: libcef.dllString found in binary or memory: http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
Source: libcef.dllString found in binary or memory: http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?p
Source: libcef.dllString found in binary or memory: http://subca.ocsp-certum.com0.
Source: libcef.dllString found in binary or memory: http://subca.ocsp-certum.com01
Source: libcef.dllString found in binary or memory: http://szukaj.wp.pl/szukaj.html?q=
Source: libcef.dllString found in binary or memory: http://t.symcb.com/ThawtePCA.crl0)
Source: libcef.dllString found in binary or memory: http://t.symcd.com01
Source: libcef.dllString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0)
Source: libcef.dllString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0/
Source: libcef.dllString found in binary or memory: http://t2.symcb.com0;
Source: libcef.dllString found in binary or memory: http://t2.symcb.com0A
Source: libcef.dllString found in binary or memory: http://unisolated.invalid
Source: libcef.dllString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: libcef.dllString found in binary or memory: http://www.certum.pl/CPS0
Source: libcef.dllString found in binary or memory: http://www.conduit.com/favicon.ico
Source: libcef.dllString found in binary or memory: http://www.conduit.com/favicon.icohttp://www.conduit.com/search?q=
Source: libcef.dllString found in binary or memory: http://www.conduit.com/search?q=
Source: libcef.dllString found in binary or memory: http://www.delfi.lt/paieska/?q=
Source: libcef.dllString found in binary or memory: http://www.delfi.lv/search_all/?ie=
Source: libcef.dllString found in binary or memory: http://www.delta-search.com/?q=
Source: libcef.dllString found in binary or memory: http://www.delta-search.com/favicon.ico
Source: libcef.dllString found in binary or memory: http://www.delta-search.com/favicon.icohttp://www.delta-search.com/home?q=
Source: libcef.dllString found in binary or memory: http://www.delta-search.com/home?q=
Source: libcef.dllString found in binary or memory: http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
Source: libcef.dllString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: libcef.dllString found in binary or memory: http://www.entrust.net/CPS0
Source: libcef.dllString found in binary or memory: http://www.entrust.net/rpa0
Source: libcef.dllString found in binary or memory: http://www.geotrust.com/resources/cps0
Source: libcef.dllString found in binary or memory: http://www.geotrust.com/resources/cps0)
Source: libcef.dllString found in binary or memory: http://www.geotrust.com/resources/cps06
Source: libcef.dllString found in binary or memory: http://www.geotrust.com/resources/cps0;
Source: libcef.dllString found in binary or memory: http://www.geotrust.com/resources/cps0A
Source: libcef.dllString found in binary or memory: http://www.google.com
Source: libcef.dllString found in binary or memory: http://www.google.com/update2/response
Source: libcef.dllString found in binary or memory: http://www.google.com/update2/responseMissing
Source: libcef.dllString found in binary or memory: http://www.google.comgaia_auth_merge_sessionsStarting
Source: libcef.dllString found in binary or memory: http://www.keynectis.com/PC07
Source: libcef.dllString found in binary or memory: http://www.keynectis.com/PC08
Source: libcef.dllString found in binary or memory: http://www.neti.ee/api/suggestOS?suggestQuery=
Source: libcef.dllString found in binary or memory: http://www.neti.ee/cgi-bin/otsing?query=
Source: libcef.dllString found in binary or memory: http://www.neti.ee/favicon.ico
Source: libcef.dllString found in binary or memory: http://www.neti.ee/favicon.icohttp://www.neti.ee/cgi-bin/otsing?query=
Source: libcef.dllString found in binary or memory: http://www.search-results.com/web?q=
Source: libcef.dllString found in binary or memory: http://www.search.delta-search.com/?q=
Source: libcef.dllString found in binary or memory: http://www.search.delta-search.com/home?q=
Source: libcef.dllString found in binary or memory: http://www.searchnu.com/favicon.ico
Source: libcef.dllString found in binary or memory: http://www.searchnu.com/favicon.icohttp://www.searchnu.com/web?hl=
Source: libcef.dllString found in binary or memory: http://www.searchnu.com/web?hl=
Source: libcef.dllString found in binary or memory: http://www.softonic.com.br/s/
Source: libcef.dllString found in binary or memory: http://www.softonic.com/s/
Source: libcef.dllString found in binary or memory: http://www.startssl.com/intermediate.pdf0
Source: libcef.dllString found in binary or memory: http://www.startssl.com/policy.pdf04
Source: libcef.dllString found in binary or memory: http://www.startssl.com/policy0
Source: libcef.dllString found in binary or memory: http://www.startssl.com/sfsca.crl0
Source: libcef.dllString found in binary or memory: http://www.startssl.com/sfsca.crt0
Source: libcef.dllString found in binary or memory: http://www.symauth.com/cps0(
Source: libcef.dllString found in binary or memory: http://www.symauth.com/rpa0
Source: libcef.dllString found in binary or memory: http://www.symauth.com/rpa0)
Source: libcef.dllString found in binary or memory: http://www.symauth.com/rpa00
Source: libcef.dllString found in binary or memory: http://www.walla.co.il/favicon.ico
Source: libcef.dllString found in binary or memory: http://www.walla.co.il/favicon.icohttp://search.walla.co.il/?q=
Source: libcef.dllString found in binary or memory: http://www.wosign.com/policy/0
Source: libcef.dllString found in binary or memory: http://www.yhs.delta-search.com/?q=
Source: libcef.dllString found in binary or memory: http://www.yhs.delta-search.com/home?q=
Source: libcef.dllString found in binary or memory: http://www.zoznam.sk/hladaj.fcgi?s=
Source: libcef.dllString found in binary or memory: http://www1.delta-search.com/?q=
Source: libcef.dllString found in binary or memory: http://www1.delta-search.com/home?q=
Source: libcef.dllString found in binary or memory: http://www2.delta-search.com/?q=
Source: libcef.dllString found in binary or memory: http://www2.delta-search.com/home?q=
Source: libcef.dllString found in binary or memory: http://x.ss2.us/x.cer0&
Source: libcef.dllString found in binary or memory: https://...
Source: libcef.dllString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: libcef.dllString found in binary or memory: https://ac.search.naver.com/nx/ac?of=os&ie=
Source: libcef.dllString found in binary or memory: https://accountcapabilities-pa.googleapis.com
Source: libcef.dllString found in binary or memory: https://accounts.google.com
Source: libcef.dllString found in binary or memory: https://alekberg.net/privacy
Source: libcef.dllString found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: libcef.dllString found in binary or memory: https://api.oceanhero.today/suggestions?q=
Source: libcef.dllString found in binary or memory: https://api.qwant.com/api/suggest/?q=
Source: libcef.dllString found in binary or memory: https://ar.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://ar.search.yahoo.com/favicon.icohttps://ar.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://ar.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://ar.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://at.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://at.search.yahoo.com/favicon.icohttps://at.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://at.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://at.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://au.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://au.search.yahoo.com/favicon.icohttps://au.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://au.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://au.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://br.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://br.search.yahoo.com/favicon.icohttps://br.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://br.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://br.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=42
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=426
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=426Support
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=42texture-compression-etc2Support
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=434
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=434Support
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=551
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=551dawn-nativeWebGPU
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=690
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=690depth32float-stencil8Support
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=716
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=716depth24unorm-stencil8Support
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=955
Source: libcef.dllString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=955texture-compression-astcSupport
Source: libcef.dllString found in binary or memory: https://buscador.softonic.com/?q=
Source: libcef.dllString found in binary or memory: https://buscador.terra.com.ar/Default.aspx?source=Search&ca=s&query=
Source: libcef.dllString found in binary or memory: https://buscador.terra.es/Default.aspx?source=Search&ca=s&query=
Source: libcef.dllString found in binary or memory: https://ca.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://ca.search.yahoo.com/favicon.icohttps://ca.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://ca.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://ca.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: libcef.dllString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: libcef.dllString found in binary or memory: https://certs.godaddy.com/repository/0
Source: libcef.dllString found in binary or memory: https://certs.starfieldtech.com/repository/0
Source: libcef.dllString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://ch.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html
Source: libcef.dllString found in binary or memory: https://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html/devtools/page/%s?ws=%s%s%sMalforme
Source: libcef.dllString found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: libcef.dllString found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: libcef.dllString found in binary or memory: https://chrome.google.com/webstore/
Source: libcef.dllString found in binary or memory: https://chrome.google.com/webstore/detail/%s
Source: libcef.dllString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: libcef.dllString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: libcef.dllString found in binary or memory: https://chromium.dns.nextdns.io
Source: libcef.dllString found in binary or memory: https://ckintersect-pa.googleapis.com/v1/intersect/langs
Source: libcef.dllString found in binary or memory: https://ckintersect-pa.googleapis.com/v1/intersect/pixels
Source: libcef.dllString found in binary or memory: https://ckintersect-pa.googleapis.com/v1/intersect/pixelslangs_server_urlhttps://ckintersect-pa.goog
Source: libcef.dllString found in binary or memory: https://cl.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://cl.search.yahoo.com/favicon.icohttps://cl.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://cl.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://cl.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://cleanbrowsing.org/privacy
Source: libcef.dllString found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: libcef.dllString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: libcef.dllString found in binary or memory: https://clients3.google.com/ct_upload
Source: libcef.dllString found in binary or memory: https://clients3.google.com/ct_uploadhttps://log.getdropbox.com/log/expectcthttps://scotthelme.repor
Source: libcef.dllString found in binary or memory: https://co.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://co.search.yahoo.com/favicon.icohttps://co.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://co.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://co.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://coccoc.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://coccoc.com/favicon.icohttps://coccoc.com/search#query=
Source: libcef.dllString found in binary or memory: https://coccoc.com/search#query=
Source: libcef.dllString found in binary or memory: https://connectivitycheck.gstatic.com/generate_204
Source: libcef.dllString found in binary or memory: https://connectivitycheck.gstatic.com/generate_204condition_typecondition_valuesvaluematch_typeapp_i
Source: libcef.dllString found in binary or memory: https://crashpad.chromium.org/
Source: libcef.dllString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: libcef.dllString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: libcef.dllString found in binary or memory: https://crbug.com/1161355
Source: libcef.dllString found in binary or memory: https://crbug.com/1214923
Source: libcef.dllString found in binary or memory: https://crbug.com/1234857.
Source: libcef.dllString found in binary or memory: https://crbug.com/1234857.no
Source: libcef.dllString found in binary or memory: https://crbug.com/401439).
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/1016
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/1071
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/1071:
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/1203
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/1264
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/136
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/145
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/155
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/193
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/237
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/27
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/271
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/286
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/342
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/343
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/36
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/402
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/42
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/434
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/480
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/56
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/582
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/633
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/667
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/673
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/776
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/792
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/838:
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/840
Source: libcef.dllString found in binary or memory: https://crbug.com/dawn/960
Source: libcef.dllString found in binary or memory: https://crbug.com/new
Source: libcef.dllString found in binary or memory: https://crbug.com/newCheckIfAudioThreadIsAliveMedia.AudioThreadStatusCreating
Source: libcef.dllString found in binary or memory: https://crbug.com/tint.
Source: libcef.dllString found in binary or memory: https://crbug.com/tint/1003
Source: libcef.dllString found in binary or memory: https://dawn.googlesource.com/dawn/
Source: libcef.dllString found in binary or memory: https://de.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://de.search.yahoo.com/favicon.icohttps://de.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://de.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://de.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://developer.chrome.com/apps/declare_permissions.html
Source: libcef.dllString found in binary or memory: https://developer.chrome.com/apps/declare_permissions.htmlhttps://developer.chrome.com/extensions/ma
Source: libcef.dllString found in binary or memory: https://developer.chrome.com/extensions/manifest.html#permissions
Source: libcef.dllString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: libcef.dllString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: libcef.dllString found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: libcef.dllString found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle
Source: libcef.dllString found in binary or memory: https://dk.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://dk.search.yahoo.com/favicon.icohttps://dk.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://dk.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://dl.gmx.com/apps/favicon.ico
Source: libcef.dllString found in binary or memory: https://dl.gmx.com/apps/favicon.icohttps://search.gmx.com/web/result?q=
Source: libcef.dllString found in binary or memory: https://dl.google.com/dl/softwareremovaltool/win/
Source: libcef.dllString found in binary or memory: https://dl.google.com/dl/softwareremovaltool/win/x64/stable/chrome_cleanup_tool.exe
Source: libcef.dllString found in binary or memory: https://dl.google.com/dl/softwareremovaltool/win/x86/stable/chrome_cleanup_tool.exe
Source: libcef.dllString found in binary or memory: https://dl.google.com/dl/softwareremovaltool/win/x86/stable/chrome_cleanup_tool.exehttps://dl.google
Source: libcef.dllString found in binary or memory: https://dns.google/dns-query
Source: libcef.dllString found in binary or memory: https://dns.quad9.net/dns-query
Source: libcef.dllString found in binary or memory: https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::
Source: libcef.dllString found in binary or memory: https://dns.sb/privacy/
Source: libcef.dllString found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
Source: libcef.dllString found in binary or memory: https://dns.switch.ch/dns-query
Source: libcef.dllString found in binary or memory: https://dns.switch.ch/dns-querydns.switch.ch130.59.31.251130.59.31.2482001:620:0:ff::22001:620:0:ff:
Source: libcef.dllString found in binary or memory: https://dns10.quad9.net/dns-query
Source: libcef.dllString found in binary or memory: https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:103
Source: libcef.dllString found in binary or memory: https://dns11.quad9.net/dns-query
Source: libcef.dllString found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11
Source: libcef.dllString found in binary or memory: https://dns64.dns.google/dns-query
Source: libcef.dllString found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: libcef.dllString found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: libcef.dllString found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: libcef.dllString found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: libcef.dllString found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: libcef.dllString found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: libcef.dllString found in binary or memory: https://doh.cox.net/dns-query
Source: libcef.dllString found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30N
Source: libcef.dllString found in binary or memory: https://doh.dns.sb/dns-query
Source: libcef.dllString found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: libcef.dllString found in binary or memory: https://doh.opendns.com/dns-query
Source: libcef.dllString found in binary or memory: https://doh.quickline.ch/dns-query
Source: libcef.dllString found in binary or memory: https://doh.xfinity.com/dns-query
Source: libcef.dllString found in binary or memory: https://duckduckgo.com/?q=
Source: libcef.dllString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: libcef.dllString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: libcef.dllString found in binary or memory: https://duckduckgo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: libcef.dllString found in binary or memory: https://en.softonic.com/s/
Source: libcef.dllString found in binary or memory: https://es.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://es.search.yahoo.com/favicon.icohttps://es.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://es.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://es.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://fi.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://fi.search.yahoo.com/favicon.icohttps://fi.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://fi.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://fr.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://fr.search.yahoo.com/favicon.icohttps://fr.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://fr.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://fr.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Docs/issues/1005)
Source: libcef.dllString found in binary or memory: https://github.com/WICG/conversion-measurement-api).
Source: libcef.dllString found in binary or memory: https://github.com/gpuweb/gpuweb/issues/1565:
Source: libcef.dllString found in binary or memory: https://go.imgsmail.ru/favicon.ico
Source: libcef.dllString found in binary or memory: https://go.imgsmail.ru/favicon.icohttps://go.mail.ru/search?q=
Source: libcef.dllString found in binary or memory: https://go.mail.ru/chrome/newtab/
Source: libcef.dllString found in binary or memory: https://go.mail.ru/msearch?q=
Source: libcef.dllString found in binary or memory: https://go.mail.ru/search?q=
Source: libcef.dllString found in binary or memory: https://goo.gl/EuHzyv
Source: libcef.dllString found in binary or memory: https://goo.gl/yabPex
Source: libcef.dllString found in binary or memory: https://goo.gle/improved-pwa-offline-detection
Source: libcef.dllString found in binary or memory: https://google.com/cast#__castAppId__=
Source: libcef.dllString found in binary or memory: https://google.com/cast#__castAppId__=PresentationApi.Cast.DIAL.WiredDisplay.AndroidCaf
Source: libcef.dllString found in binary or memory: https://gpuweb.github.io/gpuweb/wgsl/#texel-formats
Source: libcef.dllString found in binary or memory: https://history.google.com/history/api/lookup?client=aesb
Source: libcef.dllString found in binary or memory: https://history.google.com/history/api/lookup?client=aesby
Source: libcef.dllString found in binary or memory: https://history.report-uri.com/r/d/ct/reportOnly
Source: libcef.dllString found in binary or memory: https://hk.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://hk.search.yahoo.com/favicon.icohttps://hk.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://hk.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://hk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://hladaj.atlas.sk/fulltext/?phrase=
Source: libcef.dllString found in binary or memory: https://id.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://id.search.yahoo.com/favicon.icohttps://id.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://id.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://id.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://in.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://in.search.yahoo.com/favicon.icohttps://in.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://in.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://in.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://isearch.avg.com/search?q=
Source: libcef.dllString found in binary or memory: https://lh3.googleusercontent.com
Source: libcef.dllString found in binary or memory: https://lh3.googleusercontent.comdrive/v2/aboutdrive/v2/files/supportsTeamDrivesembedOrigindrive/v2/
Source: libcef.dllString found in binary or memory: https://log.getdropbox.com/hpkp
Source: libcef.dllString found in binary or memory: https://log.getdropbox.com/log/expectct
Source: libcef.dllString found in binary or memory: https://lss.sse-iacapps.com/query?q=
Source: libcef.dllString found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: libcef.dllString found in binary or memory: https://m.google.com/devicemanagement/data/apihttps://chromereporting-pa.googleapis.com/v1/eventshtt
Source: libcef.dllString found in binary or memory: https://m.so.com/index.php?ie=
Source: libcef.dllString found in binary or memory: https://m.so.com/s?ie=
Source: libcef.dllString found in binary or memory: https://m.sogou.com/web/
Source: libcef.dllString found in binary or memory: https://malaysia.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://malaysia.search.yahoo.com/favicon.icohttps://malaysia.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://malaysia.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
Source: libcef.dllString found in binary or memory: https://metager.de/favicon.ico
Source: libcef.dllString found in binary or memory: https://metager.de/favicon.icohttps://metager.de/meta/meta.ger3?eingabe=
Source: libcef.dllString found in binary or memory: https://metager.de/meta/meta.ger3?eingabe=
Source: libcef.dllString found in binary or memory: https://metager.org/meta/meta.ger3?eingabe=
Source: libcef.dllString found in binary or memory: https://monitoring.url.loader.factory.invalid
Source: libcef.dllString found in binary or memory: https://monitoring.url.loader.factory.invalidPermissions
Source: libcef.dllString found in binary or memory: https://mx.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://mx.search.yahoo.com/favicon.icohttps://mx.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://mx.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://mx.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://nextdns.io/privacy
Source: libcef.dllString found in binary or memory: https://nl.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://nl.search.yahoo.com/favicon.icohttps://nl.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://nl.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://nl.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://nl.softonic.com/s/
Source: libcef.dllString found in binary or memory: https://nova.rambler.ru/search?query=
Source: libcef.dllString found in binary or memory: https://nova.rambler.ru/suggest?v=3&query=
Source: libcef.dllString found in binary or memory: https://nz.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://nz.search.yahoo.com/favicon.icohttps://nz.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://nz.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://nz.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://oauthaccountmanager.googleapis.com
Source: libcef.dllString found in binary or memory: https://oceanhero.today/favicon.ico
Source: libcef.dllString found in binary or memory: https://oceanhero.today/favicon.icohttps://oceanhero.today/web?q=
Source: libcef.dllString found in binary or memory: https://oceanhero.today/web?q=
Source: libcef.dllString found in binary or memory: https://odvr.nic.cz/doh
Source: libcef.dllString found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: libcef.dllString found in binary or memory: https://passwordsleakcheck-pa.googleapis.com/v1/leaks:lookupSingle
Source: libcef.dllString found in binary or memory: https://pe.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://pe.search.yahoo.com/favicon.icohttps://pe.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://pe.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://pe.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).
Source: libcef.dllString found in binary or memory: https://petalsearch.com/search?query=
Source: libcef.dllString found in binary or memory: https://ph.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://ph.search.yahoo.com/favicon.icohttps://ph.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://ph.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://ph.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://public.dns.iij.jp/
Source: libcef.dllString found in binary or memory: https://public.dns.iij.jp/IIJ
Source: libcef.dllString found in binary or memory: https://public.dns.iij.jp/dns-query
Source: libcef.dllString found in binary or memory: https://public.dns.iij.jp/dns-queryIijUShttps://nextdns.io/privacyNextDNShttps://chromium.dns.nextdn
Source: libcef.dllString found in binary or memory: https://qc.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://qc.search.yahoo.com/favicon.icohttps://qc.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://qc.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://qc.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://remotedesktop.corp.google.com
Source: libcef.dllString found in binary or memory: https://remotedesktop.google.com
Source: libcef.dllString found in binary or memory: https://remotedesktop.google.comhttps://remotedesktop.corp.google.comp
Source: libcef.dllString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: libcef.dllString found in binary or memory: https://safebrowsing.google.com/safebrowsing
