Windows Analysis Report
magicline4nx_setup.exe

Overview

General Information

Sample Name: magicline4nx_setup.exe
Analysis ID: 755310
MD5: 7cec32c04fdae116ab0f7f4fd8372abd
SHA1: 8b87b2536fc29ced5a2a242bf0ae1d9d3b5b2d2b
SHA256: aee4831c12dc0cb1c46544cb2319f018d9f16c7a23592008a580a7a605e7ca1f
Infos:

Detection

GuLoader, UACMe
Score: 90
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Compliance

Score: 33
Range: 0 - 100

Signatures

Detected unpacking (changes PE section rights)
Yara detected GuLoader
Yara detected UACMe UAC Bypass tool
Uses netsh to modify the Windows network and firewall settings
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to evade debugger and weak emulator (self modifying code)
DLL side loading technique detected
Modifies Internet Explorer zone settings
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
PE file contains section with special chars
Hides threads from debuggers
Overwrites Mozilla Firefox settings
Installs new ROOT certificates
Changes security center settings (notifications, updates, antivirus, firewall)
Modifies the windows firewall
Drops certificate files (DER)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Contains functionality to dynamically determine API calls
EXE planting / hijacking vulnerabilities found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
Checks for debuggers (devices)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates files inside the system directory
PE file contains sections with non-standard names
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Entry point lies outside standard sections
Enables debug privileges
AV process strings found (often used to terminate AV products)
PE file contains an invalid checksum
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains capabilities to detect virtual machines
Uses taskkill to terminate processes
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certmgr.exe Code function: 13_2_00221829 GetModuleHandleA,CryptInitOIDFunctionSet,CryptInstallOIDFunctionAddress, 13_2_00221829
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certmgr.exe Code function: 13_2_00221A91 strtok,strtok,strtok,SetLastError,CryptEncodeObject,CryptEncodeObject,CryptEncodeObject,CertEnumCertificatesInStore,CertEnumCertificatesInStore,CertSetCRLContextProperty,CertSetCRLContextProperty,CertSetCRLContextProperty,CertEnumCertificatesInStore,CertFreeCertificateContext, 13_2_00221A91
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E019960 legacy_SetCryptFunctions, 17_2_6E019960

Exploits

barindex
Source: Yara match File source: 43.2.MagicLine4NX.exe.6df70000.5.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000002B.00000002.2510440514.000000006E10E000.00000002.00000001.01000000.0000001F.sdmp, type: MEMORY
Source: Yara match File source: 0000002B.00000003.1506828790.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002B.00000002.2433205884.0000000000918000.00000040.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match File source: 0000002B.00000003.1486681414.00000000058B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: MagicLine4NX.exe PID: 5700, type: MEMORYSTR
Source: Yara match File source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\CertManager.dll, type: DROPPED
Source: C:\Users\user\Desktop\magicline4nx_setup.exe EXE: cscript.exe Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe EXE: netsh.exe Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe EXE: sc.exe Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe EXE: CheckNetIsolation.exe Jump to behavior

Compliance

barindex
Source: C:\Users\user\Desktop\magicline4nx_setup.exe EXE: cscript.exe Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe EXE: netsh.exe Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe EXE: sc.exe Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe EXE: CheckNetIsolation.exe Jump to behavior
Source: magicline4nx_setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Local\DreamSecurity\MagicLine4NX\logs\install-202211281523.log Jump to behavior
Source: magicline4nx_setup.exe Static PE information: certificate valid
Source: magicline4nx_setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: CertMgr.pdb source: certmgr.exe, certmgr.exe, 0000000D.00000000.1265517894.0000000000221000.00000020.00000001.01000000.0000000A.sdmp, certmgr.exe, 0000000D.00000002.1269714571.0000000000221000.00000020.00000001.01000000.0000000A.sdmp, certmgr.exe.0.dr
