Source: MWSW9nxmUK.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://ocsp.digicert.com0C |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://ocsp.digicert.com0O |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: MWSW9nxmUK.exe | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD543B |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD3684 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD3ED8 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD42C0 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD163B |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD322C |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD2228 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD1A21 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD3A18 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD421B |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD1A78 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD3A69 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD3259 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD87BC |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD6FAF |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD27A4 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD7BA4 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD47A2 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD23FF |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD0BDC |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD47C8 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD6B35 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD832E |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD3325 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD4712 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD770F |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD2379 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD6B7B |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD475F |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD7F4E |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD80A4 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD28A0 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD048D |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD0889 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD80EF |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD48E9 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD38D1 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD80C6 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD0CC3 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD8C36 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD2C2A |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD841E |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD7077 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD4860 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD2455 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD0C54 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD0C4C |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD8C42 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD15BD |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD05B1 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD3D84 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD7D3E |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD3D2C |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD2518 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD0916 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD4912 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD5908 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD4105 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD7D06 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD517E |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD0147 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD5D43 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B12F5 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B1054 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B2854 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B4054 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B5854 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B7054 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B0843 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B2043 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B3843 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B5043 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B6844 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B0878 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B6875 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B2074 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B3874 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B5074 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B0068 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B3063 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B1863 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B4863 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B6065 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B0818 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B3813 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B2013 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B5013 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B6814 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B0008 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B600D push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B4803 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B3003 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_005B1803 push edx; ret |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD27A4 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD2379 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD28A0 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD7D3E |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD7503 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | RDTSC instruction interceptor: First address: 0000000002BD8CAB second address: 0000000002BD8CAB instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov dword ptr [ebp+00000253h], edx 0x00000010 mov edx, 83A23224h 0x00000015 cmp bh, ch 0x00000017 test ah, dh 0x00000019 xor edx, B23AA633h 0x0000001f xor edx, 5BA5550Bh 0x00000025 test ch, 00000068h 0x00000028 sub edx, 6A3DC11Ch 0x0000002e test cx, dx 0x00000031 cmp dword ptr [ebp+00000253h], edx 0x00000037 mov edx, dword ptr [ebp+00000253h] 0x0000003d jne 00007F916C39C188h 0x0000003f dec ebx 0x00000040 xor edx, edx 0x00000042 mov eax, ebx 0x00000044 test si, 634Bh 0x00000049 mov ecx, D06366DFh 0x0000004e test bx, cx 0x00000051 sub ecx, D6A7F971h 0x00000057 cmp ecx, ecx 0x00000059 xor ecx, 335F4321h 0x0000005f sub ecx, CAE42E4Bh 0x00000065 test ebx, edx 0x00000067 div ecx 0x00000069 pushad 0x0000006a rdtsc |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | RDTSC instruction interceptor: First address: 0000000002BD8CAB second address: 0000000002BD8CAB instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov dword ptr [ebp+00000253h], edx 0x00000010 mov edx, 83A23224h 0x00000015 cmp bh, ch 0x00000017 test ah, dh 0x00000019 xor edx, B23AA633h 0x0000001f xor edx, 5BA5550Bh 0x00000025 test ch, 00000068h 0x00000028 sub edx, 6A3DC11Ch 0x0000002e test cx, dx 0x00000031 cmp dword ptr [ebp+00000253h], edx 0x00000037 mov edx, dword ptr [ebp+00000253h] 0x0000003d jne 00007F916C39C188h 0x0000003f dec ebx 0x00000040 xor edx, edx 0x00000042 mov eax, ebx 0x00000044 test si, 634Bh 0x00000049 mov ecx, D06366DFh 0x0000004e test bx, cx 0x00000051 sub ecx, D6A7F971h 0x00000057 cmp ecx, ecx 0x00000059 xor ecx, 335F4321h 0x0000005f sub ecx, CAE42E4Bh 0x00000065 test ebx, edx 0x00000067 div ecx 0x00000069 pushad 0x0000006a rdtsc |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | RDTSC instruction interceptor: First address: 0000000002BD750B second address: 0000000002BD752A instructions: 0x00000000 rdtsc 0x00000002 mov eax, 4E5E24E1h 0x00000007 xor eax, 256A0EB4h 0x0000000c xor eax, 6B41C15Ch 0x00000011 xor eax, 0075EB08h 0x00000016 cpuid 0x00000018 popad 0x00000019 pushad 0x0000001a mov ecx, 000000F8h 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD2EF7 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD322C mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD3259 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD27A4 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD6B69 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD504C mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD7D3E mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD7106 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02BD7D06 mov eax, dword ptr fs:[00000030h] |
Source: MWSW9nxmUK.exe, 00000000.00000002.737373795.0000000000E40000.00000002.00000001.sdmp | Binary or memory string: Program Manager |
Source: MWSW9nxmUK.exe, 00000000.00000002.737373795.0000000000E40000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: MWSW9nxmUK.exe, 00000000.00000002.737373795.0000000000E40000.00000002.00000001.sdmp | Binary or memory string: Progman |
Source: MWSW9nxmUK.exe, 00000000.00000002.737373795.0000000000E40000.00000002.00000001.sdmp | Binary or memory string: Progmanlock |