Source: libcef.dllString found in binary or memory: https://safebrowsing.google.com/safebrowsing%s/%s?client=%s&appver=%s&pver=4.0&key=%s&ext=%d&enh=%d.
Source: libcef.dllString found in binary or memory: https://safebrowsing.googleapis.com/v4
Source: libcef.dllString found in binary or memory: https://safesearch.googleapis.com/v1:classify
Source: libcef.dllString found in binary or memory: https://safesearch.googleapis.com/v1:classifyapplication/x-www-form-urlencodedManagedUsers.SafeSites
Source: libcef.dllString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/login
Source: libcef.dllString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/login?key=../../components/safe_browsing/core/br
Source: libcef.dllString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/phishing
Source: libcef.dllString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/phishingP.
Source: libcef.dllString found in binary or memory: https://scotthelme.report-uri.com/r/d/ct/reportOnly
Source: libcef.dllString found in binary or memory: https://se.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://se.search.yahoo.com/favicon.icohttps://se.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://se.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://search-static-dre.dbankcdn.com/pc/v1/favicon.ico
Source: libcef.dllString found in binary or memory: https://search-static-dre.dbankcdn.com/pc/v1/favicon.icohttps://petalsearch.com/search?query=
Source: libcef.dllString found in binary or memory: https://search.avg.com/route/?q=
Source: libcef.dllString found in binary or memory: https://search.daum.net/favicon.ico
Source: libcef.dllString found in binary or memory: https://search.daum.net/favicon.icohttps://search.daum.net/search?w=tot&DA=JU5&q=
Source: libcef.dllString found in binary or memory: https://search.daum.net/search?w=tot&DA=JU5&q=
Source: libcef.dllString found in binary or memory: https://search.gmx.co.uk/web/result?q=
Source: libcef.dllString found in binary or memory: https://search.gmx.com/web/result?q=
Source: libcef.dllString found in binary or memory: https://search.gmx.es/web/result?q=
Source: libcef.dllString found in binary or memory: https://search.gmx.fr/web/result?q=
Source: libcef.dllString found in binary or memory: https://search.goo.ne.jp/cdn/common/img/favicon.ico
Source: libcef.dllString found in binary or memory: https://search.goo.ne.jp/cdn/common/img/favicon.icohttps://search.goo.ne.jp/web.jsp?MT=
Source: libcef.dllString found in binary or memory: https://search.goo.ne.jp/sgt.jsp?MT=
Source: libcef.dllString found in binary or memory: https://search.goo.ne.jp/web.jsp?MT=
Source: libcef.dllString found in binary or memory: https://search.naver.com/search.naver?ie=
Source: libcef.dllString found in binary or memory: https://search.privacywall.org/suggest.php?q=
Source: libcef.dllString found in binary or memory: https://search.seznam.cz/?q=
Source: libcef.dllString found in binary or memory: https://search.seznam.cz/favicon.ico
Source: libcef.dllString found in binary or memory: https://search.seznam.cz/favicon.icohttps://search.seznam.cz/?q=
Source: libcef.dllString found in binary or memory: https://search.seznam.sk/?q=
Source: libcef.dllString found in binary or memory: https://search.seznam.sk/favicon.ico
Source: libcef.dllString found in binary or memory: https://search.seznam.sk/favicon.icohttps://search.seznam.sk/?q=
Source: libcef.dllString found in binary or memory: https://search.softonic.com/?q=
Source: libcef.dllString found in binary or memory: https://search.walla.co.il/?q=
Source: libcef.dllString found in binary or memory: https://search.yahoo.co.jp/favicon.ico
Source: libcef.dllString found in binary or memory: https://search.yahoo.co.jp/favicon.icohttps://search.yahoo.co.jp/search
Source: libcef.dllString found in binary or memory: https://search.yahoo.co.jp/search
Source: libcef.dllString found in binary or memory: https://search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: libcef.dllString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: libcef.dllString found in binary or memory: https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
Source: libcef.dllString found in binary or memory: https://searchatlas.centrum.cz/?q=
Source: libcef.dllString found in binary or memory: https://searchatlas.centrum.cz/favicon.ico
Source: libcef.dllString found in binary or memory: https://searchatlas.centrum.cz/favicon.icohttps://searchatlas.centrum.cz/?q=
Source: libcef.dllString found in binary or memory: https://secureconnect-pa.clients6.google.com/v1:getManagedAccountsSigninRestriction
Source: libcef.dllString found in binary or memory: https://secureconnect-pa.clients6.google.com/v1:getManagedAccountsSigninRestrictionBearer
Source: libcef.dllString found in binary or memory: https://sg.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://sg.search.yahoo.com/favicon.icohttps://sg.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://sg.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://sg.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: libcef.dllString found in binary or memory: https://sp.ask.com/sh/i/a16/favicon/favicon.ico
Source: libcef.dllString found in binary or memory: https://sp.ask.com/sh/i/a16/favicon/favicon.icohttps://www.ask.com/web?q=
Source: libcef.dllString found in binary or memory: https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
Source: libcef.dllString found in binary or memory: https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.icohttps://search.naver.com/search.nav
Source: libcef.dllString found in binary or memory: https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
Source: libcef.dllString found in binary or memory: https://suche.gmx.at/web/result?q=
Source: libcef.dllString found in binary or memory: https://suche.gmx.net/web/result?q=
Source: libcef.dllString found in binary or memory: https://sug.so.360.cn/suggest?encodein=
Source: libcef.dllString found in binary or memory: https://sugg.sogou.com/sugg/ajaj_json.jsp?type=addrbar&key=
Source: libcef.dllString found in binary or memory: https://suggest.search.daum.net/sushi/opensearch/pc?q=
Source: libcef.dllString found in binary or memory: https://suggest.seznam.cz/fulltext_ff?phrase=
Source: libcef.dllString found in binary or memory: https://suggest.seznam.sk/fulltext_ff?phrase=
Source: libcef.dllString found in binary or memory: https://suggest.yandex.by/suggest-ff.cgi?part=
Source: libcef.dllString found in binary or memory: https://suggest.yandex.com.tr/suggest-ff.cgi?part=
Source: libcef.dllString found in binary or memory: https://suggest.yandex.com/suggest-ff.cgi?part=
Source: libcef.dllString found in binary or memory: https://suggest.yandex.kz/suggest-ff.cgi?part=
Source: libcef.dllString found in binary or memory: https://suggest.yandex.ua/suggest-ff.cgi?part=
Source: libcef.dllString found in binary or memory: https://suggestion.baidu.com/su?wd=
Source: libcef.dllString found in binary or memory: https://suggestplugin.gmx.at/s?q=
Source: libcef.dllString found in binary or memory: https://suggestplugin.gmx.co.uk/s?q=
Source: libcef.dllString found in binary or memory: https://suggestplugin.gmx.com/s?q=
Source: libcef.dllString found in binary or memory: https://suggestplugin.gmx.es/s?q=
Source: libcef.dllString found in binary or memory: https://suggestplugin.gmx.fr/s?q=
Source: libcef.dllString found in binary or memory: https://suggestplugin.gmx.net/s?q=
Source: libcef.dllString found in binary or memory: https://suggests.go.mail.ru/chrome?q=
Source: libcef.dllString found in binary or memory: https://support.google.com/chrome?p=bluetooth
Source: libcef.dllString found in binary or memory: https://support.google.com/webtools/answer/9799048
Source: libcef.dllString found in binary or memory: https://support.google.com/webtools/answer/9799048.
Source: libcef.dllString found in binary or memory: https://support.google.com/webtools/answer/9799048.Chrome
Source: libcef.dllString found in binary or memory: https://support.google.com/webtools/answer/9799048Chrome
Source: libcef.dllString found in binary or memory: https://th.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://th.search.yahoo.com/favicon.icohttps://th.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://th.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://th.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://tobiassachs.report-uri.com/r/d/ct/reportOnly
Source: libcef.dllString found in binary or memory: https://tr.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://tr.search.yahoo.com/favicon.icohttps://tr.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://tr.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://tw.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://tw.search.yahoo.com/favicon.icohttps://tw.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://tw.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://tw.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://uk.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://uk.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://ve.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://ve.search.yahoo.com/favicon.icohttps://ve.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://ve.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://ve.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://vn.search.yahoo.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://vn.search.yahoo.com/favicon.icohttps://vn.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://vn.search.yahoo.com/search
Source: libcef.dllString found in binary or memory: https://vn.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: libcef.dllString found in binary or memory: https://w3c.github.io/encrypted-media/#direct-individualization.
Source: libcef.dllString found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-identifier)
Source: libcef.dllString found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-permanent-
Source: libcef.dllString found in binary or memory: https://webpermissionpredictions.googleapis.com/v1:generatePredictions
Source: libcef.dllString found in binary or memory: https://webpermissionpredictions.googleapis.com/v1:generatePredictionspermission-predictions-service
Source: libcef.dllString found in binary or memory: https://www.alphassl.com/repository/03
Source: libcef.dllString found in binary or memory: https://www.amd.com/en/support/apu/amd-series-processors/amd-a8-series-apu-for-laptops/a8-5550m-rade
Source: libcef.dllString found in binary or memory: https://www.ask.com/web?q=
Source: libcef.dllString found in binary or memory: https://www.baidu.com/
Source: libcef.dllString found in binary or memory: https://www.baidu.com/#ie=
Source: libcef.dllString found in binary or memory: https://www.baidu.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://www.baidu.com/favicon.icohttps://www.baidu.com/#ie=
Source: libcef.dllString found in binary or memory: https://www.baidu.com/s?ie=
Source: libcef.dllString found in binary or memory: https://www.chromestatus.com/feature/4800491902992384?utm_source=devtools
Source: libcef.dllString found in binary or memory: https://www.chromestatus.com/feature/5148698084376576
Source: libcef.dllString found in binary or memory: https://www.chromestatus.com/feature/5243055179300864
Source: libcef.dllString found in binary or memory: https://www.chromestatus.com/feature/5243055179300864Chrome
Source: libcef.dllString found in binary or memory: https://www.chromestatus.com/feature/5243055179300864ContentSettings.Popups.StrongBlockerActionsLogB
Source: libcef.dllString found in binary or memory: https://www.chromestatus.com/feature/5669008342777856
Source: libcef.dllString found in binary or memory: https://www.chromestatus.com/feature/5706745674465280
Source: libcef.dllString found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.
Source: libcef.dllString found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.CancelDeferredNavigationWillFailRequestDidComm
Source: libcef.dllString found in binary or memory: https://www.chromestatus.com/feature/6311883621531648
Source: libcef.dllString found in binary or memory: https://www.chromestatus.com/feature/6443143280984064
Source: libcef.dllString found in binary or memory: https://www.chromium.org/blink/origin-trials/portals
Source: libcef.dllString found in binary or memory: https://www.chromium.org/developers/how-tos/api-keys
Source: libcef.dllString found in binary or memory: https://www.chromium.org/developers/how-tos/api-keysdummytokenGOOGLE_API_KEYGOOGLE_API_KEY_REMOTINGG
Source: libcef.dllString found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: libcef.dllString found in binary or memory: https://www.delfi.lt/favicon.ico
Source: libcef.dllString found in binary or memory: https://www.delfi.lt/favicon.icohttps://www.delfi.lt/paieska/?q=
Source: libcef.dllString found in binary or memory: https://www.delfi.lt/paieska/?q=
Source: libcef.dllString found in binary or memory: https://www.digicert.com/CPS0
Source: libcef.dllString found in binary or memory: https://www.ecosia.org/search?q=
Source: libcef.dllString found in binary or memory: https://www.geotrust.com/resources/cps04
Source: libcef.dllString found in binary or memory: https://www.geotrust.com/resources/cps06
Source: libcef.dllString found in binary or memory: https://www.geotrust.com/resources/repository0
Source: libcef.dllString found in binary or memory: https://www.givero.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://www.givero.com/favicon.icohttps://www.givero.com/search?q=
Source: libcef.dllString found in binary or memory: https://www.givero.com/search?q=
Source: libcef.dllString found in binary or memory: https://www.givero.com/suggest?q=
Source: libcef.dllString found in binary or memory: https://www.globalsign.com/repository/0
Source: libcef.dllString found in binary or memory: https://www.globalsign.com/repository/03
Source: libcef.dllString found in binary or memory: https://www.google.com
Source: libcef.dllString found in binary or memory: https://www.google.com/accounts/OAuthLogin
Source: libcef.dllString found in binary or memory: https://www.google.com/accounts/OAuthLoginhttps://www.googleapis.com/auth/chromeosdevicemanagementht
Source: libcef.dllString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: libcef.dllString found in binary or memory: https://www.google.com/speech-api/full-duplex/v1
Source: libcef.dllString found in binary or memory: https://www.google.com/speech-api/full-duplex/v1key=pair=output=pb/down?speech_recognition_downstrea
Source: libcef.dllString found in binary or memory: https://www.google.comSignin.Multilogin.NumberOfAccounts%s:%s?source=%s&reuseCookies=%igaia_auth_mul
Source: libcef.dllString found in binary or memory: https://www.googleapis.com
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/account.capabilities
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/android_checkin
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/any-api
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/chrome-safe-browsing
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/chrome-safe-browsingtailored_security_serviceSafeBrowsing.TailoredSe
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/chromeosdevicemanagement
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/chromesync
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlyextension_downloaderBearer
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/cryptauth
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/drive.readonly
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/firebase.messaging
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/gcm
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/identity.passwords.leak.check
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/kid.family.readonly
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/kid.permission
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/photos.firstparty.readonly
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/photos.image.readonly
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/supportcontent
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/userinfo.profile
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/auth/wallet.chrome
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocatemacAddresssignalStrengthchannelsignalToNoiseRatio
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/spelling/v%d/spelling/check?key=%s
Source: libcef.dllString found in binary or memory: https://www.googleapis.com/spelling/v%d/spelling/check?key=%serrorspellingCheckResponse.misspellings
Source: libcef.dllString found in binary or memory: https://www.gstatic.com/securitykey/a/google.com/origins.json
Source: libcef.dllString found in binary or memory: https://www.gstatic.com/securitykey/origins.json
Source: libcef.dllString found in binary or memory: https://www.gstatic.com/securitykey/origins.jsonhttps://www.gstatic.com/securitykey/a/google.com/ori
Source: libcef.dllString found in binary or memory: https://www.info.com/serp?q=
Source: libcef.dllString found in binary or memory: https://www.info.com/static/www.info.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://www.info.com/static/www.info.com/favicon.icohttps://www.info.com/serp?q=
Source: libcef.dllString found in binary or memory: https://www.intel.com/content/www/us/en/download-center/home.html
Source: libcef.dllString found in binary or memory: https://www.neti.ee/api/suggestOS?suggestVersion=1&suggestQuery=
Source: libcef.dllString found in binary or memory: https://www.neti.ee/cgi-bin/otsing?query=
Source: libcef.dllString found in binary or memory: https://www.nic.cz/odvr/
Source: libcef.dllString found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: libcef.dllString found in binary or memory: https://www.privacywall.org/images/favicon_32x32.ico
Source: libcef.dllString found in binary or memory: https://www.privacywall.org/images/favicon_32x32.icohttps://www.privacywall.org/search/secure/?q=
Source: libcef.dllString found in binary or memory: https://www.privacywall.org/search/secure/?q=
Source: libcef.dllString found in binary or memory: https://www.quad9.net/home/privacy/
Source: libcef.dllString found in binary or memory: https://www.quad9.net/home/privacy/Quad9
Source: libcef.dllString found in binary or memory: https://www.qwant.com/?q=
Source: libcef.dllString found in binary or memory: https://www.qwant.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://www.qwant.com/favicon.icohttps://www.qwant.com/?q=
Source: libcef.dllString found in binary or memory: https://www.so.com/favicon.ico
Source: libcef.dllString found in binary or memory: https://www.so.com/favicon.icohttps://www.so.com/s?ie=
Source: libcef.dllString found in binary or memory: https://www.so.com/s?ie=
Source: libcef.dllString found in binary or memory: https://www.softonic.com.br/s/
Source: libcef.dllString found in binary or memory: https://www.softonic.com/s/
Source: libcef.dllString found in binary or memory: https://www.sogou.com/images/logo/old/favicon.ico
Source: libcef.dllString found in binary or memory: https://www.sogou.com/images/logo/old/favicon.icohttps://www.sogou.com/web?ie=
Source: libcef.dllString found in binary or memory: https://www.sogou.com/web?ie=
Source: libcef.dllString found in binary or memory: https://www.thawte.com/cps0
Source: libcef.dllString found in binary or memory: https://www.thawte.com/cps0)
Source: libcef.dllString found in binary or memory: https://www.thawte.com/cps02
Source: libcef.dllString found in binary or memory: https://www.thawte.com/cps07
Source: libcef.dllString found in binary or memory: https://www.yandex.by/chrome/newtab
Source: libcef.dllString found in binary or memory: https://www.yandex.com.tr/
Source: libcef.dllString found in binary or memory: https://www.yandex.com.tr/chrome/newtab
Source: libcef.dllString found in binary or memory: https://www.yandex.kz/chrome/newtab
Source: libcef.dllString found in binary or memory: https://www.yandex.ua/chrome/newtab
Source: libcef.dllString found in binary or memory: https://www.zoznam.sk/favicon.ico
Source: libcef.dllString found in binary or memory: https://www.zoznam.sk/favicon.icohttps://www.zoznam.sk/hladaj.fcgi?s=
Source: libcef.dllString found in binary or memory: https://www.zoznam.sk/hladaj.fcgi?s=
Source: libcef.dllString found in binary or memory: https://yandex.by/
Source: libcef.dllString found in binary or memory: https://yandex.by/images/search/?rpt=imageview
Source: libcef.dllString found in binary or memory: https://yandex.by/images/search/?rpt=imageviewhttps://www.yandex.by/chrome/newtabhttps://storage.ape
Source: libcef.dllString found in binary or memory: https://yandex.com.tr/gorsel/search?rpt=imageview
Source: libcef.dllString found in binary or memory: https://yandex.com.tr/gorsel/search?rpt=imageviewhttps://www.yandex.com.tr/chrome/newtab
Source: libcef.dllString found in binary or memory: https://yandex.com/images/search?rpt=imageview
Source: libcef.dllString found in binary or memory: https://yandex.com/search/?text=
Source: libcef.dllString found in binary or memory: https://yandex.kz/
Source: libcef.dllString found in binary or memory: https://yandex.kz/images/search/?rpt=imageview
Source: libcef.dllString found in binary or memory: https://yandex.kz/images/search/?rpt=imageviewhttps://www.yandex.kz/chrome/newtab
Source: libcef.dllString found in binary or memory: https://yandex.ua/
Source: libcef.dllString found in binary or memory: https://yandex.ua/images/search/?rpt=imageview
Source: libcef.dllString found in binary or memory: https://yandex.ua/images/search/?rpt=imageviewhttps://www.yandex.ua/chrome/newtab
Source: libcef.dllString found in binary or memory: https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
Source: libcef.dllString found in binary or memory: https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.icohttps://yandex.by/
Source: libcef.dllString found in binary or memory: https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
Source: libcef.dllString found in binary or memory: https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.icohttps://yandex.com/search/?text=
Source: libcef.dllBinary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVEmemstr_7bda514d-5
Source: libcef.dllStatic PE information: Number of sections : 11 > 10
Source: C:\Windows\System32\loaddll32.exeSection loaded: chrome_elf.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: usp10.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: dxva2.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: cryptui.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: credui.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: esent.dllJump to behavior
Source: libcef.dllStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
Source: classification engineClassification label: clean5.winDLL@12/0@0/0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7288:120:WilError_03
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\libcef.dll,GetHandleVerifier
Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\libcef.dll"
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\libcef.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\libcef.dll,GetHandleVerifier
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libcef.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\libcef.dll,GetMainTargetServices
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\libcef.dll,IsSandboxedProcess
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\libcef.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\libcef.dll,GetHandleVerifierJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\libcef.dll,GetMainTargetServicesJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\libcef.dll,IsSandboxedProcessJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libcef.dll",#1Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: libcef.dllStatic PE information: certificate valid
Source: libcef.dllStatic PE information: More than 194 > 100 exports found
Source: libcef.dllStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: libcef.dllStatic file information: File size 146051048 > 1048576
Source: libcef.dllStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x7427600
Source: libcef.dllStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x11ee000
Source: libcef.dllStatic PE information: Raw size of .reloc is bigger than: 0x100000 < 0x4af400
Source: libcef.dllStatic PE information: More than 200 imports for KERNEL32.dll
Source: libcef.dllStatic PE information: More than 200 imports for USER32.dll
Source: libcef.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: libcef.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: libcef.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: libcef.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: libcef.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: libcef.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: libcef.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Source: libcef.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: libcef.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: libcef.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: libcef.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: libcef.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: libcef.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: libcef.dllStatic PE information: section name: .00cfg
Source: libcef.dllStatic PE information: section name: .rodata
Source: libcef.dllStatic PE information: section name: .voltbl
Source: libcef.dllStatic PE information: section name: CPADinfo
Source: libcef.dllStatic PE information: section name: malloc_h
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E6F2D push ebx; retf 003Ah0_2_012E6F3C
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E6F2B push esi; iretd 0_2_012E6F2C
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E3D34 push eax; ret 0_2_012E3D35
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E0A35 push esi; retf 0_2_012E0A4C
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E0A05 push esi; retf 0_2_012E0A1C
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E037D push esi; retf 0_2_012E042C
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E0348 push ecx; retf 0_2_012E037C
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012EC354 push eax; ret 0_2_012EC355
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012EC350 push eax; ret 0_2_012EC351
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E3BA4 push eax; ret 0_2_012E3BA5
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E09BD push esi; retf 0_2_012E09D4
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E678D push eax; iretd 0_2_012E67C4
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E668B push edx; iretd 0_2_012E678C
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E0285 push ecx; retf 0_2_012E037C
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E0497 push esi; retf 0_2_012E09BC
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E02E4 push esi; retf 0_2_012E042C
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E09F1 push esi; retf 0_2_012E0A04
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E9AD8 push eax; ret 0_2_012E9AD9
Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_012E09D5 push esi; retf 0_2_012E09EC
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: libcef.dllBinary or memory string: VMware Fusion 4 has corrupt rendering with Win Vista+
Source: libcef.dllBinary or memory string: VMware, Inc.
Source: libcef.dllBinary or memory string: VMware Inc.
Source: libcef.dllBinary or memory string: Gearway Electronics (Dong Guan) Co., Ltd.VMware Inc.Olimex Ltd.
Source: libcef.dllBinary or memory string: Qemu Audio Device
Source: libcef.dllBinary or memory string: VMware can crash with older drivers and WebGL content
Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libcef.dll",#1Jump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		1
Virtualization/Sandbox Evasion		11
Input Capture		11
Security Software Discovery		Remote Services11
Input Capture		Exfiltration Over Other Network MediumData ObfuscationExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Rundll32		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataSIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager1
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyData Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureTraffic DuplicationProtocol ImpersonationData DestructionVirtual Private ServerEmployee Names
Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1365074 Sample: libcef.dll Startdate: 20/12/2023 Architecture: WINDOWS Score: 5 6 loaddll32.exe 1 2->6         started        process3 8 cmd.exe 1 6->8         started        10 rundll32.exe 6->10         started        12 rundll32.exe 6->12         started        14 2 other processes 6->14 process4 16 rundll32.exe 8->16         started       

