Source: 2760000.netprovfw.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: 2760000.netprovfw.exe |
Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NO_ISOLATION, NX_COMPAT |
Source: |
Binary string: wininet.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: shlwapi.pdb hsq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdbnhqc source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: wwin32u.pdb^hyq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: wuser32.pdbdh source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: crypt32.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: urlmon.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: urlmon.pdbHhkq` source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 00000003.00000003.677114006.0000000004859000.00000004.00000001.sdmp |
Source: |
Binary string: userenv.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdbzh source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: iertutil.pdb,hGq| source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdbph source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: msasn1.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb6hAq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdbTh source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdb|h source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: userenv.pdb*hMq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: iertutil.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdbbh5q source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wtsapi32.pdbRheq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: msasn1.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: wtsapi32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: crypt32.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02763A10 _snwprintf,LdrInitializeThunk,_snwprintf,FindFirstFileW, |
0_2_02763A10 |
Source: Yara match |
File source: 2760000.netprovfw.exe, type: SAMPLE |
Source: Yara match |
File source: 00000000.00000000.664188211.0000000002761000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.690703011.0000000002761000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.0.2760000.netprovfw.exe.2760000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.2760000.netprovfw.exe.2760000.0.unpack, type: UNPACKEDPE |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02761C70 |
0_2_02761C70 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02767590 |
0_2_02767590 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02768180 |
0_2_02768180 |
Source: 2760000.netprovfw.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: 2760000.netprovfw.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: 2760000.netprovfw.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: 2760000.netprovfw.exe |
Static PE information: No import functions for PE file found |
Source: 2760000.netprovfw.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: classification engine |
Classification label: mal68.troj.winEXE@2/4@0/1 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6172 |
Source: 2760000.netprovfw.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: 2760000.netprovfw.exe |
Virustotal: Detection: 50% |
Source: 2760000.netprovfw.exe |
ReversingLabs: Detection: 79% |
Source: unknown |
Process created: C:\Users\user\Desktop\2760000.netprovfw.exe 'C:\Users\user\Desktop\2760000.netprovfw.exe' |
Source: unknown |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 632 |
Source: 2760000.netprovfw.exe |
Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NO_ISOLATION, NX_COMPAT |
Source: |
Binary string: wininet.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: shlwapi.pdb hsq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdbnhqc source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: wwin32u.pdb^hyq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: wuser32.pdbdh source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: crypt32.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: urlmon.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: urlmon.pdbHhkq` source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 00000003.00000003.677114006.0000000004859000.00000004.00000001.sdmp |
Source: |
Binary string: userenv.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdbzh source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: iertutil.pdb,hGq| source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdbph source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: msasn1.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb6hAq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdbTh source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdb|h source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: userenv.pdb*hMq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: iertutil.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdbbh5q source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: wtsapi32.pdbRheq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: msasn1.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: |
Binary string: wtsapi32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: |
Binary string: crypt32.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: 2760000.netprovfw.exe |
Static PE information: real checksum: 0x59bfd should be: 0x6199f |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02765D70 push ecx; mov dword ptr [esp], 00008067h |
0_2_02765D71 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02765F70 push ecx; mov dword ptr [esp], 000084ADh |
0_2_02765F71 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02765E70 push ecx; mov dword ptr [esp], 00008D73h |
0_2_02765E71 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02765E40 push ecx; mov dword ptr [esp], 0000AEA2h |
0_2_02765E41 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02765D30 push ecx; mov dword ptr [esp], 00002C7Ch |
0_2_02765D31 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02765F20 push ecx; mov dword ptr [esp], 0000E2ADh |
0_2_02765F21 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02765D00 push ecx; mov dword ptr [esp], 000021B4h |
0_2_02765D01 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02765DE0 push ecx; mov dword ptr [esp], 000025AAh |
0_2_02765DE1 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02765FB0 push ecx; mov dword ptr [esp], 0000460Eh |
0_2_02765FB1 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02765EA0 push ecx; mov dword ptr [esp], 00007473h |
0_2_02765EA1 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02765DA0 push ecx; mov dword ptr [esp], 000036B8h |
0_2_02765DA1 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02763A10 _snwprintf,LdrInitializeThunk,_snwprintf,FindFirstFileW, |
0_2_02763A10 |
Source: WerFault.exe, 00000003.00000002.689659437.0000000004B90000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: WerFault.exe, 00000003.00000003.687150176.0000000004859000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW |
Source: WerFault.exe, 00000003.00000002.689659437.0000000004B90000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: WerFault.exe, 00000003.00000002.689659437.0000000004B90000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: WerFault.exe, 00000003.00000002.689659437.0000000004B90000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02763A10 _snwprintf,LdrInitializeThunk,_snwprintf,FindFirstFileW, |
0_2_02763A10 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02763F70 mov eax, dword ptr fs:[00000030h] |
0_2_02763F70 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe |
Code function: 0_2_02764E10 mov eax, dword ptr fs:[00000030h] |
0_2_02764E10 |
Source: Yara match |
File source: 2760000.netprovfw.exe, type: SAMPLE |
Source: Yara match |
File source: 00000000.00000000.664188211.0000000002761000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.690703011.0000000002761000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.0.2760000.netprovfw.exe.2760000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.2760000.netprovfw.exe.2760000.0.unpack, type: UNPACKEDPE |