IOC Report
5CUFfVMSaQ.dll

loading gif

Files

File Path
Type
Category
Malicious
5CUFfVMSaQ.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\edb.log
MPEG-4 LOAS
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x555eccf5, page size 16384, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
ASCII text, with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\regsvr32.exe
regsvr32.exe /s C:\Users\user\Desktop\5CUFfVMSaQ.dll
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\5CUFfVMSaQ.dll",#1
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\5CUFfVMSaQ.dll,ABeFtrnwmgAedx
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\5CUFfVMSaQ.dll,AEjATaIExpQg
 malicious
C:\Windows\System32\regsvr32.exe
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\ZJPGATOTIe\uLEHsZT.dll"
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\5CUFfVMSaQ.dll,AbfBlUFQKbpevAFdaCpElBdscB
 malicious
C:\Windows\System32\regsvr32.exe
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\NCybOKcMqaEIN\jnEWIdoCfnPf.dll"
 malicious
C:\Windows\System32\loaddll64.exe
loaddll64.exe "C:\Users\user\Desktop\5CUFfVMSaQ.dll"
C:\Windows\System32\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\5CUFfVMSaQ.dll",#1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
There are 4 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://188.165.79.151/
188.165.79.151
 malicious
https://188.165.79.151/6S#
unknown
http://crl.v
unknown
https://188.165.79.151/~r
unknown
https://www.disneyplus.com/legal/your-california-privacy-rights
unknown
http://crl.ver)
unknown
https://www.disneyplus.com/legal/privacy-policy
unknown
https://www.tiktok.com/legal/report/feedback
unknown
https://188.165.79.151/oA~
unknown
http://help.disneyplus.com.
unknown
https://support.hotspotshield.com/
unknown
https://www.hotspotshield.com/terms/
unknown
https://www.pango.co/privacy
unknown
https://disneyplus.com/legal.
unknown
There are 4 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
157.230.99.206
unknown
United States
malicious
188.165.79.151
unknown
France
malicious
196.44.98.190
unknown
Ghana
malicious
43.129.209.178
unknown
Japan
malicious
36.67.23.59
unknown
Indonesia
malicious
103.41.204.169
unknown
Indonesia
malicious
5.253.30.17
unknown
Latvia
malicious
85.214.67.203
unknown
Germany
malicious
83.229.80.93
unknown
United Kingdom
malicious
198.199.70.22
unknown
United States
malicious
93.104.209.107
unknown
Germany
malicious
188.225.32.231
unknown
Russian Federation
malicious
175.126.176.79
unknown
Korea Republic of
malicious
128.199.242.164
unknown
United Kingdom
malicious
104.248.225.227
unknown
United States
malicious
46.101.98.60
unknown
Netherlands
malicious
190.145.8.4
unknown
Colombia
malicious
103.71.99.57
unknown
India
malicious
87.106.97.83
unknown
Germany
malicious
103.254.12.236
unknown
Viet Nam
malicious
103.85.95.4
unknown
Indonesia
malicious
202.134.4.210
unknown
Indonesia
malicious
88.217.172.165
unknown
Germany
malicious
165.22.254.236
unknown
United States
malicious
78.47.204.80
unknown
Germany
malicious
118.98.72.86
unknown
Indonesia
malicious
139.59.80.108
unknown
Singapore
malicious
37.44.244.177
unknown
Germany
malicious
104.244.79.94
unknown
United States
malicious
157.245.111.0
unknown
United States
malicious
54.37.106.167
unknown
France
malicious
202.29.239.162
unknown
Thailand
malicious
103.56.149.105
unknown
Indonesia
malicious
85.25.120.45
unknown
Germany
malicious
37.187.114.15
unknown
France
malicious
46.101.234.246
unknown
Netherlands
malicious
139.196.72.155
unknown
China
malicious
165.232.185.110
unknown
United States
malicious
103.126.216.86
unknown
Bangladesh
malicious
128.199.217.206
unknown
United Kingdom
malicious
116.124.128.206
unknown
Korea Republic of
malicious
103.224.241.74
unknown
India
malicious
210.57.209.142
