Source: 2760000.netprovfw.exe | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: 2760000.netprovfw.exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NO_ISOLATION, NX_COMPAT |
Source: | Binary string: wininet.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: shlwapi.pdb hsq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdbnhqc source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: wwin32u.pdb^hyq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: wuser32.pdbdh source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: crypt32.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: urlmon.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: urlmon.pdbHhkq` source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000003.00000003.677114006.0000000004859000.00000004.00000001.sdmp |
Source: | Binary string: userenv.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdbzh source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: iertutil.pdb,hGq| source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdbph source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: msasn1.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb6hAq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdbTh source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb|h source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: userenv.pdb*hMq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: iertutil.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdbbh5q source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wtsapi32.pdbRheq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: msasn1.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: wtsapi32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: crypt32.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02763A10 _snwprintf,LdrInitializeThunk,_snwprintf,FindFirstFileW, |
Source: Yara match | File source: 2760000.netprovfw.exe, type: SAMPLE |
Source: Yara match | File source: 00000000.00000000.664188211.0000000002761000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.690703011.0000000002761000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0.0.2760000.netprovfw.exe.2760000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.2760000.netprovfw.exe.2760000.0.unpack, type: UNPACKEDPE |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02761C70 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02767590 |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02768180 |
Source: 2760000.netprovfw.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: 2760000.netprovfw.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: 2760000.netprovfw.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: 2760000.netprovfw.exe | Static PE information: No import functions for PE file found |
Source: 2760000.netprovfw.exe | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: classification engine | Classification label: mal68.troj.winEXE@2/4@0/1 |
Source: C:\Windows\SysWOW64\WerFault.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6172 |
Source: 2760000.netprovfw.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: 2760000.netprovfw.exe | Virustotal: Detection: 50% |
Source: 2760000.netprovfw.exe | ReversingLabs: Detection: 79% |
Source: unknown | Process created: C:\Users\user\Desktop\2760000.netprovfw.exe 'C:\Users\user\Desktop\2760000.netprovfw.exe' |
Source: unknown | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 632 |
Source: 2760000.netprovfw.exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NO_ISOLATION, NX_COMPAT |
Source: | Binary string: wininet.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: shlwapi.pdb hsq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdbnhqc source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: wwin32u.pdb^hyq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: wuser32.pdbdh source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: crypt32.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: urlmon.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: urlmon.pdbHhkq` source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000003.00000003.677114006.0000000004859000.00000004.00000001.sdmp |
Source: | Binary string: userenv.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdbzh source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: iertutil.pdb,hGq| source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdbph source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: msasn1.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb6hAq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdbTh source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb|h source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: userenv.pdb*hMq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: iertutil.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdbbh5q source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: wtsapi32.pdbRheq source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: msasn1.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: | Binary string: wtsapi32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000003.00000003.680015863.0000000004A31000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000003.00000003.680034638.0000000004A07000.00000004.00000040.sdmp |
Source: | Binary string: crypt32.pdb source: WerFault.exe, 00000003.00000003.680028342.0000000004A00000.00000004.00000040.sdmp |
Source: 2760000.netprovfw.exe | Static PE information: real checksum: 0x59bfd should be: 0x6199f |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02765D70 push ecx; mov dword ptr [esp], 00008067h |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02765F70 push ecx; mov dword ptr [esp], 000084ADh |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02765E70 push ecx; mov dword ptr [esp], 00008D73h |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02765E40 push ecx; mov dword ptr [esp], 0000AEA2h |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02765D30 push ecx; mov dword ptr [esp], 00002C7Ch |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02765F20 push ecx; mov dword ptr [esp], 0000E2ADh |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02765D00 push ecx; mov dword ptr [esp], 000021B4h |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02765DE0 push ecx; mov dword ptr [esp], 000025AAh |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02765FB0 push ecx; mov dword ptr [esp], 0000460Eh |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02765EA0 push ecx; mov dword ptr [esp], 00007473h |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02765DA0 push ecx; mov dword ptr [esp], 000036B8h |
Source: C:\Windows\SysWOW64\WerFault.exe | Registry key monitored for changes: HKEY_CURRENT_USER_Classes |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02763A10 _snwprintf,LdrInitializeThunk,_snwprintf,FindFirstFileW, |
Source: WerFault.exe, 00000003.00000002.689659437.0000000004B90000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: WerFault.exe, 00000003.00000003.687150176.0000000004859000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW |
Source: WerFault.exe, 00000003.00000002.689659437.0000000004B90000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: WerFault.exe, 00000003.00000002.689659437.0000000004B90000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: WerFault.exe, 00000003.00000002.689659437.0000000004B90000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Process queried: DebugPort |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02763A10 _snwprintf,LdrInitializeThunk,_snwprintf,FindFirstFileW, |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02763F70 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\2760000.netprovfw.exe | Code function: 0_2_02764E10 mov eax, dword ptr fs:[00000030h] |
Source: Yara match | File source: 2760000.netprovfw.exe, type: SAMPLE |
Source: Yara match | File source: 00000000.00000000.664188211.0000000002761000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.690703011.0000000002761000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0.0.2760000.netprovfw.exe.2760000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.2760000.netprovfw.exe.2760000.0.unpack, type: UNPACKEDPE |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.