Source: MWSW9nxmUK.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://ocsp.digicert.com0C |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://ocsp.digicert.com0O |
Source: MWSW9nxmUK.exe | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: MWSW9nxmUK.exe | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F7543B |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F780EF |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F748E9 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F738D1 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F73ED8 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F780C6 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F70CC3 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F742C0 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F780A4 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F728A0 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F73684 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F7048D |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F70889 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F77077 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F71A78 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F74860 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F73A69 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F72455 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F70C54 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F73259 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F78C42 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F70C4C |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F78C36 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F7163B |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F71A21 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F7322C |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F72C2A |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F72228 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F7841E |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F7421B |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F73A18 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F723FF |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F70BDC |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F747C8 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F705B1 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F715BD |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F787BC |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F727A4 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F77BA4 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F747A2 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F76FAF |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F73D84 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F7517E |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F76B7B |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F72379 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F7475F |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F70147 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F75D43 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F77F4E |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F76B35 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F77D3E |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F73325 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F7832E |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F73D2C |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F70916 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F74712 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F74912 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F72518 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F77D06 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F74105 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F7770F |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F75908 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F728A0 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F727A4 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F72379 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F77D3E |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F77503 |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | RDTSC instruction interceptor: First address: 0000000002F78CAB second address: 0000000002F78CAB instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov dword ptr [ebp+00000253h], edx 0x00000010 mov edx, 83A23224h 0x00000015 cmp bh, ch 0x00000017 test ah, dh 0x00000019 xor edx, B23AA633h 0x0000001f xor edx, 5BA5550Bh 0x00000025 test ch, 00000068h 0x00000028 sub edx, 6A3DC11Ch 0x0000002e test cx, dx 0x00000031 cmp dword ptr [ebp+00000253h], edx 0x00000037 mov edx, dword ptr [ebp+00000253h] 0x0000003d jne 00007F180C9266B8h 0x0000003f dec ebx 0x00000040 xor edx, edx 0x00000042 mov eax, ebx 0x00000044 test si, 634Bh 0x00000049 mov ecx, D06366DFh 0x0000004e test bx, cx 0x00000051 sub ecx, D6A7F971h 0x00000057 cmp ecx, ecx 0x00000059 xor ecx, 335F4321h 0x0000005f sub ecx, CAE42E4Bh 0x00000065 test ebx, edx 0x00000067 div ecx 0x00000069 pushad 0x0000006a rdtsc |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | RDTSC instruction interceptor: First address: 0000000002F78CAB second address: 0000000002F78CAB instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov dword ptr [ebp+00000253h], edx 0x00000010 mov edx, 83A23224h 0x00000015 cmp bh, ch 0x00000017 test ah, dh 0x00000019 xor edx, B23AA633h 0x0000001f xor edx, 5BA5550Bh 0x00000025 test ch, 00000068h 0x00000028 sub edx, 6A3DC11Ch 0x0000002e test cx, dx 0x00000031 cmp dword ptr [ebp+00000253h], edx 0x00000037 mov edx, dword ptr [ebp+00000253h] 0x0000003d jne 00007F180C9266B8h 0x0000003f dec ebx 0x00000040 xor edx, edx 0x00000042 mov eax, ebx 0x00000044 test si, 634Bh 0x00000049 mov ecx, D06366DFh 0x0000004e test bx, cx 0x00000051 sub ecx, D6A7F971h 0x00000057 cmp ecx, ecx 0x00000059 xor ecx, 335F4321h 0x0000005f sub ecx, CAE42E4Bh 0x00000065 test ebx, edx 0x00000067 div ecx 0x00000069 pushad 0x0000006a rdtsc |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | RDTSC instruction interceptor: First address: 0000000002F7750B second address: 0000000002F7752A instructions: 0x00000000 rdtsc 0x00000002 mov eax, 4E5E24E1h 0x00000007 xor eax, 256A0EB4h 0x0000000c xor eax, 6B41C15Ch 0x00000011 xor eax, 0075EB08h 0x00000016 cpuid 0x00000018 popad 0x00000019 pushad 0x0000001a mov ecx, 000000F8h 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F72EF7 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F73259 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F7504C mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F7322C mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F727A4 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F76B69 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F77D3E mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F77106 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\MWSW9nxmUK.exe | Code function: 0_2_02F77D06 mov eax, dword ptr fs:[00000030h] |
Source: MWSW9nxmUK.exe, 00000000.00000002.1288850804.0000000000CC0000.00000002.00000001.sdmp | Binary or memory string: Program Manager |
Source: MWSW9nxmUK.exe, 00000000.00000002.1288850804.0000000000CC0000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: MWSW9nxmUK.exe, 00000000.00000002.1288850804.0000000000CC0000.00000002.00000001.sdmp | Binary or memory string: Progman |
Source: MWSW9nxmUK.exe, 00000000.00000002.1288850804.0000000000CC0000.00000002.00000001.sdmp | Binary or memory string: Progmanlock |