unknown
Indonesia
malicious
190.107.19.179
unknown
Colombia
malicious
202.28.34.99
unknown
Thailand
malicious
54.37.228.122
unknown
France
malicious
195.77.239.39
unknown
Spain
malicious
178.62.112.199
unknown
European Union
malicious
62.171.178.147
unknown
United Kingdom
malicious
64.227.55.231
unknown
United States
malicious
121.247.2.0
unknown
India
malicious
120.247.2.0
unknown
China
malicious
4.4.0.0
unknown
United States
malicious
8.4.0.0
unknown
United States
malicious
232.3.0.0
unknown
Reserved
malicious
139.247.2.0
unknown
United States
malicious
133.247.2.0
unknown
Japan
malicious
224.146.244.0
unknown
Reserved
malicious
160.156.244.0
unknown
Tunisia
malicious
108.194.0.0
unknown
United States
malicious
160.153.244.0
unknown
United States
malicious
145.247.2.0
unknown
Finland
malicious
40.4.0.0
unknown
United States
malicious
20.4.0.0
unknown
United States
malicious
143.247.2.0
unknown
United States
malicious
160.154.244.0
unknown
Cote D'ivoire
malicious
141.247.2.0
unknown
United States
malicious
36.4.0.0
unknown
China
malicious
4.1.0.0
unknown
United States
malicious
160.147.244.0
unknown
United States
malicious
224.150.244.0
unknown
Reserved
malicious
236.3.0.0
unknown
Reserved
malicious
24.4.0.0
unknown
United States
malicious
21.115.0.0
unknown
United States
malicious
153.247.2.0
unknown
Japan
malicious
192.168.2.1
unknown
unknown
127.0.0.1
unknown
unknown
There are 67 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\System32\ci.dll,-100
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\System32\ci.dll,-101
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\System32\wuaueng.dll,-400
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\system32\NgcRecovery.dll,-100

Memdumps

Base Address
Regiontype
Protect
Malicious
2681000
direct allocation
page execute read
 malicious
EE8000
heap
page read and write
 malicious
26BAB700000
direct allocation
page execute and read and write
 malicious
180001000
unkown
page execute read
 malicious
1ED72500000
direct allocation
page execute and read and write
 malicious
1766C2B0000
direct allocation
page execute and read and write
 malicious
1ED72641000
direct allocation
page execute read
 malicious
180001000
unkown
page execute read
 malicious
26BAB731000
direct allocation
page execute read
 malicious
E81000
direct allocation
page execute read
 malicious
E50000
direct allocation
page execute and read and write
 malicious
1766C3F1000
direct allocation
page execute read
 malicious
2650000
direct allocation
page execute and read and write
 malicious
F4489F9000
stack
page read and write
1414D631000
heap
page read and write
1414D865000
heap
page read and write
2EAE000
stack
page read and write
1ED72640000
direct allocation
page read and write
251F5680000
heap
page read and write
26BAB440000
heap
page read and write
1ABC4F02000
heap
page read and write
1ABC4E24000
heap
page read and write
2DE6ABD5000
heap
page read and write
1203F64E000
heap
page read and write
1203F622000
heap
page read and write
1414D629000
heap
page read and write
2640000
direct allocation
page execute and read and write
1FB92610000
heap
page read and write
1414D61B000
heap
page read and write
F4E000
heap
page read and write
1414D860000
heap
page read and write
251F563C000
heap
page read and write
26A7000
direct allocation
page readonly
26BAB537000
heap
page read and write
E9B27B000
stack
page read and write
26BAB830000
heap
page read and write
251F565D000
heap
page read and write
F33000
heap
page read and write
26BAB4B0000
heap
page read and write
18007C000
unkown
page readonly
2FAE000
stack
page read and write
2DE6AA50000
heap
page read and write
1ED72549000
heap
page read and write
26B0000
heap
page readonly
251F5700000
heap
page read and write
1203F600000
heap
page read and write
1203F5F0000
