41e0000.dll

Status: finished

Submission Time: 2022-01-20 12:44:40 +01:00

Malicious

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
556767
API (Web) ID:
924289
Analysis Started:

2022-01-20 12:51:09 +01:00
Analysis Finished:

2022-01-20 13:03:51 +01:00
MD5:
da4fab67f5cdf49208bb9065d7b7d1e7
SHA1:
d7a399ace98716325d336e10b71049ed2bb7cc97
SHA256:
73118c724e0d6cb9ce3072d66f2d20fb7e89189699faf60315395ad89b0a1a4d
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 11/94

malicious

Score: 20/43

malicious

IPs

IP	Country	Detection
198.54.117.217	United States
198.54.117.218	United States
198.54.117.210	United States
Click to see the 5 hidden entries
198.54.117.211	United States
192.64.119.233	United States
162.255.119.177	United States
198.54.117.215	United States
198.54.117.216	United States

Domains

Name	IP	Detection
nnnnnn.bar	162.255.119.177
nnnnnn.casa	192.64.119.233
museumistat.bar	0.0.0.0
Click to see the 3 hidden entries
www.nnnnnn.casa	0.0.0.0
www.nnnnnn.bar	0.0.0.0
parkingpage.namecheap.com	198.54.117.216

URLs

Name	Detection
http://museumistat.bar/icies
http://museumistat.bar/
http://museumistat.bar/drew/tizLy41OuYHIsTgBNj/0Uu4NPNlH/3sO8ziJptuwkpagoG2Xn/2Wzxx3rAW_2F6s4Zntp/4O
Click to see the 62 hidden entries
http://nnnnnn.bar/drew/6ktn4xRUX5JQALxIWi_2FJ/ICUDlvTaNKSMK/d1ei2DU0/YfFfMIO56w8ZRW_2Fc4zkGn/yDjRWn9
http://www.nnnnnn.casa/drew/eLhw7nu1K6FTq/stO2JZ1h/n1J6MMYac0r5XgMvFx5tBMd/79pB3BpRVf/FsRkAxNC5o0VI8
http://www.nnnnnn.casa/drew/ryTDvI_2B04X_/2F0aCkH0/_2BDKJR7A0jigzDfk2oUtkS/TzWw2n73nE/Dg4sUCgqU_2FAr5Pj/SDWuXQsskkRv/UNsc0mp28hP/x_2B_2FFq_2BHQ/F27_2FxKayrB3Cjy97Qhx/v8nlOT4QFPkzm4Ie/eAXoVlzzaxz8tgI/QR3P1Uk2I7ZbwimQXR/OfOcdTcUh/zjDQ5XVxR1cI0bdt8PDF/mZjcYY9L2vv_2BELjHj/Y7ijGd_2F3psmxh_2FsXvv/mj29lZ4n/h.jlk
http://www.nnnnnn.bar/drew/BVo0JfnyET/LCuKNvyhPvtrfvUnc/mObdgwXcgrZe/zSKG23eDqpN/HkpkBNiTxuWbBP/jak_2BPpM4WA8X4iaERBU/M_2BNnZd3vNVKd3D/snYYJ6wnfiJDJcL/92irgYdy9jdt7bObTQ/XthL2dpz7/ChmMUV7DDxy9eem0RAqA/QIh0WdqUZEhxu0X9j_2/F2lcfFWCQ7qV66laejvuEP/BvotBkMbOhSl5/Azm9mu3j/3M1GGyFrveB8gl1/M.jlk
http://nnnnnn.casa
http://nnnnnn.bar/drew/2dHt0g0ZqxBpcdpMURTYE/SQxrvbTaCVQCWrs7/t263S3GMZiTKRdq/jvCj142v8i06uAQqd2/qg8
http://www.nnnnnn.casa/drew/ryTDvI_2B04X_/2F0aCkH0/_2BDKJR7A0jigzDfk2oUtkS/TzWw2n73nE/Dg4sUCgqU_2FAr
http://nnnnnn.casa/drew/0j7ZvX6Yf_2Ff4PZOIhk8/4LwtJMzbxxuFilPr/sSF9SqjkHo3YN93/N6KmwTforklWI7En4U/8d