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://dns11.quad9.net/dns-query0%Avira URL Cloudsafe
https://search.seznam.sk/favicon.ico0%Avira URL Cloudsafe
https://crbug.com/12149230%Avira URL Cloudsafe
https://crbug.com/dawn/4020%Avira URL Cloudsafe
https://crbug.com/new0%Avira URL Cloudsafe
https://crbug.com/dawn/1071:0%Avira URL Cloudsafe
https://suggestplugin.gmx.co.uk/s?q=0%Avira URL Cloudsafe
https://dns11.quad9.net/dns-query4%VirustotalBrowse
https://crbug.com/dawn/4020%VirustotalBrowse
https://crbug.com/new0%VirustotalBrowse
https://search.seznam.sk/favicon.ico0%VirustotalBrowse
https://crbug.com/12149230%VirustotalBrowse
http://www.walla.co.il/favicon.icohttp://search.walla.co.il/?q=0%Avira URL Cloudsafe
https://www.givero.com/suggest?q=0%Avira URL Cloudsafe
https://crbug.com/dawn/7760%Avira URL Cloudsafe
https://yandex.com.tr/gorsel/search?rpt=imageviewhttps://www.yandex.com.tr/chrome/newtab0%Avira URL Cloudsafe
https://nextdns.io/privacy0%Avira URL Cloudsafe
http://www.walla.co.il/favicon.icohttp://search.walla.co.il/?q=0%VirustotalBrowse
https://crbug.com/dawn/1071:0%VirustotalBrowse
http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?p0%Avira URL Cloudsafe
https://suggestplugin.gmx.co.uk/s?q=0%VirustotalBrowse
https://crbug.com/dawn/7760%VirustotalBrowse
https://crbug.com/tint.0%Avira URL Cloudsafe
https://www.givero.com/suggest?q=0%VirustotalBrowse
https://buscador.terra.com.ar/Default.aspx?source=Search&ca=s&query=0%Avira URL Cloudsafe
https://yandex.com.tr/gorsel/search?rpt=imageviewhttps://www.yandex.com.tr/chrome/newtab0%VirustotalBrowse
https://crbug.com/1234857.0%Avira URL Cloudsafe
http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?p0%VirustotalBrowse
http://crl.rootg2.amazontrust.com/rootg2.crl00%Avira URL Cloudsafe
https://nextdns.io/privacy0%VirustotalBrowse
https://crbug.com/tint.0%VirustotalBrowse
https://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html/devtools/page/%s?ws=%s%s%sMalforme0%Avira URL Cloudsafe
http://aia.startssl.com/certs/ca.crt020%Avira URL Cloudsafe
https://crbug.com/dawn/6330%Avira URL Cloudsafe
http://www.walla.co.il/favicon.ico0%Avira URL Cloudsafe
https://crbug.com/dawn/10710%Avira URL Cloudsafe
http://crl.rootg2.amazontrust.com/rootg2.crl00%VirustotalBrowse
http://aia.startssl.com/certs/ca.crt020%VirustotalBrowse
https://buscador.terra.com.ar/Default.aspx?source=Search&ca=s&query=0%VirustotalBrowse
https://petalsearch.com/search?query=0%Avira URL Cloudsafe
http://www.walla.co.il/favicon.ico0%VirustotalBrowse
https://crbug.com/1234857.0%VirustotalBrowse
https://crbug.com/dawn/10710%VirustotalBrowse
https://crbug.com/dawn/6330%VirustotalBrowse
http://www.google.comgaia_auth_merge_sessionsStarting0%Avira URL Cloudsafe
https://dns.google/dns-query0%Avira URL Cloudsafe
https://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html/devtools/page/%s?ws=%s%s%sMalforme0%VirustotalBrowse
https://oceanhero.today/web?q=0%Avira URL Cloudsafe
https://crbug.com/newCheckIfAudioThreadIsAliveMedia.AudioThreadStatusCreating0%Avira URL Cloudsafe
https://petalsearch.com/search?query=0%VirustotalBrowse
http://subca.ocsp-certum.com0.0%Avira URL Cloudsafe
https://crbug.com/dawn/3430%Avira URL Cloudsafe
https://crbug.com/dawn/3420%Avira URL Cloudsafe
https://crbug.com/dawn/5820%Avira URL Cloudsafe
https://dns.google/dns-query1%VirustotalBrowse
https://crbug.com/newCheckIfAudioThreadIsAliveMedia.AudioThreadStatusCreating0%VirustotalBrowse
https://crbug.com/dawn/5820%VirustotalBrowse
https://oceanhero.today/web?q=0%VirustotalBrowse
https://crbug.com/dawn/3420%VirustotalBrowse
https://crbug.com/dawn/3430%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
https://mx.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=libcef.dllfalse
    		high
    https://www.google.com/speech-api/full-duplex/v1libcef.dllfalse
      		high
      https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchlibcef.dllfalse
        		high
        https://fr.search.yahoo.com/favicon.icolibcef.dllfalse
          		high
          https://search.seznam.sk/favicon.icolibcef.dllfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://doh.familyshield.opendns.com/dns-querylibcef.dllfalse
            		high
            https://crbug.com/newlibcef.dllfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://hk.search.yahoo.com/searchlibcef.dllfalse
              		high
              https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newlibcef.dllfalse
                		high
                https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.icolibcef.dllfalse
                  		high
                  https://crbug.com/dawn/402libcef.dllfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://secureconnect-pa.clients6.google.com/v1:getManagedAccountsSigninRestrictionlibcef.dllfalse
                    		high
                    http://i.wp.pl/a/i/stg/500/favicon.icohttp://szukaj.wp.pl/szukaj.html?q=libcef.dllfalse
                      		high
                      https://dns11.quad9.net/dns-querylibcef.dllfalse
                      • 4%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://crbug.com/1214923libcef.dllfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://crbug.com/dawn/1071:libcef.dllfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://suggestplugin.gmx.co.uk/s?q=libcef.dllfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ca.search.yahoo.com/favicon.icolibcef.dllfalse
                        		high
                        https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/libcef.dllfalse
                          		high
                          http://www.search.delta-search.com/?q=libcef.dllfalse
                            		high
                            http://www.walla.co.il/favicon.icohttp://search.walla.co.il/?q=libcef.dllfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.givero.com/suggest?q=libcef.dllfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://clients3.google.com/ct_uploadlibcef.dllfalse
                              		high
                              https://www.chromestatus.com/feature/5243055179300864ContentSettings.Popups.StrongBlockerActionsLogBlibcef.dllfalse
                                		high
                                http://www.neti.ee/favicon.icohttp://www.neti.ee/cgi-bin/otsing?query=libcef.dllfalse
                                  		high
                                  https://crbug.com/dawn/776libcef.dllfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://yandex.com.tr/gorsel/search?rpt=imageviewhttps://www.yandex.com.tr/chrome/newtablibcef.dllfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.so.com/favicon.icolibcef.dllfalse
                                    		high
                                    https://dk.search.yahoo.com/favicon.icohttps://dk.search.yahoo.com/searchlibcef.dllfalse
                                      		high
                                      https://sb-ssl.google.com/safebrowsing/clientreport/phishingP.libcef.dllfalse
                                        		high
                                        https://at.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=libcef.dllfalse
                                          		high
                                          http://www.search.delta-search.com/home?q=libcef.dllfalse
                                            		high
                                            http://l.twimg.com/i/hpkp_reportlibcef.dllfalse
                                              		high
                                              https://nextdns.io/privacylibcef.dllfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://malaysia.search.yahoo.com/searchlibcef.dllfalse
                                                		high
                                                https://secureconnect-pa.clients6.google.com/v1:getManagedAccountsSigninRestrictionBearerlibcef.dllfalse
                                                  		high
                                                  http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?plibcef.dllfalse
                                                  • 0%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.conduit.com/favicon.icolibcef.dllfalse
                                                    		high
                                                    https://www.chromium.org/developers/how-tos/api-keysdummytokenGOOGLE_API_KEYGOOGLE_API_KEY_REMOTINGGlibcef.dllfalse
                                                      		high
                                                      https://crbug.com/tint.libcef.dllfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://vn.search.yahoo.com/searchlibcef.dllfalse
                                                        		high
                                                        https://developers.google.com/speed/public-dns/privacyGooglelibcef.dllfalse
                                                          		high
                                                          https://www.ask.com/web?q=libcef.dllfalse
                                                            		high
                                                            https://doh.opendns.com/dns-querylibcef.dllfalse
                                                              		high
                                                              https://ph.search.yahoo.com/searchlibcef.dllfalse
                                                                		high
                                                                https://google.com/cast#__castAppId__=libcef.dllfalse
                                                                  		high
                                                                  http://www.conduit.com/favicon.icohttp://www.conduit.com/search?q=libcef.dllfalse
                                                                    		high
                                                                    http://www.symauth.com/cps0(libcef.dllfalse
                                                                      		high
                                                                      https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.icolibcef.dllfalse
                                                                        		high
                                                                        https://tw.search.yahoo.com/favicon.icohttps://tw.search.yahoo.com/searchlibcef.dllfalse
                                                                          		high
                                                                          http://www1.delta-search.com/?q=libcef.dllfalse
                                                                            		high
                                                                            https://buscador.terra.com.ar/Default.aspx?source=Search&ca=s&query=libcef.dllfalse
                                                                            • 0%, Virustotal, Browse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://crbug.com/1234857.libcef.dllfalse
                                                                            • 0%, Virustotal, Browse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://crl.godaddy.com/gdroot-g2.crl0Flibcef.dllfalse
                                                                              		high
                                                                              http://crl.rootg2.amazontrust.com/rootg2.crl0libcef.dllfalse
                                                                              • 0%, Virustotal, Browse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.delfi.lt/paieska/?q=libcef.dllfalse
                                                                                		high
                                                                                http://www.symauth.com/rpa0)libcef.dllfalse
                                                                                  		high
                                                                                  https://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html/devtools/page/%s?ws=%s%s%sMalformelibcef.dllfalse
                                                                                  • 0%, Virustotal, Browse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.delfi.lt/favicon.icohttps://www.delfi.lt/paieska/?q=libcef.dllfalse
                                                                                    		high
                                                                                    http://www.symauth.com/rpa00libcef.dllfalse
                                                                                      		high
                                                                                      https://m.google.com/devicemanagement/data/apilibcef.dllfalse
                                                                                        		high
                                                                                        http://search.imesh.net/music?hl=libcef.dllfalse
                                                                                          		high
                                                                                          https://qc.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=libcef.dllfalse
                                                                                            		high
                                                                                            https://sug.so.360.cn/suggest?encodein=libcef.dllfalse
                                                                                              		high
                                                                                              http://aia.startssl.com/certs/ca.crt02libcef.dllfalse
                                                                                              • 0%, Virustotal, Browse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://cl.search.yahoo.com/favicon.icolibcef.dllfalse
                                                                                                		high
                                                                                                https://yandex.kz/images/search/?rpt=imageviewlibcef.dllfalse
                                                                                                  		high
                                                                                                  https://coccoc.com/search#query=libcef.dllfalse
                                                                                                    		high
                                                                                                    https://chrome.google.com/webstore/libcef.dllfalse
                                                                                                      		high
                                                                                                      https://www.yandex.by/chrome/newtablibcef.dllfalse
                                                                                                        		high
                                                                                                        https://crbug.com/dawn/633libcef.dllfalse
                                                                                                        • 0%, Virustotal, Browse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://ph.search.yahoo.com/favicon.icolibcef.dllfalse
                                                                                                          		high
                                                                                                          http://www.walla.co.il/favicon.icolibcef.dllfalse
                                                                                                          • 0%, Virustotal, Browse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://crbug.com/dawn/1071libcef.dllfalse
                                                                                                          • 0%, Virustotal, Browse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://go.mail.ru/chrome/newtab/libcef.dllfalse
                                                                                                            		high
                                                                                                            https://id.search.yahoo.com/searchlibcef.dllfalse
                                                                                                              		high
                                                                                                              https://uk.search.yahoo.com/searchlibcef.dllfalse
                                                                                                                		high
                                                                                                                http://www.neti.ee/cgi-bin/otsing?query=libcef.dllfalse
                                                                                                                  		high
                                                                                                                  https://certs.starfieldtech.com/repository/0libcef.dllfalse
                                                                                                                    		high
                                                                                                                    https://petalsearch.com/search?query=libcef.dllfalse
                                                                                                                    • 0%, Virustotal, Browse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://www.google.comgaia_auth_merge_sessionsStartinglibcef.dllfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		low
                                                                                                                    http://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q=libcef.dllfalse
                                                                                                                      		high
                                                                                                                      https://bugs.chromium.org/p/dawn/issues/detail?id=690libcef.dllfalse
                                                                                                                        		high
                                                                                                                        http://mysearch.sweetpacks.com/?q=libcef.dllfalse
                                                                                                                          		high
                                                                                                                          https://qc.search.yahoo.com/favicon.icohttps://qc.search.yahoo.com/searchlibcef.dllfalse
                                                                                                                            		high
                                                                                                                            http://aia1.wosign.com/ca1-class3-server.cer0libcef.dllfalse
                                                                                                                              		high
                                                                                                                              https://dns.google/dns-querylibcef.dllfalse
                                                                                                                              • 1%, Virustotal, Browse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://ph.search.yahoo.com/favicon.icohttps://ph.search.yahoo.com/searchlibcef.dllfalse
                                                                                                                                		high
                                                                                                                                https://oceanhero.today/web?q=libcef.dllfalse
                                                                                                                                • 0%, Virustotal, Browse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://crbug.com/newCheckIfAudioThreadIsAliveMedia.AudioThreadStatusCreatinglibcef.dllfalse
                                                                                                                                • 0%, Virustotal, Browse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://ch.search.yahoo.com/favicon.icolibcef.dllfalse
                                                                                                                                  		high
                                                                                                                                  http://subca.ocsp-certum.com0.libcef.dllfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflarelibcef.dllfalse
                                                                                                                                    		high
                                                                                                                                    https://crbug.com/dawn/582libcef.dllfalse
                                                                                                                                    • 0%, Virustotal, Browse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://www.chromestatus.com/feature/4800491902992384?utm_source=devtoolslibcef.dllfalse
                                                                                                                                      		high
                                                                                                                                      http://search.conduit.com/Results.aspx?q=libcef.dllfalse
                                                                                                                                        		high
                                                                                                                                        https://crbug.com/dawn/343libcef.dllfalse
                                                                                                                                        • 0%, Virustotal, Browse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        http://crl.entrust.net/g2ca.crl0;libcef.dllfalse
                                                                                                                                          		high
                                                                                                                                          https://crbug.com/dawn/342libcef.dllfalse
                                                                                                                                          • 0%, Virustotal, Browse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://www.chromestatus.com/feature/6443143280984064libcef.dllfalse
                                                                                                                                            		high