Source: Binary string: F:\DEV\svn\MagicLineNP\trunk\Code\window\MagicLineNXServices\lib\Win32\Release\MagicLine4NXServices.pdb source: MagicLine4NXServices.exe, 0000002C.00000003.1486510887.0000000005140000.00000004.00001000.00020000.00000000.sdmp, MagicLine4NXServices.exe, 0000002C.00000002.1498312164.0000000000771000.00000040.00000001.01000000.0000001C.sdmp
Source: Binary string: C:\openssl-1.0.1u\out32dll\ssleay32.pdbfk7RCMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgN8 source: MagicLine4NX.exe, 0000002B.00000002.2480365493.0000000005C88000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\projects\01.MagicAPI\DSToolkitV3\proj\vs2008\bin32\DSCToolkitV30-v3.4.2.20.pdb source: MagicLine4NX.exe, 0000002B.00000003.1521469654.0000000005DF8000.00000004.00000800.00020000.00000000.sdmp, MagicLine4NX.exe, 0000002B.00000002.2523885578.000000006E490000.00000002.00000001.01000000.0000001D.sdmp, DSCToolkitV30-v3.4.2.20.dll.0.dr
Source: Binary string: F:\DEV\svn\MagicLineNP\trunk\Code\window\LocalServerNTS\NTSMagicLineNP\NTSMagicLineNP\lib\Win32\Release\MagicLine4NX.pdb source: MagicLine4NX.exe, 0000002B.00000002.2445190032.0000000000A9F000.00000040.00000001.01000000.0000001B.sdmp, MagicLine4NX.exe, 0000002B.00000003.1486681414.00000000058B0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: WaaSMedicSvc.pdb source: waasmedic.20221128_142248_759.etl.34.dr
Source: Binary string: C:\openssl-1.0.1u\out32dll\ssleay32.pdb source: MagicLine4NX.exe, 0000002B.00000002.2480365493.0000000005C88000.00000004.00000020.00020000.00000000.sdmp, ssleay32.dll.0.dr
Source: Binary string: C:\openssl-1.0.1u\out32dll\libeay32.pdb source: libeay32.dll.0.dr
Source: C:\Windows\SysWOW64\cscript.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\ Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe File opened: C:\Users\user\AppData\Roaming\ Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFDD673 FindFirstFileExA, 17_2_6DFDD673
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E02F393 FindFirstFileExA, 17_2_6E02F393
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E159CF0 __mbsinc,FindFirstFileA,GetLastError, 19_2_6E159CF0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E17300F FindFirstFileExA, 19_2_6E17300F
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E1952CD FindFirstFileExA, 19_2_6E1952CD
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E282291 FindFirstFileExA, 19_2_6E282291
Source: certutil.exe, 00000013.00000003.1313979753.000000000103A000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1372715520.0000000001C88000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1362708452.00000000022CA000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1369652151.00000000022D2000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.30.dr, cert9.db.30.dr String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: magicline4nx_setup.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: certutil.exe, 00000013.00000003.1313979753.000000000103A000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1372715520.0000000001C88000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1362708452.00000000022CA000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1369652151.00000000022D2000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.30.dr, cert9.db.30.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: magicline4nx_setup.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: certutil.exe, 00000013.00000003.1313979753.000000000103A000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1372715520.0000000001C88000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1362708452.00000000022CA000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1369652151.00000000022D2000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.30.dr, cert9.db.30.dr String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: certmgr.exe, 0000000D.00000002.1270248784.000000000109D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: certmgr.exe, 0000000D.00000002.1270248784.000000000109D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: certutil.exe, 