http://www.nnnnnn.bar/drew/b2eob5aE7jJqRFK/rA9TqIOSBzTkqwZ1zv/iNhLsTUKi/a_2FZiiuvYhXdLNrvbCh/8PEJcafughemPo02ekn/fOGpqXigagMOIeoi2whU2K/VcKgvpNbHoVGC/D5UC9izH/aHNIhYwGohjos0FQ6xviFWf/oAZv_2Bi_2/FQiT5Hhg78q185o5l/RS9K9tlnC9cl/irJKo_2Bc3F/Cv7H0DN6I4ItJ9/fG_2BK5HpVFIp2pJnaZ2D/aV8ATJwwcAP/_2Bs.jlk
http://nnnnnn.bar/drew/aOCcLYeYaTiAEXOHR/rDcm23Ra7HRA/Ll0tIfgTYdg/Ovc937_2BZJhqR/_2B9nyoyx5GXZFgCkf0
http://www.nnnnnn.casa/
http://nnnnnn.casa/drew/dRBCohQjpH2R4ZrxcN/VH3wq9yT2/VmLml8GJ5aPaDzoCDj8x/EmzpTBuP5mftF8uNtQM/TnqYzS
http://www.nnnnnn.casa/drew/aO1m2qbhzR/PyScSysfUMu7pQ56N/VjOvZCjAa_2F/1mYmXVIR1Zt/ZytsC9Ykmf_2Fu/iu9BdbHsH649dhw5xv4AE/uvJRR2pHSfmCL3mX/qVeQLGXMe6qLR0u/Wt56BLAa0ngbKPNWJl/aK0_2FM_2/B_2FgePTZg5J6aAm67BS/UxRCj8tcca1XehAjtUd/YhkFvH3YtE1Pt1_2BwmyD7/71NTX8ZhkOA2A/ekCIE_2B/Axlx1Zu2c2Fm5fnQIZEKkDy/m.jlk
http://nnnnnn.bar/drew/b2eob5aE7jJqRFK/rA9TqIOSBzTkqwZ1zv/iNhLsTUKi/a_2FZiiuvYhXdLNrvbCh/8PEJcafughemPo02ekn/fOGpqXigagMOIeoi2whU2K/VcKgvpNbHoVGC/D5UC9izH/aHNIhYwGohjos0FQ6xviFWf/oAZv_2Bi_2/FQiT5Hhg78q185o5l/RS9K9tlnC9cl/irJKo_2Bc3F/Cv7H0DN6I4ItJ9/fG_2BK5HpVFIp2pJnaZ2D/aV8ATJwwcAP/_2Bs.jlk
http://www.nnnnnn.bar/g
http://www.nnnnnn.bar/f
http://www.nnnnnn.bar/wl
http://www.nnnnnn.bar/drew/zBWev8_2BKC0Kv4cFyjxa4K/cXf7Mx9Yu7/tb380Z5Te_2FUr5sc/S5LVwKU9d2Ii/UAurGXKRWnS/sNuzGwvgFbGuiX/cYwNdjWOtQd_2Fg50Gq6_/2FjOiJCVbSj9xwyh/G_2BXTVzOZQxb5p/q_2BNRYwk1baG5TnLz/jbdiar_2B/vITHroP6B_2F_2BAIZUm/KtOtUG2G23eAdJDsUmd/Q0nO6sNJelOrTMnHEyXMkV/0ho4YTGcPihXz/P5SVPgNqDh/MwH.jlk
http://www.nnnnnn.bar/drew/zBWev8_2BKC0Kv4cFyjxa4K/cXf7Mx9Yu7/tb380Z5Te_2FUr5sc/S5LVwKU9d2Ii/UAurGXK
http://nnnnnn.casa/drew/gKT0MlKWG38_2/BMau4Oul/cEXy48BAqFiRWaKy3Hmuv38/3RbGiyCyh2/l1GuJ4tJh6rYVcx3P/CJUEexxeLegN/asUAVrcr8Os/6Heu8XQ9NwKS3r/RsXyOEKXh6_2Fk8FF_2Be/55GNIEO4rqxc9s7n/ukqCx_2FTaQH3qL/wkmTl5GH5xOHOuPfEe/BWDc8XF7Q/Aj_2BpbOenr9CVTaE_2B/XdQQRARWLLAVNpj0F5Y/DhKfHWf2CN42/6CU_2FsM/oq0.jlk
http://nnnnnn.bar/drew/6ktn4xRUX5JQALxIWi_2FJ/ICUDlvTaNKSMK/d1ei2DU0/YfFfMIO56w8ZRW_2Fc4zkGn/yDjRWn9P_2/BB0g0D98WIpaFL2hK/UQH6jhZN2tpm/ORHiRY8gQ2t/UYqiaMMUPs7I05/R0awjzx8aAAERc7YB4ys0/Q5QjXt_2F1mCoLne/245MRunYvrY5c2x/MdnxTtnmOaN2uVZew3/1GHuZOvuL/Rb_2Bfqw7L_2BYB_2FWD/UIZ_2FNd7aPjE9V_2B_/2BC4BHu.jlk
http://nnnnnn.casa/drew/aO1m2qbhzR/PyScSysfUMu7pQ56N/VjOvZCjAa_2F/1mYmXVIR1Zt/ZytsC9Ykmf_2Fu/iu9BdbHsH649dhw5xv4AE/uvJRR2pHSfmCL3mX/qVeQLGXMe6qLR0u/Wt56BLAa0ngbKPNWJl/aK0_2FM_2/B_2FgePTZg5J6aAm67BS/UxRCj8tcca1XehAjtUd/YhkFvH3YtE1Pt1_2BwmyD7/71NTX8ZhkOA2A/ekCIE_2B/Axlx1Zu2c2Fm5fnQIZEKkDy/m.jlk