                                                                                                                                            World Map of Contacted IPs

                                                                                                                                            No contacted IP infos

                                                                                                                                            General Information

                                                                                                                                            Joe Sandbox version:38.0.0 Ammolite
                                                                                                                                            Analysis ID:1365074
                                                                                                                                            Start date and time:2023-12-20 15:19:38 +01:00
                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                            Overall analysis duration:0h 4m 38s
                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                            Report type:full
                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                            Number of analysed new started processes analysed:7
                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                            Technologies:
                                                                                                                                            • HCA enabled
                                                                                                                                            • EGA enabled
                                                                                                                                            • AMSI enabled
                                                                                                                                            Analysis Mode:default
                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                            Sample name:libcef.dll
                                                                                                                                            Detection:CLEAN
                                                                                                                                            Classification:clean5.winDLL@12/0@0/0
                                                                                                                                            EGA Information:Failed
                                                                                                                                            HCA Information:
                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                            • Number of executed functions: 0
                                                                                                                                            • Number of non-executed functions: 0
                                                                                                                                            Cookbook Comments:
                                                                                                                                            • Found application associated with file extension: .dll
                                                                                                                                            • Stop behavior analysis, all processes terminated
                                                                                                                                            • Execution Graph export aborted for target loaddll32.exe, PID 7280 because there are no executed function
                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.

