Fixing a WMI provider load failure
Tags
attack-pattern: Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID bb79b2da-4c22-4486-a775-88044daf487b
Fingerprint 144eaa41c92a0974
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 28, 2014, 8:55 p.m.
Added to db Jan. 18, 2023, 10:06 p.m.
Last updated Nov. 14, 2024, 5:56 p.m.
Headline >_
Title Fixing a WMI provider load failure
Detected Hints/Tags/Attributes 15/1/10
Source URLs
Redirection Url
Details Source https://p0w3rsh3ll.wordpress.com/2014/12/28/fixing-a-wmi-provider-load-failure/
URL Provider
Details Provider Source level domain
Details wordpress.com p0w3rsh3ll.wordpress.com
Attributes
Details Type #Events CTI Value
Details Domain 7 
microsoft.management
Details File 6 
management.inf
Details File 9 
powercfg.exe
Details File 1 
wbemtest.exe
Details File 34 
eventvwr.exe
Details File 17 
log.log
Details File 2 
%systemroot%\system32\powerwmiprovider.dll
Details File 1 
wcl.dll
Details File 1 
slr100.dll
Details File 1 
wclpowrprof.dll