http://nnnnnn.casa/drew/gKT0MlKWG38_2/BMau4Oul/cEXy48BAqFiRWaKy3Hmuv38/3RbGiyCyh2/l1GuJ4tJh6rYVcx3P/
http://nnnnnn.casa/drew/ryTDvI_2B04X_/2F0aCkH0/_2BDKJR7A0jigzDfk2oUtkS/TzWw2n73nE/Dg4sUCgqU_2FAr5Pj/
http://nnnnnn.bar/drew/BVo0JfnyET/LCuKNvyhPvtrfvUnc/mObdgwXcgrZe/zSKG23eDqpN/HkpkBNiTxuWbBP/jak_2BPp
http://nnnnnn.bar/drew/aOCcLYeYaTiAEXOHR/rDcm23Ra7HRA/Ll0tIfgTYdg/Ovc937_2BZJhqR/_2B9nyoyx5GXZFgCkf0O8/4fSjQKFRypPXeHUM/2VwdsjoRmoerb1g/N6r4i0t9F_2FA66_2F/CrVcoXDX5/D2kSFR1VHNVLT3GtdrVC/2IzirCs34EDnFYvNPWY/fYM6gayTm5L9yWZL2Vx5Nc/R0anH3ZYvesfP/30v94E34/TL40v70SibYCobhKHsZEJ7c/OLRlO.jlk
http://nnnnnn.bar/drew/zBWev8_2BKC0Kv4cFyjxa4K/cXf7Mx9Yu7/tb380Z5Te_2FUr5sc/S5LVwKU9d2Ii/UAurGXKRWnS/sNuzGwvgFbGuiX/cYwNdjWOtQd_2Fg50Gq6_/2FjOiJCVbSj9xwyh/G_2BXTVzOZQxb5p/q_2BNRYwk1baG5TnLz/jbdiar_2B/vITHroP6B_2F_2BAIZUm/KtOtUG2G23eAdJDsUmd/Q0nO6sNJelOrTMnHEyXMkV/0ho4YTGcPihXz/P5SVPgNqDh/MwH.jlk
http://museumistat.bar/drew/XMU8iofODBy1lrN0vdkRj/PLODd_2Bhig1hkqI/Wigiwyx9ltM_2Fd/r36Wr8ytAbQS3wDa6
http://www.nnnnnn.casa/drew/gKT0MlKWG38_2/BMau4Oul/cEXy48BAqFiRWaKy3Hmuv38/3RbGiyCyh2/l1GuJ4tJh6rYVcx3P/CJUEexxeLegN/asUAVrcr8Os/6Heu8XQ9NwKS3r/RsXyOEKXh6_2Fk8FF_2Be/55GNIEO4rqxc9s7n/ukqCx_2FTaQH3qL/wkmTl5GH5xOHOuPfEe/BWDc8XF7Q/Aj_2BpbOenr9CVTaE_2B/XdQQRARWLLAVNpj0F5Y/DhKfHWf2CN42/6CU_2FsM/oq0.jlk
http://www.nnnnnn.bar/
http://nnnnnn.casa/dre
http://nnnnnn.casa/drew/MeZUUlMrrzCrTTo/WRQsq4b7fIDR_2F2ui/K6Zod5HZQ/pReKsZQJuAIiqXNhcotr/27SAvb0lLGD4m4MtFqv/lionnkJutjVCo9Od2amHc6/vcomrgcHuTiyu/619f5X9g/OqezXl3127vZEQSYuxkxeXa/jXToImScJb/S5cz6j_2Fse9g4BcM/g7zL04pozIiS/_2B_2FN5VMo/ZAlJdIbg2SlHI1/d8no93Q9ma7mUN4PubD3o/tloZKX2Kmj/q.jlk
http://www.nnnnnn.bar/drew/2dHt0g0ZqxBpcdpMURTYE/SQxrvbTaCVQCWrs7/t263S3GMZiTKRdq/jvCj142v8i06uAQqd2/qg8dX3i_2/BKHu1GhglPcxgFFzOwll/mE2uKWB4mhjJIhyxTbk/_2F4mS5i039Fc7Qu_2Bekr/iQMweYWStlPtj/o4jxWrxk/qxdFPQJxNpwFwYEvbalIklB/QVqGaFPam2/C2rQw2gzAO6yhP_2F/dkOEushjYAis/iro3PbyNh/HGAz2Q_2F/i0Bn.jlk
http://nnnnnn.bar/drew/zBWev8_2BKC0Kv4cFyjxa4K/cXf7Mx9Yu7/tb380Z5Te_2FUr5sc/S5LVwKU9d2Ii/UAurGXKRWnS
http://nnnnnn.casa/drew/eLhw7nu1K6FTq/stO2JZ1h/n1J6MMYac0r5XgMvFx5tBMd/79pB3BpRVf/FsRkAxNC5o0VI8z66/
http://museumistat.bar/drew/4iG_2BGMJbK_2Fz5Q7E/OfnzhNXmjy08XAO4hBOEsU/_2FWo4bkEDMbg/aulR18j2/5zekh_