                                                                                                                                            Simulations

                                                                                                                                            Behavior and APIs

                                                                                                                                            No simulations

                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                            IPs

                                                                                                                                            No context

                                                                                                                                            Domains

                                                                                                                                            No context

                                                                                                                                            ASNs

                                                                                                                                            No context

                                                                                                                                            JA3 Fingerprints

                                                                                                                                            No context

                                                                                                                                            Dropped Files

                                                                                                                                            No context

                                                                                                                                            Created / dropped Files

                                                                                                                                            No created / dropped files found

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Entropy (8bit):6.981841987965987
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                                                            • DOS Executable Generic (2002/1) 0.20%
                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                            File name:libcef.dll
                                                                                                                                            File size:146'051'048 bytes
                                                                                                                                            MD5:5e66c360265a177475b9f73a334f9629
                                                                                                                                            SHA1:d2c7594fea0a6d2810611523239a61e3d0736b33
                                                                                                                                            SHA256:0d0879633e7bd7be9e0de26afc32856fb34f944b2ae378589b5eb33c9795ca39
                                                                                                                                            SHA512:3c738ae9aaaa07d58636a308c9280a7267a9ae47970f1ac994a38d2383f4e113277b705a493a55316a6c6cf109cde6d52dec4b91c5966b1b81e009b4b7bea7c2
                                                                                                                                            SSDEEP:1572864:Stb+aLdLQl8RrUs+xixKcdEuUAon8SazJnL4BnA3MSa5SG87sbIJ8IlRZ4w14I0x:es/uDo2pACEIJ4nh6m
                                                                                                                                            TLSH:4168AF01A512B27ED49231B2342DF72D6F2052568BA95FD3CBA96CC47F702D3E23A647
                                                                                                                                            File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....1Gb.........."!.....vB...q.....0&>......................................p............@A........................c.`.!.....`.\..

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:0f3149cd4c490307

                                                                                                                                            Static PE Info

                                                                                                                                            General

                                                                                                                                            Entrypoint:0x173e2630
                                                                                                                                            Entrypoint Section:.text
                                                                                                                                            Digitally signed:true
                                                                                                                                            Imagebase:0x10000000
                                                                                                                                            Subsystem:windows cui
                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF
                                                                                                                                            Time Stamp:0x624731DD [Fri Apr 1 17:09:49 2022 UTC]
                                                                                                                                            TLS Callbacks:0x1349d630, 0x134b16c0, 0x173dfe40, 0x134a8200
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:5
                                                                                                                                            OS Version Minor:1
                                                                                                                                            File Version Major:5
                                                                                                                                            File Version Minor:1
                                                                                                                                            Subsystem Version Major:5
                                                                                                                                            Subsystem Version Minor:1
                                                                                                                                            Import Hash:4bf761e3f098e6f4084694a5fcca122c

                                                                                                                                            Authenticode Signature

                                                                                                                                            Signature Valid:true
                                                                                                                                            Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                                            Error Number:0
                                                                                                                                            Not Before, Not After
                                                                                                                                            • 06/05/2022 01:00:00 07/05/2023 00:59:59
                                                                                                                                            Subject Chain
                                                                                                                                            • CN=Laplink Software Inc., O=Laplink Software Inc., S=Washington, C=US
                                                                                                                                            Version:3
                                                                                                                                            Thumbprint MD5:08264774490B89A813062F321C49D966
                                                                                                                                            Thumbprint SHA-1:AE3A7507F84D2A210BEB721C45CECCD23F87C28B
                                                                                                                                            Thumbprint SHA-256:ADC448E2E54879201B94567E031DA60A1B3B203248756442A3CB8BB313F9E3F5
                                                                                                                                            Serial:00EC39B78DF29419D9BEA9F922961FDD05
                                                                                                                                            Instruction
                                                                                                                                            push ebp
                                                                                                                                            mov ebp, esp
                                                                                                                                            cmp dword ptr [ebp+0Ch], 01h
                                                                                                                                            jne 00007F969511D177h
                                                                                                                                            call 00007F969511D18Ah
                                                                                                                                            push dword ptr [ebp+10h]
                                                                                                                                            push dword ptr [ebp+0Ch]
                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                            call 00007F969511D047h
                                                                                                                                            add esp, 0Ch
                                                                                                                                            pop ebp
                                                                                                                                            retn 000Ch
                                                                                                                                            mov ecx, dword ptr [18639C94h]
                                                                                                                                            push esi
                                                                                                                                            push edi
                                                                                                                                            mov edi, BB40E64Eh
                                                                                                                                            mov esi, FFFF0000h
                                                                                                                                            cmp ecx, edi
                                                                                                                                            je 00007F969511D176h
                                                                                                                                            test esi, ecx
                                                                                                                                            jne 00007F969511D198h
                                                                                                                                            call 00007F969511D1A1h
                                                                                                                                            mov ecx, eax
                                                                                                                                            cmp ecx, edi
                                                                                                                                            jne 00007F969511D179h
                                                                                                                                            mov ecx, BB40E64Fh
                                                                                                                                            jmp 00007F969511D180h
                                                                                                                                            test esi, ecx
                                                                                                                                            jne 00007F969511D17Ch
                                                                                                                                            or eax, 00004711h
                                                                                                                                            shl eax, 10h
                                                                                                                                            or ecx, eax
                                                                                                                                            mov dword ptr [18639C94h], ecx
                                                                                                                                            not ecx
                                                                                                                                            pop edi
                                                                                                                                            mov dword ptr [18639C90h], ecx
                                                                                                                                            pop esi
                                                                                                                                            ret
                                                                                                                                            push ebp
                                                                                                                                            mov ebp, esp
                                                                                                                                            sub esp, 14h
                                                                                                                                            and dword ptr [ebp-0Ch], 00000000h
                                                                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                                                                            and dword ptr [ebp-08h], 00000000h
                                                                                                                                            push eax
                                                                                                                                            call dword ptr [1860C5C8h]
                                                                                                                                            mov eax, dword ptr [ebp-08h]
                                                                                                                                            xor eax, dword ptr [ebp-0Ch]
                                                                                                                                            mov dword ptr [ebp-04h], eax
                                                                                                                                            call dword ptr [1860C4CCh]
                                                                                                                                            xor dword ptr [ebp-04h], eax
                                                                                                                                            call dword ptr [1860C4C0h]
                                                                                                                                            xor dword ptr [ebp-04h], eax
                                                                                                                                            lea eax, dword ptr [ebp-14h]
                                                                                                                                            push eax
                                                                                                                                            call dword ptr [1860C77Ch]
                                                                                                                                            mov eax, dword ptr [ebp-10h]
                                                                                                                                            lea ecx, dword ptr [ebp-04h]
                                                                                                                                            xor eax, dword ptr [ebp-14h]
                                                                                                                                            xor eax, dword ptr [ebp-04h]
                                                                                                                                            xor eax, ecx
                                                                                                                                            leave
                                                                                                                                            ret
                                                                                                                                            xor eax, eax
                                                                                                                                            inc eax
                                                                                                                                            retn 000Ch
                                                                                                                                            call 00007F968DD8F8B5h
                                                                                                                                            mov ecx, dword ptr [eax+00h]
                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x86093630x1b21.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x860ae840x35c.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x88630000x234a8.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x8b468000x27e8.reloc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x88870000x4af218.reloc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x854bdec0x1c.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x854b9700x18.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x80d90700xbc.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x860c3380x1158.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x8607b740x1c0.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                            Sections