trusted library allocation
page read and write
26BAB4D0000
heap
page read and write
2FC0000
heap
page read and write
39D247E000
stack
page read and write
DD8000
heap
page read and write
1ED72667000
direct allocation
page readonly
1766C4A5000
heap
page read and write
1ED727C0000
heap
page read and write
26A8000
direct allocation
page read and write
251F5708000
heap
page read and write
1203F613000
heap
page read and write
1FB9283C000
heap
page read and write
1203F64B000
heap
page read and write
F4488F9000
stack
page read and write
DB5000
heap
page read and write
1203F62A000
heap
page read and write
F448A7F000
stack
page read and write
1766C4A0000
heap
page read and write
2C7C000
stack
page read and write
1ABC4E4B000
heap
page read and write
2DE6B9C0000
trusted library allocation
page read and write
1203F700000
heap
page read and write
1FB92670000
heap
page read and write
327152B000
stack
page read and write
1414D631000
heap
page read and write
157F27C000
stack
page read and write
39D1E7C000
stack
page read and write
14150F60000
heap
page read and write
2DE6B6F0000
trusted library allocation
page read and write
1ABC4E4E000
heap
page read and write
1203F713000
heap
page read and write
1ED724A0000
heap
page read and write
1ABC4E74000
heap
page read and write
26BB2F42000
heap
page read and write
26BAB520000
direct allocation
page execute and read and write
1203F550000
heap
page read and write
1ABC4E49000
heap
page read and write
ED0000
trusted library allocation
page read and write
251F568E000
heap
page read and write
2DE6B760000
trusted library allocation
page read and write
1ED79ED8000
heap
page read and write
1414D3B0000
heap
page read and write
1ABC4E3C000
heap
page read and write
1203F5C0000
heap
page read and write
ACA000
stack
page read and write
1ABC4F13000
heap
page read and write
1ABC4F00000
heap
page read and write
1203F702000
heap
page read and write
26BAB530000
heap
page read and write
F70000
heap
page read and write
1ABC4E81000
heap
page read and write
1FB92913000
heap
page read and write
5E38DCB000
stack
page read and write
1ABC4BC0000
heap
page read and write
E00000
heap
page read and write
1ABC4E13000
heap
page read and write
26BAB757000
direct allocation
page readonly
2D2C000
stack
page read and write
26BAB759000
direct allocation
page readonly
5E3907E000
stack
page read and write
F4D000
heap
page read and write
1ED72669000
direct allocation
page readonly
10E0000
trusted library allocation
page read and write
F44887A000
stack
page read and write
BE991FB000
stack
page read and write
1ABC4C30000
heap
page read and write
8851000
heap
page read and write
18007C000
unkown
page readonly
1ED74150000
heap
page read and write
2DE6B9A0000
trusted library allocation
page read and write
2DE6ABD9000
heap
page read and write
10E0000
trusted library allocation
page read and write
251F5629000
heap
page read and write
2740000
trusted library allocation
page read and write
4C48FD000
stack
page read and write
F84000
heap
page read and write
1203F688000
heap
page read and write
2F30000
remote allocation
page read and write
12040002000
trusted library allocation
page read and write
E9B57F000
stack
page read and write
1414D62D000
heap
page read and write
1766C2A0000
direct allocation
page execute and read and write
2DE6B6E0000
trusted library allocation
page read and write
1766DCF0000
heap
page read and write
1203F650000
heap
page read and write
1414D632000
heap
page read and write
1414D510000
heap
page read and write
18005E000
unkown
page readonly
2680000
direct allocation
page read and write
1145000
heap
page read and write
1203F649000
heap
page read and write
1766C0F0000
heap
page read and write
F33000
heap
page read and write
251F5600000
heap
page read and write
1414D62D000
heap
page read and write
1ED72480000
heap
page read and write