http://nnnnnn.bar/drew/2dHt0g0ZqxBpcdpMURTYE/SQxrvbTaCVQCWrs7/t263S3GMZiTKRdq/jvCj142v8i06uAQqd2/qg8dX3i_2/BKHu1GhglPcxgFFzOwll/mE2uKWB4mhjJIhyxTbk/_2F4mS5i039Fc7Qu_2Bekr/iQMweYWStlPtj/o4jxWrxk/qxdFPQJxNpwFwYEvbalIklB/QVqGaFPam2/C2rQw2gzAO6yhP_2F/dkOEushjYAis/iro3PbyNh/HGAz2Q_2F/i0Bn.jlk
http://nnnnnn.bar/drew/BVo0JfnyET/LCuKNvyhPvtrfvUnc/mObdgwXcgrZe/zSKG23eDqpN/HkpkBNiTxuWbBP/jak_2BPpM4WA8X4iaERBU/M_2BNnZd3vNVKd3D/snYYJ6wnfiJDJcL/92irgYdy9jdt7bObTQ/XthL2dpz7/ChmMUV7DDxy9eem0RAqA/QIh0WdqUZEhxu0X9j_2/F2lcfFWCQ7qV66laejvuEP/BvotBkMbOhSl5/Azm9mu3j/3M1GGyFrveB8gl1/M.jlk
http://www.nnnnnn.casa/drew/MeZUUlMrrzCrTTo/WRQsq4b7fIDR_2F2ui/K6Zod5HZQ/pReKsZQJuAIiqXNhcotr/27SAvb0lLGD4m4MtFqv/lionnkJutjVCo9Od2amHc6/vcomrgcHuTiyu/619f5X9g/OqezXl3127vZEQSYuxkxeXa/jXToImScJb/S5cz6j_2Fse9g4BcM/g7zL04pozIiS/_2B_2FN5VMo/ZAlJdIbg2SlHI1/d8no93Q9ma7mUN4PubD3o/tloZKX2Kmj/q.jlk
http://nnnnnn.casa/drew/ryTDvI_2B04X_/2F0aCkH0/_2BDKJR7A0jigzDfk2oUtkS/TzWw2n73nE/Dg4sUCgqU_2FAr5Pj/SDWuXQsskkRv/UNsc0mp28hP/x_2B_2FFq_2BHQ/F27_2FxKayrB3Cjy97Qhx/v8nlOT4QFPkzm4Ie/eAXoVlzzaxz8tgI/QR3P1Uk2I7ZbwimQXR/OfOcdTcUh/zjDQ5XVxR1cI0bdt8PDF/mZjcYY9L2vv_2BELjHj/Y7ijGd_2F3psmxh_2FsXvv/mj29lZ4n/h.jlk
http://nnnnnn.bar
http://museumistat.bar
http://www.nnnnnn.bar/drew/aOCcLYeYaTiAEXOHR/rDcm23Ra7HRA/Ll0tIfgTYdg/Ovc937_2BZJhqR/_2B9nyoyx5GXZFgCkf0O8/4fSjQKFRypPXeHUM/2VwdsjoRmoerb1g/N6r4i0t9F_2FA66_2F/CrVcoXDX5/D2kSFR1VHNVLT3GtdrVC/2IzirCs34EDnFYvNPWY/fYM6gayTm5L9yWZL2Vx5Nc/R0anH3ZYvesfP/30v94E34/TL40v70SibYCobhKHsZEJ7c/OLRlO.jlk
http://www.nnnnnn.bar/drew/6ktn4xRUX5JQALxIWi_2FJ/ICUDlvTaNKSMK/d1ei2DU0/YfFfMIO56w8ZRW_2Fc4zkGn/yDjRWn9P_2/BB0g0D98WIpaFL2hK/UQH6jhZN2tpm/ORHiRY8gQ2t/UYqiaMMUPs7I05/R0awjzx8aAAERc7YB4ys0/Q5QjXt_2F1mCoLne/245MRunYvrY5c2x/MdnxTtnmOaN2uVZew3/1GHuZOvuL/Rb_2Bfqw7L_2BYB_2FWD/UIZ_2FNd7aPjE9V_2B_/2BC4BHu.jlk
http://www.nnnnnn.bar/drew/2dHt0g0ZqxBpcdpMURTYE/SQxrvbTaCVQCWrs7/t263S3GMZiTKRdq/jvCj142v8i06uAQqd2
http://nnnnnn.bar/drew/2dHt0g0ZxBpcdpMURTYE/SQxrvbTaCVQCWrs7/t63S3GMZiTKRdq/jvCj1
http://www.nnnnnn.casa/nnnnnn.casa5
http://nnnnnn.casa/drew/0j7ZvX6Yf_2Ff4PZOIhk8/4LwtJMzbxxuFilPr/sSF9SqjkHo3YN93/N6KmwTforklWI7En4U/8dXb3jJiK/zds9L6K3nZZ7oSB_2FRe/J_2F81pI4nTjSy_2FLT/d8Gf2VlN_2BGJ3KTHQhxNU/PK1lsXUZsV6B7/COUqQ3wX/120xfpxJZhcCTcDgyQOQ47a/2BRczUrfQU/ppPj1HI3Q0OhFDCjv/4_2Br67LS5pR/l5aWeKuI6uG/ni53ezQ1izt/Yu.jlk