                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            .text0x10000x74275f50x7427600unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            .rdata0x74290000x11ede4c0x11ee000unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .data0x86170000x245d700x5d000unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .00cfg0x885d0000x40x200False0.033203125data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .rodata0x885e0000x8400xa00False0.148828125DOS executable (COM, 0x8C-variant)4.120654882923641IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            .tls0x885f0000x1610x200False0.05078125data0.18065496743760373IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .voltbl0x88600000x1750x200False0.76171875data5.309393469254304
                                                                                                                                            CPADinfo0x88610000x280x200False0.04296875data0.12227588125913882IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            malloc_h0x88620000x1010x200False0.4453125data4.049691203851296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            .rsrc0x88630000x234a80x23600False0.3108229350706714data4.120305431878829IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .reloc0x88870000x4af2180x4af400unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                            WEVT_TEMPLATE0x8885f280x57adataEnglishUnited States0.3666191155492154
                                                                                                                                            RT_CURSOR0x8864b980x134data0.4837662337662338
                                                                                                                                            RT_CURSOR0x8864ce80x134data0.22402597402597402
                                                                                                                                            RT_CURSOR0x8864e380x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"0.2077922077922078
                                                                                                                                            RT_CURSOR0x8864f880x134data0.461038961038961
                                                                                                                                            RT_CURSOR0x88650d80x134data0.39935064935064934
                                                                                                                                            RT_CURSOR0x88652100xcacdata0.08446362515413071
                                                                                                                                            RT_CURSOR0x8865ee80x134data0.32142857142857145
                                                                                                                                            RT_CURSOR0x88660200xcacdata0.06103575832305795
                                                                                                                                            RT_CURSOR0x8866cf80x10acTarga image data 64 x 65536 x 1 +32 " "0.03280224929709466
                                                                                                                                            RT_CURSOR0x8867dc00x10acTarga image data 64 x 65536 x 1 +32 " "0.07966260543580131
                                                                                                                                            RT_CURSOR0x8868e880x10acTarga image data 64 x 65536 x 1 +32 " "0.07872539831302718
                                                                                                                                            RT_CURSOR0x8869f500x10acTarga image data 64 x 65536 x 1 +32 " "0.07591377694470477
                                                                                                                                            RT_CURSOR0x886b0180x10acTarga image data 64 x 65536 x 1 +32 " "0.03420805998125586
                                                                                                                                            RT_CURSOR0x886c0e00x10acTarga image data 64 x 65536 x 1 +32 " "0.03655107778819119
                                                                                                                                            RT_CURSOR0x886d1a80x10acTarga image data 64 x 65536 x 1 +32 " "0.03795688847235239
                                                                                                                                            RT_CURSOR0x886e2700x10acTarga image data 64 x 65536 x 1 +32 " "0.03303655107778819
                                                                                                                                            RT_CURSOR0x886f3380x10acTarga image data 64 x 65536 x 1 +32 " "0.036785379568884724
                                                                                                                                            RT_CURSOR0x88704000x10acTarga image data 64 x 65536 x 1 +32 " "0.03608247422680412
                                                                                                                                            RT_CURSOR0x88714c80x10acTarga image data 64 x 65536 x 1 +32 " "0.042877225866916585
                                                                                                                                            RT_CURSOR0x88725900x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"0.23376623376623376
                                                                                                                                            RT_CURSOR0x88726e00x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"0.1590909090909091
                                                                                                                                            RT_CURSOR0x88728300x134data0.3181818181818182
                                                                                                                                            RT_CURSOR0x88729800x134data0.30194805194805197
                                                                                                                                            RT_ICON0x8872d880x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.440028901734104
                                                                                                                                            RT_ICON0x88732f00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.43366425992779783
                                                                                                                                            RT_ICON0x8873b980xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.35607675906183367
                                                                                                                                            RT_ICON0x8874a400x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.575354609929078
                                                                                                                                            RT_ICON0x8874ea80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.40619136960600377
                                                                                                                                            RT_ICON0x8875f500x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.29273858921161827
                                                                                                                                            RT_ICON0x88784f80x6d0dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.998388078948311
                                                                                                                                            RT_ICON0x887f2700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.21453900709219859
                                                                                                                                            RT_ICON0x887f6f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.22872340425531915
                                                                                                                                            RT_ICON0x887fb700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.22872340425531915
                                                                                                                                            RT_ICON0x887fff00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.22695035460992907
                                                                                                                                            RT_ICON0x88804700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2154255319148936
                                                                                                                                            RT_ICON0x88808f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.1950354609929078
                                                                                                                                            RT_ICON0x8880d700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.21897163120567376
                                                                                                                                            RT_ICON0x88811f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.21719858156028368
                                                                                                                                            RT_ICON0x88816700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.21099290780141844
                                                                                                                                            RT_ICON0x8881af00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2154255319148936
                                                                                                                                            RT_ICON0x8881f700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2127659574468085
                                                                                                                                            RT_ICON0x88823f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2047872340425532
                                                                                                                                            RT_ICON0x88828700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.22783687943262412
                                                                                                                                            RT_ICON0x8882cf00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.225177304964539
                                                                                                                                            RT_ICON0x88831700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2225177304964539
                                                                                                                                            RT_ICON0x88835f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.20124113475177305
                                                                                                                                            RT_ICON0x8883a700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.20035460992907803
                                                                                                                                            RT_ICON0x8883ef00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.19858156028368795
                                                                                                                                            RT_ICON0x88843700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.20833333333333334
                                                                                                                                            RT_ICON0x88847f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.20656028368794327
                                                                                                                                            RT_ICON0x8884c700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.20656028368794327
                                                                                                                                            RT_ICON0x88850f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2127659574468085
                                                                                                                                            RT_ICON0x88855700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.21365248226950354
                                                                                                                                            RT_ICON0x88859f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.20921985815602837
                                                                                                                                            RT_DIALOG0x88645200xa4dataEnglishUnited States0.7378048780487805
                                                                                                                                            RT_DIALOG0x88645c80xd4dataEnglishUnited States0.6745283018867925
                                                                                                                                            RT_DIALOG0x88646a00xf4dataEnglishUnited States0.6475409836065574
                                                                                                                                            RT_ACCELERATOR0x8872ad00x2b8dataEnglishUnited States0.5287356321839081
                                                                                                                                            RT_MESSAGETABLE0x8885e700xb4dataEnglishUnited States0.6833333333333333
                                                                                                                                            RT_GROUP_CURSOR0x8864cd00x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                                            RT_GROUP_CURSOR0x8864e200x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                                            RT_GROUP_CURSOR0x8864f700x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                            RT_GROUP_CURSOR0x88650c00x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                            RT_GROUP_CURSOR0x8865ec00x22Lotus unknown worksheet or configuration, revision 0x21.0
                                                                                                                                            RT_GROUP_CURSOR0x8866cd00x22Lotus unknown worksheet or configuration, revision 0x21.0
                                                                                                                                            RT_GROUP_CURSOR0x8867da80x14Lotus unknown worksheet or configuration, revision 0x11.2
                                                                                                                                            RT_GROUP_CURSOR0x8868e700x14Lotus unknown worksheet or configuration, revision 0x11.2
                                                                                                                                            RT_GROUP_CURSOR0x8869f380x14Lotus unknown worksheet or configuration, revision 0x11.2
                                                                                                                                            RT_GROUP_CURSOR0x886b0000x14Lotus unknown worksheet or configuration, revision 0x11.2
                                                                                                                                            RT_GROUP_CURSOR0x886c0c80x14Lotus unknown worksheet or configuration, revision 0x11.2
                                                                                                                                            RT_GROUP_CURSOR0x886d1900x14Lotus unknown worksheet or configuration, revision 0x11.2
                                                                                                                                            RT_GROUP_CURSOR0x886e2580x14Lotus unknown worksheet or configuration, revision 0x11.2
                                                                                                                                            RT_GROUP_CURSOR0x886f3200x14Lotus unknown worksheet or configuration, revision 0x11.2
                                                                                                                                            RT_GROUP_CURSOR0x88703e80x14Lotus unknown worksheet or configuration, revision 0x11.2
                                                                                                                                            RT_GROUP_CURSOR0x88714b00x14Lotus unknown worksheet or configuration, revision 0x11.2
                                                                                                                                            RT_GROUP_CURSOR0x88725780x14Lotus unknown worksheet or configuration, revision 0x11.2
                                                                                                                                            RT_GROUP_CURSOR0x88726c80x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                            RT_GROUP_CURSOR0x88728180x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                            RT_GROUP_CURSOR0x88729680x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                            RT_GROUP_CURSOR0x8872ab80x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                            RT_GROUP_ICON0x887f2080x68dataEnglishUnited States0.6826923076923077
                                                                                                                                            RT_GROUP_ICON0x887f6d80x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x887fb580x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x887ffd80x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x88804580x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x88808d80x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x8880d580x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x88811d80x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x88816580x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x8881ad80x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x8881f580x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x88823d80x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x88828580x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x8882cd80x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x88831580x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x88835d80x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x8883a580x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x8883ed80x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x88843580x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x88847d80x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x8884c580x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x88850d80x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x88855580x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x88859d80x14dataEnglishUnited States1.25
                                                                                                                                            RT_GROUP_ICON0x8885e580x14dataEnglishUnited States1.25
                                                                                                                                            RT_VERSION0x88647980x3fcdataEnglishUnited States0.3941176470588235
                                                                                                                                            DLLImport
                                                                                                                                            KERNEL32.dllAcquireSRWLockExclusive, AcquireSRWLockShared, AddVectoredExceptionHandler, AllocConsole, AreFileApisANSI, AssignProcessToJobObject, AttachConsole, CallbackMayRunLong, CancelIo, CancelIoEx, CheckRemoteDebuggerPresent, ClearCommError, CloseHandle, CloseThreadpool, CloseThreadpoolWork, CompareStringW, ConnectNamedPipe, CopyFileW, CreateDirectoryW, CreateEventA, CreateEventW, CreateFileA, CreateFileMappingW, CreateFileW, CreateHardLinkW, CreateIoCompletionPort, CreateJobObjectW, CreateMemoryResourceNotification, CreateMutexW, CreateNamedPipeW, CreateProcessW, CreateRemoteThread, CreateSemaphoreA, CreateSemaphoreW, CreateThread, CreateThreadpool, CreateThreadpoolWork, CreateToolhelp32Snapshot, DebugBreak, DecodePointer, DeleteCriticalSection, DeleteFileA, DeleteFileW, DeleteProcThreadAttributeList, DeviceIoControl, DisconnectNamedPipe, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumResourceNamesW, EnumSystemLocalesEx, EnumSystemLocalesW, EscapeCommFunction, ExitProcess, ExitThread, ExpandEnvironmentStringsW, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationW, FindFirstFileA, FindFirstFileExA, FindFirstFileExW, FindFirstFileW, FindFirstVolumeW, FindNextFileA, FindNextFileW, FindNextVolumeW, FindResourceW, FindVolumeClose, FlsAlloc, FlsSetValue, FlushFileBuffers, FlushInstructionCache, FlushViewOfFile, FoldStringW, FormatMessageA, FormatMessageW, FreeConsole, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, GetACP, GetCPInfo, GetCommModemStatus, GetCommState, GetCommandLineA, GetCommandLineW, GetComputerNameExA, GetComputerNameExW, GetComputerNameW, GetConsoleDisplayMode, GetConsoleMode, GetConsoleOutputCP, GetCurrencyFormatEx, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentProcessorNumber, GetCurrentThread, GetCurrentThreadId, GetDateFormatEx, GetDateFormatW, GetDiskFreeSpaceA, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetDriveTypeW, GetDynamicTimeZoneInformation, GetEnvironmentStringsW, GetEnvironmentVariableA, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesA, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileSize, GetFileSizeEx, GetFileTime, GetFileType, GetFinalPathNameByHandleW, GetFullPathNameA, GetFullPathNameW, GetGeoInfoW, GetLastError, GetLocalTime, GetLocaleInfoEx, GetLocaleInfoW, GetLogicalDriveStringsW, GetLogicalProcessorInformation, GetLongPathNameW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetNumberFormatEx, GetOEMCP, GetOverlappedResult, GetPriorityClass, GetPrivateProfileStringW, GetProcAddress, GetProcessAffinityMask, GetProcessHandleCount, GetProcessHeap, GetProcessHeaps, GetProcessId, GetProcessTimes, GetProductInfo, GetQueuedCompletionStatus, GetShortPathNameW, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDefaultLCID, GetSystemDirectoryA, GetSystemDirectoryW, GetSystemInfo, GetSystemPowerStatus, GetSystemTime, GetSystemTimeAsFileTime, GetTempFileNameA, GetTempPathA, GetTempPathW, GetThreadContext, GetThreadGroupAffinity, GetThreadId, GetThreadLocale, GetThreadPreferredUILanguages, GetThreadPriority, GetThreadTimes, GetTickCount, GetTimeFormatEx, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultLocaleName, GetUserDefaultUILanguage, GetUserGeoID, GetVersionExW, GetVolumeInformationW, GetVolumeNameForVolumeMountPointW, GetVolumePathNameW, GetVolumePathNamesForVolumeNameW, GetWindowsDirectoryA, GetWindowsDirectoryW, GlobalAlloc, GlobalFree, GlobalLock, GlobalMemoryStatusEx, GlobalSize, GlobalUnlock, HeapAlloc, HeapCompact, HeapCreate, HeapDestroy, HeapFree, HeapLock, HeapReAlloc, HeapSetInformation, HeapSize, HeapUnlock, HeapValidate, HeapWalk, InitOnceBeginInitialize, InitOnceComplete, InitOnceExecuteOnce, InitializeConditionVariable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeProcThreadAttributeList, InitializeSListHead, InitializeSRWLock, InterlockedFlushSList, InterlockedPopEntrySList, InterlockedPushEntrySList, IsDebuggerPresent, IsProcessInJob, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32EmptyWorkingSet, K32EnumProcessModules, K32GetMappedFileNameW, K32GetModuleFileNameExW, K32GetModuleInformation, K32GetPerformanceInfo, K32GetProcessMemoryInfo, K32QueryWorkingSetEx, LCIDToLocaleName, LCMapStringW, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadResource, LocalAlloc, LocalFileTimeToFileTime, LocalFree, LocaleNameToLCID, LockFile, LockFileEx, LockResource, MapViewOfFile, Module32FirstW, Module32NextW, MoveFileExW, MoveFileW, MultiByteToWideChar, OpenProcess, OpenThread, OutputDebugStringA, OutputDebugStringW, PeekNamedPipe, PostQueuedCompletionStatus, PowerClearRequest, PowerCreateRequest, PowerSetRequest, Process32FirstW, Process32NextW, ProcessIdToSessionId, PurgeComm, QueryDosDeviceW, QueryFullProcessImageNameW, QueryInformationJobObject, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, QueryUnbiasedInterruptTime, RaiseException, RaiseFailFastException, ReadConsoleW, ReadFile, ReadProcessMemory, RegisterWaitForSingleObject, ReleaseMutex, ReleaseSRWLockExclusive, ReleaseSRWLockShared, ReleaseSemaphore, RemoveDirectoryW, ReplaceFileW, ResetEvent, ResolveLocaleName, ResumeThread, RtlCaptureStackBackTrace, RtlUnwind, SetCommState, SetCommTimeouts, SetConsoleCtrlHandler, SetConsoleTextAttribute, SetCurrentDirectoryW, SetEndOfFile, SetEnvironmentVariableA, SetEnvironmentVariableW, SetErrorMode, SetEvent, SetFileAttributesW, SetFileInformationByHandle, SetFilePointer, SetFilePointerEx, SetFileTime, SetHandleInformation, SetInformationJobObject, SetLastError, SetNamedPipeHandleState, SetPriorityClass, SetProcessDEPPolicy, SetProcessShutdownParameters, SetStdHandle, SetThreadAffinityMask, SetThreadExecutionState, SetThreadPriority, SetThreadpoolThreadMaximum, SetThreadpoolThreadMinimum, SetUnhandledExceptionFilter, SizeofResource, Sleep, SleepConditionVariableCS, SleepConditionVariableSRW, SleepEx, SubmitThreadpoolWork, SuspendThread, SwitchToThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateJobObject, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TransactNamedPipe, TryAcquireSRWLockExclusive, TryAcquireSRWLockShared, TryEnterCriticalSection, TzSpecificLocalTimeToSystemTime, UnhandledExceptionFilter, UnlockFile, UnlockFileEx, UnmapViewOfFile, UnregisterWait, UnregisterWaitEx, UpdateProcThreadAttribute, VerSetConditionMask, VerifyVersionInfoW, VirtualAlloc, VirtualAllocEx, VirtualFree, VirtualFreeEx, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, WaitForThreadpoolWorkCallbacks, WaitNamedPipeW, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile, WriteProcessMemory, lstrcmpiA, lstrcmpiW, lstrlenW
                                                                                                                                            dbghelp.dllStackWalk64, SymCleanup, SymFromAddr, SymFunctionTableAccess64, SymGetLineFromAddr64, SymGetModuleBase64, SymGetSearchPathW, SymInitialize, SymSetOptions, SymSetSearchPathW
                                                                                                                                            WS2_32.dllWSACloseEvent, WSACreateEvent, WSADuplicateSocketW, WSAEnumNameSpaceProvidersW, WSAEnumNetworkEvents, WSAEventSelect, WSAGetLastError, WSAGetOverlappedResult, WSAIoctl, WSALookupServiceBeginW, WSALookupServiceEnd, WSALookupServiceNextW, WSARecvFrom, WSAResetEvent, WSASend, WSASendTo, WSASetEvent, WSASetLastError, WSASetServiceW, WSASocketW, WSAStartup, WSAWaitForMultipleEvents, WSCEnumProtocols, WSCGetProviderPath, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, gethostname, getpeername, getsockname, getsockopt, htonl, htons, inet_ntop, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, send, sendto, setsockopt, shutdown, socket
                                                                                                                                            IPHLPAPI.DLLCancelIPChangeNotify, FreeMibTable, GetAdaptersAddresses, GetAdaptersInfo, GetIfTable2, GetInterfaceInfo, IpReleaseAddress, IpRenewAddress, NotifyAddrChange
                                                                                                                                            OLEAUT32.dllLoadRegTypeLib, LoadTypeLib, SafeArrayAccessData, SafeArrayCreateVector, SafeArrayDestroy, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayGetVartype, SafeArrayPutElement, SafeArrayUnaccessData, SysAllocString, SysAllocStringLen, SysFreeString, SysStringLen, VarBstrCmp, VarUI4FromStr, VariantClear, VariantCopy, VariantInit, VariantTimeToSystemTime
                                                                                                                                            dxgi.dllCreateDXGIFactory1
                                                                                                                                            USER32.dllAdjustWindowRectEx, AllowSetForegroundWindow, BeginPaint, BringWindowToTop, CallNextHookEx, CallWindowProcW, CharLowerW, CharNextW, CharToOemBuffW, CharUpperW, ClientToScreen, ClipCursor, CloseClipboard, CloseDesktop, CloseTouchInputHandle, CloseWindowStation, CreateCaret, CreateDesktopW, CreateDialogParamW, CreateIconIndirect, CreatePopupMenu, CreateWindowExW, CreateWindowStationW, DdeClientTransaction, DdeConnect, DdeCreateStringHandleW, DdeDisconnect, DdeFreeStringHandle, DdeGetLastError, DdeInitializeW, DdeUninitialize, DefRawInputProc, DefWindowProcW, DestroyCaret, DestroyIcon, DestroyMenu, DestroyWindow, DispatchMessageW, DisplayConfigGetDeviceInfo, DrawEdge, DrawFocusRect, DrawFrameControl, DrawIconEx, DrawTextExW, EmptyClipboard, EnableMenuItem, EnableWindow, EndMenu, EndPaint, EnumChildWindows, EnumDisplayDevicesW, EnumDisplayMonitors, EnumDisplaySettingsExW, EnumDisplaySettingsW, EnumThreadWindows, EnumWindows, EqualRect, ExitWindowsEx, FillRect, FindWindowExW, FindWindowW, FlashWindowEx, FrameRect, GetActiveWindow, GetAncestor, GetAsyncKeyState, GetCapture, GetCaretBlinkTime, GetClassInfoExW, GetClassLongW, GetClassNameW, GetClientRect, GetClipboardData, GetClipboardSequenceNumber, GetCursorInfo, GetCursorPos, GetDC, GetDesktopWindow, GetDisplayConfigBufferSizes, GetDlgItem, GetDlgItemTextW, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetGuiResources, GetIconInfo, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardLayoutNameW, GetKeyboardState, GetLastInputInfo, GetLayeredWindowAttributes, GetMenu, GetMenuInfo, GetMenuItemCount, GetMenuItemInfoW, GetMenuState, GetMessageExtraInfo, GetMessagePos, GetMessageTime, GetMessageW, GetMonitorInfoA, GetMonitorInfoW, GetParent, GetProcessWindowStation, GetPropW, GetQueueStatus, GetRawInputData, GetRawInputDeviceInfoW, GetRawInputDeviceList, GetSubMenu, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetThreadDesktop, GetTopWindow, GetUserObjectInformationW, GetUserObjectSecurity, GetWindow, GetWindowDC, GetWindowLongW, GetWindowPlacement, GetWindowRect, GetWindowRgn, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, InflateRect, InsertMenuItemW, IntersectRect, InvalidateRect, InvertRect, IsChild, IsClipboardFormatAvailable, IsDialogMessageW, IsIconic, IsRectEmpty, IsWindow, IsWindowEnabled, IsWindowVisible, IsZoomed, KillTimer, LoadCursorW, LoadIconW, LoadImageW, LoadStringW, MapVirtualKeyExW, MapVirtualKeyW, MapWindowPoints, MessageBeep, MessageBoxW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjectsEx, NotifyWinEvent, OemToCharA, OemToCharBuffA, OffsetRect, OpenClipboard, OpenInputDesktop, PeekMessageW, PostMessageW, PostQuitMessage, PostThreadMessageW, PrintWindow, PtInRect, QueryDisplayConfig, RedrawWindow, RegisterClassExW, RegisterClassW, RegisterClipboardFormatW, RegisterDeviceNotificationW, RegisterHotKey, RegisterPowerSettingNotification, RegisterRawInputDevices, RegisterTouchWindow, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, RemovePropW, ScreenToClient, SendInput, SendMessageTimeoutW, SendMessageW, SetCapture, SetCaretPos, SetClipboardData, SetCursor, SetCursorPos, SetDlgItemTextW, SetFocus, SetForegroundWindow, SetKeyboardState, SetMenuDefaultItem, SetMenuInfo, SetMenuItemInfoW, SetParent, SetProcessDPIAware, SetProcessWindowStation, SetPropW, SetRect, SetRectEmpty, SetThreadDesktop, SetTimer, SetWinEventHook, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowRgn, SetWindowTextW, SetWindowsHookExW, ShowCursor, ShowWindow, SystemParametersInfoW, ToUnicodeEx, TrackMouseEvent, TrackPopupMenu, TranslateMessage, UnhookWinEvent, UnhookWindowsHookEx, UnregisterClassW, UnregisterDeviceNotification, UnregisterHotKey, UnregisterPowerSettingNotification, UpdateLayeredWindow, WindowFromPoint
                                                                                                                                            WINMM.dllmidiInAddBuffer, midiInClose, midiInGetDevCapsW, midiInGetNumDevs, midiInOpen, midiInPrepareHeader, midiInReset, midiInStart, midiInUnprepareHeader, midiOutClose, midiOutGetDevCapsW, midiOutGetNumDevs, midiOutLongMsg, midiOutOpen, midiOutPrepareHeader, midiOutReset, midiOutShortMsg, midiOutUnprepareHeader, timeBeginPeriod, timeEndPeriod, timeGetTime, waveInGetNumDevs, waveOutClose, waveOutGetNumDevs, waveOutOpen, waveOutPause, waveOutPrepareHeader, waveOutReset, waveOutRestart, waveOutUnprepareHeader, waveOutWrite
                                                                                                                                            PROPSYS.dllInitPropVariantFromCLSID, PSCreateMemoryPropertyStore, PSGetPropertyKeyFromName, VariantCompare
                                                                                                                                            GDI32.dllAddFontMemResourceEx, BeginPath, BitBlt, CancelDC, CloseEnhMetaFile, CloseFigure, CombineRgn, CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCW, CreateDIBSection, CreateEnhMetaFileW, CreateFontA, CreateFontIndirectA, CreateFontIndirectW, CreateFontW, CreatePen, CreatePolygonRgn, CreateRectRgn, CreateRectRgnIndirect, CreateSolidBrush, DeleteDC, DeleteEnhMetaFile, DeleteObject, EndDoc, EndPage, EndPath, EnumEnhMetaFile, EnumFontFamiliesExA, EnumFontFamiliesExW, EqualRgn, ExtCreatePen, ExtEscape, ExtTextOutW, FillPath, GdiAlphaBlend, GdiComment, GdiFlush, GetBkColor, GetCharABCWidthsW, GetCharWidthW, GetClipBox, GetClipRgn, GetCurrentObject, GetDIBits, GetDeviceCaps, GetEnhMetaFileBits, GetEnhMetaFileHeader, GetFontData, GetFontUnicodeRanges, GetGlyphIndicesW, GetGlyphOutlineW, GetICMProfileW, GetObjectType, GetObjectW, GetOutlineTextMetricsW, GetRegionData, GetRgnBox, GetStockObject, GetTextExtentPointI, GetTextFaceA, GetTextFaceW, GetTextMetricsW, GetWorldTransform, IntersectClipRect, LineTo, ModifyWorldTransform, MoveToEx, PlayEnhMetaFile, PlayEnhMetaFileRecord, PolyBezierTo, PtInRegion, RemoveFontMemResourceEx, RestoreDC, SaveDC, SelectClipPath, SelectClipRgn, SelectObject, SetAbortProc, SetArcDirection, SetBkColor, SetBkMode, SetBrushOrgEx, SetDCBrushColor, SetDCPenColor, SetDIBits, SetDIBitsToDevice, SetEnhMetaFileBits, SetGraphicsMode, SetMiterLimit, SetPolyFillMode, SetROP2, SetRectRgn, SetStretchBltMode, SetTextAlign, SetTextColor, SetWorldTransform, StartDocW, StartPage, StretchBlt, StretchDIBits, StrokeAndFillPath, StrokePath, WidenPath
                                                                                                                                            UIAutomationCore.DLLUiaGetReservedMixedAttributeValue, UiaGetReservedNotSupportedValue, UiaHostProviderFromHwnd, UiaRaiseAutomationEvent, UiaRaiseAutomationPropertyChangedEvent, UiaRaiseStructureChangedEvent, UiaReturnRawElementProvider
                                                                                                                                            OLEACC.dllAccessibleChildren, AccessibleObjectFromWindow, CreateStdAccessibleObject, LresultFromObject, WindowFromAccessibleObject
                                                                                                                                            Secur32.dllAcquireCredentialsHandleA, AcquireCredentialsHandleW, CompleteAuthToken, DeleteSecurityContext, FreeContextBuffer, FreeCredentialsHandle, GetUserNameExW, InitializeSecurityContextA, InitializeSecurityContextW, LsaConnectUntrusted, LsaDeregisterLogonProcess, LsaFreeReturnBuffer, LsaLogonUser, QueryContextAttributesW, QuerySecurityPackageInfoW
                                                                                                                                            USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, EnterCriticalPolicySection, LeaveCriticalPolicySection, RegisterGPNotification, UnregisterGPNotification
                                                                                                                                            NETAPI32.dllDsRoleFreeMemory, DsRoleGetPrimaryDomainInformation, NetApiBufferFree, NetGetJoinInformation, NetUserGetInfo
                                                                                                                                            SHELL32.dllCommandLineToArgvW, DragQueryFileW, SHAppBarMessage, SHBrowseForFolderW, SHChangeNotify, SHCreateItemFromParsingName, SHGetDesktopFolder, SHGetFileInfoW, SHGetFolderPathW, SHGetKnownFolderPath, SHGetMalloc, SHGetPathFromIDListW, SHGetPropertyStoreForWindow, SHGetSpecialFolderLocation, SHGetSpecialFolderPathW, SHGetStockIconInfo, SHOpenFolderAndSelectItems, SHOpenWithDialog, SHQueryUserNotificationState, ShellExecuteA, ShellExecuteExW, ShellExecuteW, Shell_NotifyIconW
                                                                                                                                            WINTRUST.dllCryptCATAdminAcquireContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, CryptCATAdminReleaseContext, CryptCATCatalogInfoFromContext, WTHelperProvDataFromStateData, WinVerifyTrust
                                                                                                                                            COMCTL32.dllInitCommonControlsEx
                                                                                                                                            WTSAPI32.dllWTSFreeMemory, WTSQuerySessionInformationW, WTSRegisterSessionNotification, WTSUnRegisterSessionNotification
                                                                                                                                            HID.DLLHidD_FreePreparsedData, HidD_GetAttributes, HidD_GetPreparsedData, HidD_GetProductString, HidD_GetSerialNumberString, HidP_GetButtonCaps, HidP_GetCaps, HidP_GetScaledUsageValue, HidP_GetUsageValue, HidP_GetUsagesEx, HidP_GetValueCaps
                                                                                                                                            CRYPT32.dllCertAddCertificateContextToStore, CertAddEncodedCertificateToStore, CertAddStoreToCollection, CertCloseStore, CertCompareCertificateName, CertCreateCTLContext, CertCreateCertificateChainEngine, CertDuplicateCertificateContext, CertFindCertificateInStore, CertFindChainInStore, CertFindExtension, CertFreeCTLContext, CertFreeCertificateChain, CertFreeCertificateChainEngine, CertFreeCertificateContext, CertGetCertificateChain, CertGetCertificateContextProperty, CertGetEnhancedKeyUsage, CertGetIntendedKeyUsage, CertGetIssuerCertificateFromStore, CertGetNameStringW, CertOpenStore, CertOpenSystemStoreW, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CertVerifyTimeValidity, CryptAcquireCertificatePrivateKey, CryptDecodeObjectEx, CryptInstallOIDFunctionAddress, CryptMsgClose, CryptMsgGetParam, CryptProtectData, CryptQueryObject, CryptUnprotectData, CryptVerifyCertificateSignatureEx