00000013.00000003.1313979753.000000000103A000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1372715520.0000000001C88000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1362708452.00000000022CA000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1369652151.00000000022D2000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.30.dr, cert9.db.30.dr String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: certutil.exe, 00000013.00000003.1313979753.000000000103A000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1372715520.0000000001C88000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1362708452.00000000022CA000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1369652151.00000000022D2000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.30.dr, cert9.db.30.dr String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: MagicLine4NXServices.exe.0.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: magicline4nx_setup.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: certutil.exe, 00000013.00000003.1313979753.000000000103A000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1372715520.0000000001C88000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1362708452.00000000022CA000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1369652151.00000000022D2000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.30.dr, cert9.db.30.dr String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: magicline4nx_setup.exe String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: magicline4nx_setup.exe String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: certutil.exe, 00000013.00000003.1313979753.000000000103A000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1372715520.0000000001C88000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1362708452.00000000022CA000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1369652151.00000000022D2000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.30.dr, cert9.db.30.dr String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: certutil.exe, 00000013.00000003.1313979753.000000000103A000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1372715520.0000000001C88000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1362708452.00000000022CA000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1369652151.00000000022D2000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.30.dr, cert9.db.30.dr String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: magicline4nx_setup.exe String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: certutil.exe, 00000013.00000003.1313979753.000000000103A000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1372715520.0000000001C88000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1362708452.00000000022CA000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1369652151.00000000022D2000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.30.dr, cert9.db.30.dr String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: MagicLine4NX.exe, 0000002B.00000003.1506828790.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ids.smartcert.kr
Source: magicline4nx_setup.exe, MagicLine4NX_Uninstall.exe.0.dr String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: magicline4nx_setup.exe, MagicLine4NX_Uninstall.exe.0.dr String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: cert9.db.30.dr String found in binary or memory: http://ocsp.digicert.com0
Source: magicline4nx_setup.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: magicline4nx_setup.exe String found in binary or memory: http://ocsp.digicert.com0O
Source: certutil.exe, 00000013.00000003.1313979753.000000000103A000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1372715520.0000000001C88000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1362708452.00000000022CA000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1369652151.00000000022D2000.00000004.00000800.00020000.00000000.sdmp, cert9.db-journal.30.dr, cert9.db.30.dr String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: MagicLine4NXServices.exe.0.dr String found in binary or memory: http://ocsp.thawte.com0
Source: MagicLine4NX.exe, 0000002B.00000002.2510440514.000000006E10E000.00000002.00000001.01000000.0000001F.sdmp, MagicLine4NX.exe, 0000002B.00000003.1506828790.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://pcro.mobilesign.net/mini_cert_install.html