2DE6AAA1000
heap
page read and write
BE989EB000
stack
page read and write
E9AD0E000
stack
page read and write
2DE6A910000
heap
page read and write
1414D656000
heap
page read and write
F84000
heap
page read and write
1414D656000
heap
page read and write
251F5E02000
trusted library allocation
page read and write
BE990FE000
stack
page read and write
251F567F000
heap
page read and write
1ABC5602000
trusted library allocation
page read and write
157F2FF000
stack
page read and write
D2BEC7F000
stack
page read and write
2DE6AA99000
heap
page read and write
2D7B000
stack
page read and write
F77000
heap
page read and write
2DE6B9D0000
trusted library allocation
page read and write
1203F560000
heap
page read and write
1ED72530000
heap
page readonly
1203F64A000
heap
page read and write
251F565F000
heap
page read and write
DD6000
heap
page read and write
C75000
stack
page read and write
1ABC4F08000
heap
page read and write
5E390FE000
stack
page read and write
2DE6ABD0000
heap
page read and write
E9B47F000
stack
page read and write
960000
heap
page read and write
EC0000
heap
page readonly
F44848B000
stack
page read and write
F44897F000
stack
page read and write
1ED724F0000
direct allocation
page execute and read and write
2DE6AAA0000
heap
page read and write
1FB92600000
heap
page read and write
26BACFE4000
heap
page read and write
1414D600000
heap
page read and write
2F2B000
stack
page read and write
251F564D000
heap
page read and write
EB0000
heap
page read and write
1FB92900000
heap
page read and write
BD0000
heap
page read and write
2BBE000
stack
page read and write
3B0D71C000
stack
page read and write
E40000
direct allocation
page execute and read and write
1ABC4E52000
heap
page read and write
10E0000
trusted library allocation
page read and write
5E3937F000
stack
page read and write
1203F66D000
heap
page read and write
1414D631000
heap
page read and write
251F567F000
heap
page read and write
D2BE9DF000
stack
page read and write
251F568B000
heap
page read and write
251F5713000
heap
page read and write
1203F63C000
heap
page read and write
26A9000
direct allocation
page readonly
2774000
heap
page read and write
F24000
heap
page read and write
1203F652000
heap
page read and write
1ABC4E70000
heap
page read and write
1203F67C000
heap
page read and write
9D0000
heap
page read and write
F24000
heap
page read and write
1203F67E000
heap
page read and write
5E39477000
stack
page read and write
E9AD8E000
stack
page read and write
39D1F7E000
stack
page read and write
251F53B0000
heap
page read and write
26BAB760000
heap
page readonly
E50000
heap
page read and write
1203F708000
heap
page read and write
1414D63B000
heap
page read and write
1ABC4BD0000
heap
page read and write
26BAB835000
heap
page read and write
D2BE95C000
stack
page read and write
E9AC8B000
stack
page read and write
1766C250000
heap
page read and write
157F37F000
stack
page read and write
F51000
heap
page read and write
1766C2F0000
heap
page read and write
EA7000
direct allocation
page readonly
DF1000
heap
page read and write
5E3967E000
stack
page read and write
39D217B000
stack
page read and write
1414D62D000
heap
page read and write
1414D4F0000
heap
page read and write
1766C2E0000
heap
page readonly
EA8000
direct allocation
page read and write
180000000
unkown
page readonly
1ED727C5000
heap
page read and write
2DE6ABE0000
trusted library allocation
page read and write
1FB92813000
heap
page read and write
18005E000
unkown
page readonly
E80000
direct allocation
page read and write
180075000
unkown
page readonly
EE0000
heap
page read and write
2760000
heap
page read and write
2F30000
remote allocation
page read and write
1203F64C000
heap
page read and write
27F0000
trusted library allocation
page read and write
180000000
unkown
page readonly
1FB92902000
heap
page read and write