                                                                                                                                            chrome_elf.dllClearReportsBetween_ExportThunk, CrashForException_ExportThunk, DumpHungProcessWithPtype_ExportThunk, GetCrashReports_ExportThunk, GetInstallDetailsPayload, GetUserDataDirectoryThunk, InjectDumpForHungInput_ExportThunk, IsThirdPartyInitialized, RequestSingleCrashUpload_ExportThunk, SetMetricsClientId, SetUploadConsent_ExportThunk, SignalChromeElf, SignalInitializeCrashReporting
                                                                                                                                            VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
                                                                                                                                            SHLWAPI.dllAssocQueryStringW, PathFindExtensionW, PathFindFileNameW, PathMatchSpecW, PathRemoveExtensionW
                                                                                                                                            DWrite.dllDWriteCreateFactory
                                                                                                                                            dwmapi.dllDwmDefWindowProc, DwmExtendFrameIntoClientArea, DwmGetCompositionTimingInfo, DwmGetWindowAttribute, DwmIsCompositionEnabled, DwmSetWindowAttribute
                                                                                                                                            UxTheme.dllCloseThemeData, DrawThemeBackground, GetThemeBackgroundContentRect, GetThemePartSize, OpenThemeData
                                                                                                                                            ncrypt.dllNCryptCreatePersistedKey, NCryptExportKey, NCryptFinalizeKey, NCryptFreeObject, NCryptGetProperty, NCryptImportKey, NCryptIsAlgSupported, NCryptOpenStorageProvider, NCryptSignHash
                                                                                                                                            USP10.dllScriptFreeCache, ScriptItemize, ScriptShape
                                                                                                                                            WINSPOOL.DRVClosePrinter, DeviceCapabilitiesW, DocumentPropertiesW, EnumPrintersW, GetPrinterDriverW, GetPrinterW, OpenPrinterW
                                                                                                                                            d3d9.dllDirect3DCreate9Ex
                                                                                                                                            dxva2.dllDXVA2CreateDirect3DDeviceManager9, DXVA2CreateVideoService
                                                                                                                                            COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW, PrintDlgExW
                                                                                                                                            CRYPTUI.dllCryptUIDlgCertMgr, CryptUIDlgViewCertificateW
                                                                                                                                            IMM32.dllImmAssociateContextEx, ImmGetCompositionStringW, ImmGetContext, ImmGetConversionStatus, ImmGetIMEFileNameW, ImmNotifyIME, ImmReleaseContext, ImmSetCandidateWindow, ImmSetCompositionWindow, ImmSetOpenStatus
                                                                                                                                            urlmon.dllCoInternetCreateSecurityManager
                                                                                                                                            WINHTTP.dllWinHttpAddRequestHeaders, WinHttpCloseHandle, WinHttpConnect, WinHttpCrackUrl, WinHttpGetIEProxyConfigForCurrentUser, WinHttpGetProxyForUrl, WinHttpOpen, WinHttpOpenRequest, WinHttpQueryHeaders, WinHttpReadData, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpSetStatusCallback, WinHttpSetTimeouts, WinHttpWriteData
                                                                                                                                            credui.dllCredUIPromptForWindowsCredentialsW
                                                                                                                                            dhcpcsvc.DLLDhcpCApiInitialize, DhcpRequestParams
                                                                                                                                            wevtapi.dllEvtClose, EvtCreateRenderContext, EvtNext, EvtQuery, EvtRender
                                                                                                                                            WININET.dllGetUrlCacheEntryInfoExW
                                                                                                                                            ESENT.dllJetAttachDatabase2W, JetBeginSessionW, JetCloseTable, JetCreateInstanceW, JetGetTableColumnInfoW, JetInit, JetMove, JetOpenDatabaseW, JetOpenTableW, JetRetrieveColumn, JetSetSystemParameterW, JetTerm
                                                                                                                                            NameOrdinalAddress
                                                                                                                                            GetHandleVerifier10x134a0fb0
                                                                                                                                            GetMainTargetServices20x12f6c490
                                                                                                                                            IsSandboxedProcess30x12f6c4b0
                                                                                                                                            RelaunchChromeBrowserWithNewCommandLineIfNeeded40x15def6b0
                                                                                                                                            cef_add_cross_origin_whitelist_entry50x10001920
                                                                                                                                            cef_api_hash60x100034b0
                                                                                                                                            cef_base64decode70x10001ff0
                                                                                                                                            cef_base64encode80x10001f80
                                                                                                                                            cef_begin_tracing90x10002a70
                                                                                                                                            cef_binary_value_create100x100052c0
                                                                                                                                            cef_browser_host_create_browser110x10007210
                                                                                                                                            cef_browser_host_create_browser_sync120x10007590
                                                                                                                                            cef_browser_view_create130x1000b3a0
                                                                                                                                            cef_browser_view_get_for_browser140x1000b620
                                                                                                                                            cef_clear_cross_origin_whitelist150x10001b20
                                                                                                                                            cef_clear_scheme_handler_factories160x100028e0
                                                                                                                                            cef_command_line_create170x10010780
                                                                                                                                            cef_command_line_get_global180x10010810
                                                                                                                                            cef_cookie_manager_get_global_manager190x10013a30
                                                                                                                                            cef_crash_reporting_enabled200x10001380
                                                                                                                                            cef_create_context_shared210x10031220
                                                                                                                                            cef_create_directory220x10001440
                                                                                                                                            cef_create_new_temp_directory230x10001540
                                                                                                                                            cef_create_temp_directory_in_directory240x100015f0
                                                                                                                                            cef_create_url250x10001c70
                                                                                                                                            cef_currently_on260x10002910
                                                                                                                                            cef_delete_file270x10001760
                                                                                                                                            cef_dictionary_value_create280x10016e00
                                                                                                                                            cef_directory_exists290x100016e0
                                                                                                                                            cef_display_get_alls300x10018c60
                                                                                                                                            cef_display_get_count310x10018c50
                                                                                                                                            cef_display_get_matching_bounds320x10018ba0
                                                                                                                                            cef_display_get_nearest_point330x10018af0
                                                                                                                                            cef_display_get_primary340x100189b0
                                                                                                                                            cef_do_message_loop_work350x10001320
                                                                                                                                            cef_drag_data_create360x1001af90
                                                                                                                                            cef_enable_highdpi_support370x10001370
                                                                                                                                            cef_end_tracing380x10002b80
                                                                                                                                            cef_execute_java_script_with_user_gesture_for_tests390x10002de0
                                                                                                                                            cef_execute_process400x10001120
                                                                                                                                            cef_format_url_for_security_display410x10001d60
                                                                                                                                            cef_get_current_platform_thread_handle420x128ed9d0
                                                                                                                                            cef_get_current_platform_thread_id430x128ed9d0
                                                                                                                                            cef_get_extensions_for_mime_type440x10001ee0
                                                                                                                                            cef_get_mime_type450x10001e40
                                                                                                                                            cef_get_min_log_level460x128ed940
                                                                                                                                            cef_get_path470x10002640
                                                                                                                                            cef_get_temp_directory480x100014c0
                                                                                                                                            cef_get_vlog_level490x128ed950
                                                                                                                                            cef_image_create500x1001f9f0
                                                                                                                                            cef_initialize510x10001210
                                                                                                                                            cef_is_cert_status_error520x100028f0
                                                                                                                                            cef_is_rtl530x10001910
                                                                                                                                            cef_label_button_create540x10021030
                                                                                                                                            cef_launch_process550x100026c0
                                                                                                                                            cef_list_value_create560x100223c0
                                                                                                                                            cef_load_crlsets_file570x100018a0
                                                                                                                                            cef_log580x128ed960
                                                                                                                                            cef_media_router_get_global590x10024980
                                                                                                                                            cef_menu_button_create600x10025840
                                                                                                                                            cef_menu_model_create610x10026280
                                                                                                                                            cef_now_from_system_trace_time620x10002c90
                                                                                                                                            cef_panel_create630x1002a650
                                                                                                                                            cef_parse_json640x10002260
                                                                                                                                            cef_parse_json_buffer650x100023a0
                                                                                                                                            cef_parse_jsonand_return_error660x10002440
                                                                                                                                            cef_parse_url670x10001b30
                                                                                                                                            cef_post_data_create680x1002b830
                                                                                                                                            cef_post_data_element_create690x1002c090
                                                                                                                                            cef_post_delayed_task700x10002a10
                                                                                                                                            cef_post_task710x10002930
                                                                                                                                            cef_print_settings_create720x1002cf30
                                                                                                                                            cef_process_message_create730x1002def0
                                                                                                                                            cef_quit_message_loop740x10001340
                                                                                                                                            cef_register_extension750x10002ca0
                                                                                                                                            cef_register_scheme_handler_factory760x10002790
                                                                                                                                            cef_remove_cross_origin_whitelist_entry770x10001a20
                                                                                                                                            cef_request_context_create_context780x10031010
                                                                                                                                            cef_request_context_get_global_context790x10030f80
                                                                                                                                            cef_request_create800x1002ff60
                                                                                                                                            cef_resource_bundle_get_global810x10034110
                                                                                                                                            cef_response_create820x10036630
                                                                                                                                            cef_run_message_loop830x10001330
                                                                                                                                            cef_scroll_view_create840x10037cd0
                                                                                                                                            cef_server_create850x100385b0
                                                                                                                                            cef_set_crash_key_value860x10001390
                                                                                                                                            cef_set_osmodal_loop870x10001350
                                                                                                                                            cef_shutdown880x10001310
                                                                                                                                            cef_stream_reader_create_for_data890x100399c0
                                                                                                                                            cef_stream_reader_create_for_file900x10039810
                                                                                                                                            cef_stream_reader_create_for_handler910x10039a60
                                                                                                                                            cef_stream_writer_create_for_file920x10039d70
                                                                                                                                            cef_stream_writer_create_for_handler930x10039f20
                                                                                                                                            cef_string_ascii_to_utf16940x128f8a60
                                                                                                                                            cef_string_ascii_to_wide950x128f8920
                                                                                                                                            cef_string_list_alloc960x128f78e0
                                                                                                                                            cef_string_list_append970x128f7970
                                                                                                                                            cef_string_list_clear980x128f7ad0
                                                                                                                                            cef_string_list_copy990x128f7b30
                                                                                                                                            cef_string_list_free1000x128f7b10
                                                                                                                                            cef_string_list_size1010x128f7900
                                                                                                                                            cef_string_list_value1020x128f7920
                                                                                                                                            cef_string_map_alloc1030x128f7bc0
                                                                                                                                            cef_string_map_append1040x128f7d90
                                                                                                                                            cef_string_map_clear1050x128f7ec0
                                                                                                                                            cef_string_map_find1060x128f7be0
                                                                                                                                            cef_string_map_free1070x128f7ef0
                                                                                                                                            cef_string_map_key1080x128f7c90
                                                                                                                                            cef_string_map_size1090x106d5cb0
                                                                                                                                            cef_string_map_value1100x128f7d10
                                                                                                                                            cef_string_multimap_alloc1110x128f7bc0
                                                                                                                                            cef_string_multimap_append1120x128f80e0
                                                                                                                                            cef_string_multimap_clear1130x128f7ec0
                                                                                                                                            cef_string_multimap_enumerate1140x128f7fe0
                                                                                                                                            cef_string_multimap_find_count1150x128f7f70
                                                                                                                                            cef_string_multimap_free1160x128f7ef0
                                                                                                                                            cef_string_multimap_key1170x128f7c90
                                                                                                                                            cef_string_multimap_size1180x106d5cb0
                                                                                                                                            cef_string_multimap_value1190x128f7d10
                                                                                                                                            cef_string_userfree_utf16_alloc1200x128f8b40
                                                                                                                                            cef_string_userfree_utf16_free1210x128f8b60
                                                                                                                                            cef_string_userfree_utf8_alloc1220x128f8b40
                                                                                                                                            cef_string_userfree_utf8_free1230x128f8b60
                                                                                                                                            cef_string_userfree_wide_alloc1240x128f8b40
                                                                                                                                            cef_string_userfree_wide_free1250x128f8b60
                                                                                                                                            cef_string_utf16_clear1260x128f8440
                                                                                                                                            cef_string_utf16_cmp1270x128f8520
                                                                                                                                            cef_string_utf16_set1280x128f83a0
                                                                                                                                            cef_string_utf16_to_lower1290x128f8ba0
                                                                                                                                            cef_string_utf16_to_upper1300x128f8c90
                                                                                                                                            cef_string_utf16_to_utf81310x128f8890
                                                                                                                                            cef_string_utf16_to_wide1320x128f8770
                                                                                                                                            cef_string_utf8_clear1330x128f8440
                                                                                                                                            cef_string_utf8_cmp1340x128f8570
                                                                                                                                            cef_string_utf8_set1350x128f8490
                                                                                                                                            cef_string_utf8_to_utf161360x128f8800
                                                                                                                                            cef_string_utf8_to_wide1370x128f8650
                                                                                                                                            cef_string_wide_clear1380x128f8440
                                                                                                                                            cef_string_wide_cmp1390x128f8520
                                                                                                                                            cef_string_wide_set1400x128f83a0
                                                                                                                                            cef_string_wide_to_utf161410x128f86e0
                                                                                                                                            cef_string_wide_to_utf81420x128f85c0
                                                                                                                                            cef_task_runner_get_for_current_thread1430x1003a260
                                                                                                                                            cef_task_runner_get_for_thread1440x1003a2f0
                                                                                                                                            cef_textfield_create1450x1003a700
                                                                                                                                            cef_thread_create1460x1003be60
                                                                                                                                            cef_time_delta1470x1345a670
                                                                                                                                            cef_time_from_doublet1480x1345a5a0
                                                                                                                                            cef_time_from_timet1490x1345a3f0
                                                                                                                                            cef_time_now1500x1345a610
                                                                                                                                            cef_time_to_doublet1510x1345a540
                                                                                                                                            cef_time_to_timet1520x1345a390
                                                                                                                                            cef_trace_counter1530x128ed290
                                                                                                                                            cef_trace_counter_id1540x128ed3d0
                                                                                                                                            cef_trace_event_async_begin1550x128ed4c0
                                                                                                                                            cef_trace_event_async_end1560x128ed800
                                                                                                                                            cef_trace_event_async_step_into1570x128ed600
                                                                                                                                            cef_trace_event_async_step_past1580x128ed700
                                                                                                                                            cef_trace_event_begin1590x128ecf10
                                                                                                                                            cef_trace_event_end1600x128ed0d0
                                                                                                                                            cef_trace_event_instant1610x128ecc80
                                                                                                                                            cef_translator_test_create1620x1003c1f0
                                                                                                                                            cef_translator_test_ref_ptr_library_child_child_create1630x100409e0
                                                                                                                                            cef_translator_test_ref_ptr_library_child_create1640x100407e0
                                                                                                                                            cef_translator_test_ref_ptr_library_create1650x10040550
                                                                                                                                            cef_translator_test_scoped_library_child_child_create1660x10041390
                                                                                                                                            cef_translator_test_scoped_library_child_create1670x10041170
                                                                                                                                            cef_translator_test_scoped_library_create1680x10040ef0
                                                                                                                                            cef_uridecode1690x100021c0
                                                                                                                                            cef_uriencode1700x10002120
                                                                                                                                            cef_urlrequest_create1710x10041540
                                                                                                                                            cef_v8context_get_current_context1720x10042420
                                                                                                                                            cef_v8context_get_entered_context1730x100424b0
                                                                                                                                            cef_v8context_in_context1740x10042540
                                                                                                                                            cef_v8stack_trace_get_current1750x10043a40
                                                                                                                                            cef_v8value_create_array1760x10044380
                                                                                                                                            cef_v8value_create_array_buffer1770x10044410
                                                                                                                                            cef_v8value_create_bool1780x10043dd0
                                                                                                                                            cef_v8value_create_date1790x10044030
                                                                                                                                            cef_v8value_create_double1800x10043f90
                                                                                                                                            cef_v8value_create_function1810x10044540
                                                                                                                                            cef_v8value_create_int1820x10043e70
                                                                                                                                            cef_v8value_create_null1830x10043d40
                                                                                                                                            cef_v8value_create_object1840x100441c0
                                                                                                                                            cef_v8value_create_string1850x100440f0
                                                                                                                                            cef_v8value_create_uint1860x10043f00
                                                                                                                                            cef_v8value_create_undefined1870x10043cb0
                                                                                                                                            cef_value_create1880x100468c0
                                                                                                                                            cef_version_info1890x10003490
                                                                                                                                            cef_waitable_event_create1900x10047d60
                                                                                                                                            cef_window_create_top_level1910x10047fa0
                                                                                                                                            cef_write_json1920x10002550
                                                                                                                                            cef_xml_reader_create1930x1004b780
                                                                                                                                            cef_zip_directory1940x100017e0
                                                                                                                                            cef_zip_reader_create1950x1004c270