Source: MagicLine4NX.exe, 0000002B.00000002.2510440514.000000006E10E000.00000002.00000001.01000000.0000001F.sdmp, MagicLine4NX.exe, 0000002B.00000003.1506828790.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://pcro.mobilesign.net/mini_cert_install.html679865F99D3C364AE1795B826BF546FAB3AC7343
Source: MagicLine4NX.exe, 0000002B.00000002.2510440514.000000006E10E000.00000002.00000001.01000000.0000001F.sdmp, MagicLine4NX.exe, 0000002B.00000003.1506828790.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://rootca.kisa.or.kr/kor/hsm/hsm.jsp
Source: MagicLine4NX.exe, 0000002B.00000002.2510440514.000000006E10E000.00000002.00000001.01000000.0000001F.sdmp, MagicLine4NX.exe, 0000002B.00000003.1506828790.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://rootca.kisa.or.kr/kor/hsm/hsm.jspPKCS#11.DriverDriver
Source: magicline4nx_setup.exe, MagicLine4NXServices.exe.0.dr String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: magicline4nx_setup.exe, MagicLine4NXServices.exe.0.dr String found in binary or memory: http://t2.symcb.com0
Source: magicline4nx_setup.exe, MagicLine4NXServices.exe.0.dr String found in binary or memory: http://tl.symcb.com/tl.crl0
Source: magicline4nx_setup.exe, MagicLine4NXServices.exe.0.dr String found in binary or memory: http://tl.symcb.com/tl.crt0
Source: magicline4nx_setup.exe, MagicLine4NXServices.exe.0.dr String found in binary or memory: http://tl.symcd.com0&
Source: MagicLine4NXServices.exe.0.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: MagicLine4NXServices.exe.0.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: MagicLine4NXServices.exe.0.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: svchost.exe, 0000001B.00000002.1458155402.00000168B2013000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.bingmapsportal.com
Source: magicline4nx_setup.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: nspr4.dll.0.dr, plds4.dll.0.dr String found in binary or memory: http://www.mozilla.org/MPL/
Source: certutil.exe, 00000011.00000002.1304484929.000000006E14C000.00000002.00000001.01000000.00000013.sdmp, certutil.exe, 00000013.00000002.1320842301.000000006E19C000.00000002.00000001.01000000.00000013.sdmp, certutil.exe, 00000018.00000002.1354269108.000000006E1BC000.00000002.00000001.01000000.00000013.sdmp, plds4.dll.0.dr String found in binary or memory: http://www.mozilla.org/MPL/(
Source: libplds4.dll.0.dr, libnspr4.dll.0.dr, libplc4.dll.0.dr String found in binary or memory: http://www.mozilla.org/MPL/Copyright
Source: certutil.exe, 00000011.00000002.1304886701.000000006E19A000.00000002.00000001.01000000.00000014.sdmp, certutil.exe, 00000013.00000002.1320516598.000000006E17A000.00000002.00000001.01000000.00000014.sdmp, nspr4.dll.0.dr String found in binary or memory: http://www.mozilla.org/MPL/NSPR_FD_CACHE_SIZE_LOWNSPR_FD_CACHE_SIZE_HIGH;
Source: MagicLine4NX.exe, 0000002B.00000002.2487204433.000000000616E000.00000002.00000001.01000000.00000023.sdmp, MagicLine4NX.exe, 0000002B.00000003.1534700572.0000000005DF0000.00000004.00000800.00020000.00000000.sdmp, MagicLine4NX.exe, 0000002B.00000002.2482809862.000000000603E000.00000002.00000001.01000000.00000022.sdmp, ssleay32.dll.0.dr, libeay32.dll.0.dr String found in binary or memory: http://www.openssl.org/V
Source: MagicLine4NX.exe, 0000002B.00000002.2485841132.0000000006112000.00000002.00000001.01000000.00000023.sdmp, MagicLine4NX.exe, 0000002B.00000003.1534700572.0000000005DF0000.00000004.00000800.00020000.00000000.sdmp, libeay32.dll.0.dr String found in binary or memory: http://www.openssl.org/support/faq.html
Source: MagicLine4NX.exe, 0000002B.00000002.2485841132.0000000006112000.00000002.00000001.01000000.00000023.sdmp, MagicLine4NX.exe, 0000002B.00000003.1534700572.0000000005DF0000.00000004.00000800.00020000.00000000.sdmp, libeay32.dll.0.dr String found in binary or memory: http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG
Source: MagicLine4NX.exe, 0000002B.00000002.2433205884.0000000000918000.00000040.00000001.01000000.0000001B.sdmp, MagicLine4NX.exe, 0000002B.00000003.1486681414.00000000058B0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.ubikey.co.kr/infovine/download.html
Source: MagicLine4NX.exe, 0000002B.00000002.2433205884.0000000000918000.00000040.00000001.01000000.0000001B.sdmp, MagicLine4NX.exe, 0000002B.00000003.1486681414.00000000058B0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.ubikey.co.kr/infovine/download.html1.4.0.2609100003www.dreamsecurity.comcenter.smartcert.