http://museumistat.bar/drew/ammuwrNq_/2BqepYvRFV9AqHabqa_2/F1YKJqeJLi3jEjiQLE2/U5afXyZSkYxg9zlQghLCU
http://nnnnnn.bar/drew/b2eob5aE7jJqRFK/rA9TqIOSBzTkqwZ1zv/iNhLsTUKi/a_2FZiiuvYhXdLNrvbCh/8PEJcafughe
http://www.nnnnnn.casa/drew/0j7ZvX6Yf_2Ff4PZOIhk8/4LwtJMzbxxuFilPr/sSF9SqjkHo3YN93/N6KmwTforklWI7En4U/8dXb3jJiK/zds9L6K3nZZ7oSB_2FRe/J_2F81pI4nTjSy_2FLT/d8Gf2VlN_2BGJ3KTHQhxNU/PK1lsXUZsV6B7/COUqQ3wX/120xfpxJZhcCTcDgyQOQ47a/2BRczUrfQU/ppPj1HI3Q0OhFDCjv/4_2Br67LS5pR/l5aWeKuI6uG/ni53ezQ1izt/Yu.jlk
http://www.nnnnnn.casa/drew/dRBCohQjpH2R4ZrxcN/VH3wq9yT2/VmLml8GJ5aPaDzoCDj8x/EmzpTBuP5mftF8uNtQM/TnqYzSdCW3EjFkfnBVLNrh/u6iSfeXnIxEc4/iOpnKu8_/2B6ER0J96Uzbim1bUMtmrJq/DMYICZNGt5/BH1k0iCPsGbgr2jmq/LZISYUDUDQ3s/sBmfD_2B_2F/KeRIfCDg82xxJ1/5QkNXVsBvP5NPb2r4nyOG/rCLwK7C8JPaslI4x/C4pqB4g_2/B.jlk
http://nnnnnn.casa/drew/dRBCohQjpH2R4ZrxcN/VH3wq9yT2/VmLml8GJ5aPaDzoCDj8x/EmzpTBuP5mftF8uNtQM/TnqYzSdCW3EjFkfnBVLNrh/u6iSfeXnIxEc4/iOpnKu8_/2B6ER0J96Uzbim1bUMtmrJq/DMYICZNGt5/BH1k0iCPsGbgr2jmq/LZISYUDUDQ3s/sBmfD_2B_2F/KeRIfCDg82xxJ1/5QkNXVsBvP5NPb2r4nyOG/rCLwK7C8JPaslI4x/C4pqB4g_2/B.jlk
http://www.google.com/
http://www.nnnnnn.casaw/eLhw7nu1K6FTq/stO2JZ1h/n1J6MMYac0r5XgMvFx5tBMd/79pB3BpRVf/FsRkAxNC5o0VI8z66/
http://www.nytimes.com/
http://www.reddit.com/
http://www.amazon.com/
http://www.live.com/
http://www.wikipedia.com/
http://www.youtube.com/
http://www.twitter.com/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
Click to see the 69 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\errorPageStrings[3]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\errorPageStrings[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\dnserror[2]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DF0DFA2E9BDD010B64.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\httpErrorPagesScripts[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\down[2]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\NewErrorPageTemplate[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DF9357A3070BEC43BD.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFF9AFC0207BE9256F.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFF8FC7C7342251397.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFF636516E7CE20BDB.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFF5EADCEC42896510.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFE193DBC687A04650.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFD008A2FC4BAFFBB5.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFC42CCAFCE743BEA7.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFBFD7520757EE7FA8.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DF58FBD8594A2EF4B8.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF516DF10BC96611FB.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF4FE5A93EA29006C1.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF48BD7061296EE036.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF46B8E1B94B04B19A.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF39FCB87D136FE619.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF315CA12AF44BEC6B.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF0FA6B24B5E37207F.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1187F3F8-7A33-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FCCA6075-7A32-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FCCA6073-7A32-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FCCA6071-7A32-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DF65E4B8-7A32-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2030A8D5-7A33-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{18677AFC-7A33-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{18677AFA-7A33-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{18677AF8-7A33-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D9E988C-7A33-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D9E988A-7A33-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0789B96E-7A33-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FCCA606F-7A32-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DF65E4B6-7A32-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2030A8D3-7A33-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{18677AF6-7A33-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1187F3F6-7A33-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\httpErrorPagesScripts[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\down[2]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\dnserror[2]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0789B96C-7A33-11EC-90E5-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#

41e0000.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

41e0000.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

41e0000.dll