                                                                                                                                            Possible Origin

                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                            EnglishUnited States

                                                                                                                                            Network Behavior

                                                                                                                                            No network behavior found

                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Target ID:0
                                                                                                                                            Start time:15:20:26
                                                                                                                                            Start date:20/12/2023
                                                                                                                                            Path:C:\Windows\System32\loaddll32.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:loaddll32.exe "C:\Users\user\Desktop\libcef.dll"
                                                                                                                                            Imagebase:0xbe0000
                                                                                                                                            File size:126'464 bytes
                                                                                                                                            MD5 hash:51E6071F9CBA48E79F10C84515AAE618
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true
                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Section Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Process Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Thread Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Memory Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                            General

                                                                                                                                            Target ID:1
                                                                                                                                            Start time:15:20:26
                                                                                                                                            Start date:20/12/2023
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true
                                                                                                                                            Show Windows behavior

                                                                                                                                            File Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Section Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Mutex Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Thread Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Memory Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Windows UI Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                            General

                                                                                                                                            Target ID:2
                                                                                                                                            Start time:15:20:26
                                                                                                                                            Start date:20/12/2023
                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\libcef.dll",#1
                                                                                                                                            Imagebase:0x240000
                                                                                                                                            File size:236'544 bytes
                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true
                                                                                                                                            Show Windows behavior

                                                                                                                                            File Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Section Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Process Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Memory Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                            General

                                                                                                                                            Target ID:3
                                                                                                                                            Start time:15:20:26
                                                                                                                                            Start date:20/12/2023
                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:rundll32.exe C:\Users\user\Desktop\libcef.dll,GetHandleVerifier
                                                                                                                                            Imagebase:0x8a0000
                                                                                                                                            File size:61'440 bytes
                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true
                                                                                                                                            Show Windows behavior

                                                                                                                                            File Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Section Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Process Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Thread Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Memory Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            System Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Windows UI Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                            General

                                                                                                                                            Target ID:4
                                                                                                                                            Start time:15:20:26
                                                                                                                                            Start date:20/12/2023
                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\libcef.dll",#1
                                                                                                                                            Imagebase:0x8a0000
                                                                                                                                            File size:61'440 bytes
                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true
                                                                                                                                            Show Windows behavior

                                                                                                                                            File Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Section Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Process Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Thread Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Memory Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            System Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Windows UI Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                            General

                                                                                                                                            Target ID:5
                                                                                                                                            Start time:15:20:29
                                                                                                                                            Start date:20/12/2023
                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:rundll32.exe C:\Users\user\Desktop\libcef.dll,GetMainTargetServices
                                                                                                                                            Imagebase:0x8a0000
                                                                                                                                            File size:61'440 bytes
                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true
                                                                                                                                            Show Windows behavior

                                                                                                                                            File Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Section Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Process Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Thread Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Memory Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            System Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Windows UI Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                            General

                                                                                                                                            Target ID:6
                                                                                                                                            Start time:15:20:32
                                                                                                                                            Start date:20/12/2023
                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:rundll32.exe C:\Users\user\Desktop\libcef.dll,IsSandboxedProcess
                                                                                                                                            Imagebase:0x8a0000
                                                                                                                                            File size:61'440 bytes
                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true
                                                                                                                                            Show Windows behavior

                                                                                                                                            File Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Section Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Process Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Thread Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            Memory Activities

                                                                                                                                            Show Windows behavior

                                                                                                                                            System Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                            Show Windows behavior

                                                                                                                                            Windows UI Activities

                                                                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                            Disassembly

                                                                                                                                            No disassembly