Source: svchost.exe, 00000002.00000002.2426719982.0000010A84C41000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://%s.dnet.xboxlive.com
Source: svchost.exe, 00000002.00000002.2426719982.0000010A84C41000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://%s.xboxlive.com
Source: svchost.exe, 00000002.00000002.2426719982.0000010A84C41000.00000004.00000020.00020000.00000000.sdmp, CDPGlobalSettings.cdp.2.dr String found in binary or memory: https://activity.windows.com
Source: svchost.exe, 00000002.00000002.2426719982.0000010A84C41000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://activity.windows.comds
Source: svchost.exe, 0000001B.00000003.1452377834.00000168B206A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: svchost.exe, 00000002.00000002.2426719982.0000010A84C41000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bn2-df.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 0000001B.00000003.1454329560.00000168B2046000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
Source: svchost.exe, 0000001B.00000002.1458385356.00000168B202B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000002.1461738208.00000168B2074000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1452471311.00000168B2069000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1455339476.00000168B2045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1451546459.00000168B2072000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 0000001B.00000002.1460315787.00000168B205C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1455845312.00000168B205B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 0000001B.00000003.1452377834.00000168B206A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 0000001B.00000003.1452709266.00000168B2062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000002.1460766990.00000168B2065000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 0000001B.00000002.1460315787.00000168B205C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1455845312.00000168B205B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
Source: svchost.exe, 0000001B.00000003.1451546459.00000168B2072000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Schedules/
Source: svchost.exe, 0000001B.00000003.1452471311.00000168B2069000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1451546459.00000168B2072000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
Source: svchost.exe, 0000001B.00000003.1452377834.00000168B206A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 0000001B.00000002.1458385356.00000168B202B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 0000001B.00000002.1460315787.00000168B205C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1455845312.00000168B205B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 0000001B.00000003.1452377834.00000168B206A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 0000001B.00000003.1452709266.00000168B2062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000002.1458385356.00000168B202B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000002.1460766990.00000168B2065000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 0000001B.00000003.1452377834.00000168B206A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 0000001B.00000003.1452377834.00000168B206A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 0000001B.00000003.1452377834.00000168B206A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 0000001B.00000002.1458385356.00000168B202B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
Source: svchost.exe, 0000001B.00000002.1459496867.00000168B2042000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1456581081.00000168B2041000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 0000001B.00000003.1452471311.00000168B2069000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Stops/
Source: svchost.exe, 0000001B.00000003.1452377834.00000168B206A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 0000001B.00000003.1452709266.00000168B2062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000002.1460652418.00000168B2063000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1454329560.00000168B2046000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 0000001B.00000003.1451838018.00000168B204D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 0000001B.00000003.1451546459.00000168B2072000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 0000001B.00000003.1452709266.00000168B2062000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 0000001B.00000003.1453797692.00000168B205E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1455339476.00000168B2045000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
Source: svchost.exe, 0000001B.00000003.1456646604.00000168B2047000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.t
Source: svchost.exe, 0000001B.00000003.1452377834.00000168B206A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 0000001B.00000003.1350499738.00000168B2036000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ecn.dev.virtualearth.net/REST/V1/MapControlConfiguration/native/
Source: svchost.exe, 0000001B.00000003.1452709266.00000168B2062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000002.1458385356.00000168B202B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1452471311.00000168B2069000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000002.1460766990.00000168B2065000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 0000001B.00000003.1452471311.00000168B2069000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/roadshield.ashx?bucket=
Source: svchost.exe, 00000002.00000002.2426719982.0000010A84C41000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://global.notify.windows.com/v2/register/xplatform/device
Source: MagicLine4NX.exe, 0000002B.00000002.2433205884.0000000000918000.00000040.00000001.01000000.0000001B.sdmp, MagicLine4NX.exe, 0000002B.00000003.1486681414.00000000058B0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://mobi.yessign.or.kr/mobisignInstall.htm
Source: MagicLine4NX.exe, 0000002B.00000002.2433205884.0000000000918000.00000040.00000001.01000000.0000001B.sdmp, MagicLine4NX.exe, 0000002B.00000003.1486681414.00000000058B0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://mobi.yessign.or.kr/mobisignInstall.htmsiteCode6070059serviceOptubikeyUbikeylParamUbikeyWPara
