Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
mozglue.dll.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_moz_27ecf4c285b5182533f7b3a93e8a8a8fddc58761_134389a9_1de486fd-c9ab-489c-aa10-0c38cdabb530\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_moz_27ecf4c285b5182533f7b3a93e8a8a8fddc58761_134389a9_273e8517-c54d-470f-b1be-6f82d7b9a01d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_moz_27ecf4c285b5182533f7b3a93e8a8a8fddc58761_134389a9_a4d72ff2-2d42-46e7-9cd5-bbc934cbba1b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_moz_27ecf4c285b5182533f7b3a93e8a8a8fddc58761_134389a9_e9164dc1-577d-4bcf-b83d-667d25519d07\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA43.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue May 28 05:27:55 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA52.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue May 28 05:27:55 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCAB1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCAC1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCAF1.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB10.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD56E.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue May 28 05:27:58 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD5AE.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD5CE.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE145.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue May 28 05:28:01 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE175.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE195.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\mozglue.dll.dll"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mozglue.dll.dll",#1
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\mozglue.dll.dll,HeapAlloc
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\mozglue.dll.dll",#1
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7176 -s 296
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7192 -s 292
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\mozglue.dll.dll,HeapFree
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7468 -s 284
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\mozglue.dll.dll,HeapReAlloc
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7668 -s 236
|
There are 1 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://upx.sf.net
|
unknown
|
||
http://www.mozilla.com/en-US/blocklist/
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
\REGISTRY\A\{00bf46f5-2335-5527-6cb1-6a44a2081af3}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
CEC319E000
|
stack
|
page read and write
|
||
1D108590000
|
heap
|
page read and write
|
||
7FFDFF1A1000
|
unkown
|
page execute read
|
||
1D108825000
|
heap
|
page read and write
|
||
7FFDFF1A1000
|
unkown
|
page execute read
|
||
21468FE0000
|
heap
|
page read and write
|
||
1C50C780000
|
heap
|
page read and write
|
||
1D108490000
|
heap
|
page read and write
|
||
7FFDFF301000
|
unkown
|
page readonly
|
||
1C50C860000
|
heap
|
page read and write
|
||
7FFDFF301000
|
unkown
|
page readonly
|
||
1D108618000
|
heap
|
page read and write
|
||
7FFDFF2BA000
|
unkown
|
page readonly
|
||
21469435000
|
heap
|
page read and write
|
||
8EB6BEC000
|
stack
|
page read and write
|
||
13A76F10000
|
heap
|
page read and write
|
||
733FCFF000
|
stack
|
page read and write
|
||
7FFDFF2BA000
|
unkown
|
page readonly
|
||
CEC309C000
|
stack
|
page read and write
|
||
7FFDFF2F4000
|
unkown
|
page write copy
|
||
45FD6FE000
|
stack
|
page read and write
|
||
1D108820000
|
heap
|
page read and write
|
||
7FFDFF2F9000
|
unkown
|
page readonly
|
||
214691BF000
|
heap
|
page read and write
|
||
214690E0000
|
heap
|
page read and write
|
||
1C50C886000
|
heap
|
page read and write
|
||
22A242C0000
|
heap
|
page read and write
|
||
214690C0000
|
heap
|
page read and write
|
||
7FFDFF301000
|
unkown
|
page readonly
|
||
1C50C7B0000
|
heap
|
page read and write
|
||
13A77265000
|
heap
|
page read and write
|
||
22A242C5000
|
heap
|
page read and write
|
||
21469430000
|
heap
|
page read and write
|
||
7FFDFF1A0000
|
unkown
|
page readonly
|
||
1C50C86D000
|
heap
|
page read and write
|
||
733F92C000
|
stack
|
page read and write
|
||
45FD3ED000
|
stack
|
page read and write
|
||
7FFDFF1A1000
|
unkown
|
page execute read
|
||
7FFDFF301000
|
unkown
|
page readonly
|
||
22A240C8000
|
heap
|
page read and write
|
||
7FFDFF2BA000
|
unkown
|
page readonly
|
||
7FFDFF2F9000
|
unkown
|
page readonly
|
||
13A76F18000
|
heap
|
page read and write
|
||
7FFDFF2F4000
|
unkown
|
page write copy
|
||
733FDFF000
|
stack
|
page read and write
|
||
37EFAED000
|
stack
|
page read and write
|
||
22A240C0000
|
heap
|
page read and write
|
||
7FFDFF1A0000
|
unkown
|
page readonly
|
||
7FFDFF2BA000
|
unkown
|
page readonly
|
||
7FFDFF2F4000
|
unkown
|
page write copy
|
||
1C50C7D0000
|
remote allocation
|
page read and write
|
||
7FFDFF1A1000
|
unkown
|
page execute read
|
||
7FFDFF2F4000
|
unkown
|
page write copy
|
||
7FFDFF2F9000
|
unkown
|
page readonly
|
||
7FFDFF2BA000
|
unkown
|
page readonly
|
||
22A24010000
|
heap
|
page read and write
|
||
1D108570000
|
heap
|
page read and write
|
||
13A76E80000
|
heap
|
page read and write
|
||
8EB6E7E000
|
stack
|
page read and write
|
||
7FFDFF301000
|
unkown
|
page readonly
|
||
7FFDFF1A0000
|
unkown
|
page readonly
|
||
13A76E60000
|
heap
|
page read and write
|
||
CEC311E000
|
stack
|
page read and write
|
||
214691B8000
|
heap
|
page read and write
|
||
7FFDFF2F9000
|
unkown
|
page readonly
|
||
7FFDFF2F4000
|
unkown
|
page write copy
|
||
13A77260000
|
heap
|
page read and write
|
||
7FFDFF1A1000
|
unkown
|
page execute read
|
||
13A76E50000
|
heap
|
page read and write
|
||
1C50C6A0000
|
heap
|
page read and write
|
||
8EB6EFE000
|
stack
|
page read and write
|
||
22A240CF000
|
heap
|
page read and write
|
||
22A24030000
|
heap
|
page read and write
|
||
7FFDFF2F9000
|
unkown
|
page readonly
|
||
37EFBEE000
|
stack
|
page read and write
|
||
7FFDFF1A0000
|
unkown
|
page readonly
|
||
45FD67E000
|
stack
|
page read and write
|
||
7FFDFF1A0000
|
unkown
|
page readonly
|
||
1D108610000
|
heap
|
page read and write
|
||
1C50CB30000
|
heap
|
page read and write
|
||
22A23F30000
|
heap
|
page read and write
|
||
214691B0000
|
heap
|
page read and write
|
||
37EFB6E000
|
stack
|
page read and write
|
There are 73 hidden memdumps, click here to show them.