1414D629000
heap
page read and write
2DE6AA59000
heap
page read and write
1FB92800000
heap
page read and write
327187E000
stack
page read and write
1766C3F0000
direct allocation
page read and write
3B0DA7F000
stack
page read and write
1414D640000
heap
page read and write
1203F68F000
heap
page read and write
39D1EFE000
stack
page read and write
1766DC51000
heap
page read and write
26BAB730000
direct allocation
page read and write
1ABC4E4C000
heap
page read and write
180088000
unkown
page readonly
BE98FFB000
stack
page read and write
BE98EFB000
stack
page read and write
17B63530000
heap
page read and write
2CFF000
stack
page read and write
251F5702000
heap
page read and write
1FB92770000
trusted library allocation
page read and write
1414D610000
heap
page read and write
2F30000
remote allocation
page read and write
2DE6AB70000
heap
page read and write
1203F64F000
heap
page read and write
1203F677000
heap
page read and write
1414D603000
heap
page read and write
251F5613000
heap
page read and write
180088000
unkown
page readonly
86D2000
heap
page read and write
1414D590000
heap
page read and write
17673BAF000
heap
page read and write
2DE6B750000
trusted library allocation
page read and write
2DE6AB50000
heap
page read and write
AF0000
remote allocation
page read and write
1ABC4E00000
heap
page read and write
A10000
heap
page read and write
3B0D79F000
stack
page read and write
2DE6AAA0000
heap
page read and write
1766C2F7000
heap
page read and write
E70000
heap
page read and write
F84000
heap
page read and write
2DE6BA20000
trusted library allocation
page read and write
F33000
heap
page read and write
D58000
heap
page read and write
251F5420000
heap
page read and write
F24000
heap
page read and write
27EF000
stack
page read and write
251F5602000
heap
page read and write
2DE6B9B0000
heap
page readonly
180072000
unkown
page read and write
17B63668000
heap
page read and write
1ABC4E4A000
heap
page read and write
5E392FB000
stack
page read and write
1FB93002000
trusted library allocation
page read and write
14150760000
trusted library allocation
page read and write
1FB92880000
heap
page read and write
F50000
heap
page read and write
EA9000
direct allocation
page readonly
1FB92824000
heap
page read and write
2DE6AA61000
heap
page read and write
2DE6A920000
trusted library allocation
page read and write
251F5520000
trusted library allocation
page read and write
17B63660000
heap
page read and write
1FB92856000
heap
page read and write
AF0000
remote allocation
page read and write
273F000
stack
page read and write
1ED72540000
heap
page read and write
1414D617000
heap
page read and write
1766C417000
direct allocation
page readonly
1ABC4D30000
trusted library allocation
page read and write
E9B377000
stack
page read and write
E9B17E000
stack
page read and write
2CAD000
stack
page read and write
251F5653000
heap
page read and write
1414D86B000
heap
page read and write
180072000
unkown
page read and write
251F565B000
heap
page read and write
251F5663000
heap
page read and write
180075000
unkown
page readonly
32715AE000
stack
page read and write
28F3000
heap
page read and write
E75000
heap
page read and write
2E2F000
stack
page read and write
251F53C0000
heap
page read and write
5E3957C000
stack
page read and write
1ED72340000
heap
page read and write
39D237F000
stack
page read and write
1ED73F7A000
heap
page read and write
1140000
heap
page read and write
251F5661000
heap
page read and write
D50000
heap
page read and write
1766C230000
heap
page read and write
1ABC4E50000
heap
page read and write
17B635A0000
heap
page read and write
F77000
heap
page read and write
39D2277000
stack
page read and write
1766C419000
direct allocation
page readonly
26BAD090000
heap
page read and write
There are 330 hidden memdumps, click here to show them.