Source: svchost.exe, 0000001B.00000003.1456581081.00000168B2041000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 0000001B.00000002.1459384486.00000168B203F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1455339476.00000168B2045000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 0000001B.00000003.1456496932.00000168B2044000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1454329560.00000168B2046000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 0000001B.00000002.1458385356.00000168B202B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 0000001B.00000003.1350499738.00000168B2036000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 0000001B.00000003.1456789529.00000168B206D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1451717440.00000168B206C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen
Source: svchost.exe, 0000001B.00000003.1456496932.00000168B2044000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1454329560.00000168B2046000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.1456646604.00000168B2047000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
Source: certutil.exe, 00000013.00000003.1313979753.000000000103A000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1372715520.0000000001C88000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1362708452.00000000022CA000.00000004.00000800.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1369652151.00000000022D2000.00000004.00000800.00020000.00000000.sdmp, magicline4nx_setup.exe, cert9.db-journal.30.dr, cert9.db.30.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: magicline4nx_setup.exe, MagicLine4NXServices.exe.0.dr String found in binary or memory: https://www.thawte.com/cps0/
Source: magicline4nx_setup.exe, MagicLine4NXServices.exe.0.dr String found in binary or memory: https://www.thawte.com/repository0W
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E15AFD0 recvfrom,WSAGetLastError,select,select,recvfrom,WSAGetLastError, 19_2_6E15AFD0
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\dreamsecurity.com.der Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\dreamsecurity-rootca.der Jump to dropped file

System Summary

barindex
Source: MagicLine4NX.exe.0.dr Static PE information: section name:
Source: MagicLine4NX.exe.0.dr Static PE information: section name: .idata
Source: MagicLine4NX.exe.0.dr Static PE information: section name:
Source: MagicLine4NXServices.exe.0.dr Static PE information: section name:
Source: MagicLine4NXServices.exe.0.dr Static PE information: section name: .idata
Source: MagicLine4NXServices.exe.0.dr Static PE information: section name:
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD1DE0 17_2_6DFD1DE0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DF9AD80 17_2_6DF9AD80
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA7570 17_2_6DFA7570
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFBA560 17_2_6DFBA560
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA2549 17_2_6DFA2549
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFBED20 17_2_6DFBED20
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA4D10 17_2_6DFA4D10
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFCE4F0 17_2_6DFCE4F0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA6450 17_2_6DFA6450
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DF93C40 17_2_6DF93C40
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD0400 17_2_6DFD0400
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFCF7F0 17_2_6DFCF7F0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD47F0 17_2_6DFD47F0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA9F50 17_2_6DFA9F50
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD0F30 17_2_6DFD0F30
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD5F15 17_2_6DFD5F15
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA6710 17_2_6DFA6710
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA2F10 17_2_6DFA2F10
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD5717 17_2_6DFD5717
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA56F0 17_2_6DFA56F0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFCDEE6 17_2_6DFCDEE6
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA4E80 17_2_6DFA4E80
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFC5670 17_2_6DFC5670
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA0E60 17_2_6DFA0E60
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD1650 17_2_6DFD1650
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD2640 17_2_6DFD2640
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA6E30 17_2_6DFA6E30
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD0630 17_2_6DFD0630
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFB8E20 17_2_6DFB8E20
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFCDE20 17_2_6DFCDE20
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFBA1C0 17_2_6DFBA1C0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFCD9C0 17_2_6DFCD9C0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD49A0 17_2_6DFD49A0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFC4160 17_2_6DFC4160
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA7130 17_2_6DFA7130
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFE1935 17_2_6DFE1935
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD3110 17_2_6DFD3110
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD0110 17_2_6DFD0110
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA60D0 17_2_6DFA60D0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA30C0 17_2_6DFA30C0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFCC870 17_2_6DFCC870
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DF93060 17_2_6DF93060
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD5041 17_2_6DFD5041
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD0810 17_2_6DFD0810
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA1800 17_2_6DFA1800
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFBC000 17_2_6DFBC000
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFABBD0 17_2_6DFABBD0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD1BD0 17_2_6DFD1BD0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD23C0 17_2_6DFD23C0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD4BA0 17_2_6DFD4BA0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD6375 17_2_6DFD6375
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD5377 17_2_6DFD5377
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA8360 17_2_6DFA8360
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA2350 17_2_6DFA2350
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD5B27 17_2_6DFD5B27
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFB3320 17_2_6DFB3320
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA6B10 17_2_6DFA6B10
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFBB2B0 17_2_6DFBB2B0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD2A80 17_2_6DFD2A80
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA7A40 17_2_6DFA7A40
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFA5210 17_2_6DFA5210
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFCF210 17_2_6DFCF210
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E023E60 17_2_6E023E60
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E022F00 17_2_6E022F00
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E014410 17_2_6E014410
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E01AA70 17_2_6E01AA70
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E0152F0 17_2_6E0152F0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E034118 17_2_6E034118
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E01A180 17_2_6E01A180
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E021180 17_2_6E021180
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E0161C0 17_2_6E0161C0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E0AFC00 17_2_6E0AFC00
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E070C10 17_2_6E070C10
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E08CC30 17_2_6E08CC30
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E15EE40 19_2_6E15EE40
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E161EC7 19_2_6E161EC7
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E16EFB2 19_2_6E16EFB2
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E14BFC0 19_2_6E14BFC0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E161C9F 19_2_6E161C9F
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E14BB90 19_2_6E14BB90
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E174BBA 19_2_6E174BBA
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E17885A 19_2_6E17885A
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E14A910 19_2_6E14A910
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E15C970 19_2_6E15C970
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E14E7B0 19_2_6E14E7B0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E164418 19_2_6E164418
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E154430 19_2_6E154430
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E149210 19_2_6E149210
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E1663D0 19_2_6E1663D0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E16F0DF 19_2_6E16F0DF
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E19A8B8 19_2_6E19A8B8
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E284E40 19_2_6E284E40
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E206C50 19_2_6E206C50
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E210890 19_2_6E210890
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E27C794 19_2_6E27C794
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E1DA590 19_2_6E1DA590
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E1E0310 19_2_6E1E0310
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E22C340 19_2_6E22C340
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E1E43E0 19_2_6E1E43E0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E1D5E00 19_2_6E1D5E00
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E1DDE70 19_2_6E1DDE70
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E287E8C 19_2_6E287E8C
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E287FB9 19_2_6E287FB9
Source: C:\Windows\System32\svchost.exe Section loaded: cdpsgshims.dll Jump to behavior
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Section loaded: httptx.dll
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Section loaded: ssleay32.dll
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Section loaded: libeay32.dll
Source: magicline4nx_setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: 43.2.MagicLine4NX.exe.6df70000.5.unpack, type: UNPACKEDPE Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
Source: 0000002B.00000002.2510440514.000000006E10E000.00000002.00000001.01000000.0000001F.sdmp, type: MEMORY Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
Source: 0000002B.00000003.1506828790.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
Source: 0000002B.00000002.2433205884.0000000000918000.00000040.00000001.01000000.0000001B.sdmp, type: MEMORY Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
Source: 0000002B.00000003.1486681414.00000000058B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\CertManager.dll, type: DROPPED Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
Source: C:\Windows\System32\svchost.exe File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\L.user.cdp Jump to behavior
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: String function: 6E1F1590 appears 39 times
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: String function: 6E158FE0 appears 31 times
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: String function: 6E14CFF0 appears 42 times
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: String function: 6E15E6E0 appears 39 times
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: String function: 6E026580 appears 35 times
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: String function: 6E143E80 appears 56 times
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Code function: 0_2_100010D0 GetVersionExA,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,WideCharToMultiByte,lstrcmpiA,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenA,lstrcpynA,lstrcmpiA,CloseHandle,FreeLibrary, 0_2_100010D0
Source: MagicLine4NX.exe.0.dr Static PE information: Section: pnesegkq ZLIB complexity 0.9936557897361153
Source: MagicLine4NX.exe.0.dr Static PE information: Section: oygmmjtk ZLIB complexity 1.021484375
Source: MagicLine4NXServices.exe.0.dr Static PE information: Section: ZLIB complexity 1.0002202994890235
Source: MagicLine4NXServices.exe.0.dr Static PE information: Section: yqheebrs ZLIB complexity 0.9939886508819651
Source: MagicLine4NXServices.exe.0.dr Static PE information: Section: intuqfii ZLIB complexity 1.021484375
Source: magicline4nx_setup.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Uninstall.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX_Uninstall.exe
Source: MagicLine4NX.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicLine4NX Jump to behavior
Source: classification engine Classification label: mal90.phis.troj.spyw.expl.evad.winEXE@66/58@0/1
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E158150 MapViewOfFile,GetLastError,FormatMessageA,GetLastError, 19_2_6E158150
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\cscript.exe cscript" "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\ImportCAtoFirefoxCheck.vbs" "MagicLine4NX
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File read: C:\Users\user\Desktop\magicline4nx_setup.exe Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\magicline4nx_setup.exe C:\Users\user\Desktop\magicline4nx_setup.exe
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C taskkill /f /im NTSMagicLineNP.exe
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im NTSMagicLineNP.exe
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\sc.exe sc stop MagicLine4NXSVC
Source: C:\Windows\SysWOW64\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\sc.exe sc delete MagicLine4NXSVC
Source: C:\Windows\SysWOW64\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C taskkill /f /im MagicLine4NX.exe
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im MagicLine4NX.exe
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certmgr.exe "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certmgr.exe" -add dreamsecurity-rootca.der -c -s -r localMachine Root
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certmgr.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\cscript.exe cscript" "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\ImportCAtoFirefoxCheck.vbs" "MagicLine4NX
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe" -L -d "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default" -n "Dreamsecurity ROOT CA
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe" -L -d sql:"C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release" -n "Dreamsecurity ROOT CA
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\cscript.exe cscript" "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\ImportCAtoFirefox.vbs" "MagicLine4NX
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe" -A -n "Dreamsecurity ROOT CA" -i "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\dreamsecurity-rootca.der" -t "CT,c,C" -d "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p -s DoSvc
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknown Process created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe" -A -n "Dreamsecurity ROOT CA" -i "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\dreamsecurity-rootca.der" -t "CT,c,C" -d sql:"C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="MagicLine4NX" program="C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe"
Source: C:\Windows\SysWOW64\netsh.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="MagicLine4NX" dir=in action=allow program="C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe" enable=yes
Source: C:\Windows\SysWOW64\netsh.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\CheckNetIsolation.exe CheckNetIsolation LoopbackExempt -a -n="Microsoft.MicrosoftEdge_8wekyb3d8bbwe"
Source: C:\Windows\SysWOW64\CheckNetIsolation.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\CheckNetIsolation.exe CheckNetIsolation LoopbackExempt -a -n="Microsoft.Windows.Spartan_cw5n1h2txyewy"
Source: C:\Windows\SysWOW64\CheckNetIsolation.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe" -install
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\sc.exe sc start MagicLine4NXSVC
Source: C:\Windows\SysWOW64\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C taskkill /f /im NTSMagicLineNP.exe Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\sc.exe sc stop MagicLine4NXSVC Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\sc.exe sc delete MagicLine4NXSVC Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C taskkill /f /im MagicLine4NX.exe Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certmgr.exe "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certmgr.exe" -add dreamsecurity-rootca.der -c -s -r localMachine Root Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\cscript.exe cscript" "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\ImportCAtoFirefoxCheck.vbs" "MagicLine4NX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\cscript.exe cscript" "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\ImportCAtoFirefox.vbs" "MagicLine4NX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="MagicLine4NX" program="C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe" Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="MagicLine4NX" dir=in action=allow program="C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe" enable=yes Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\CheckNetIsolation.exe CheckNetIsolation LoopbackExempt -a -n="Microsoft.MicrosoftEdge_8wekyb3d8bbwe" Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\CheckNetIsolation.exe CheckNetIsolation LoopbackExempt -a -n="Microsoft.Windows.Spartan_cw5n1h2txyewy" Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe" -install Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\sc.exe sc start MagicLine4NXSVC Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im NTSMagicLineNP.exe Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im MagicLine4NX.exe Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe" -L -d "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default" -n "Dreamsecurity ROOT CA Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe" -L -d sql:"C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release" -n "Dreamsecurity ROOT CA Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe" -A -n "Dreamsecurity ROOT CA" -i "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\dreamsecurity-rootca.der" -t "CT,c,C" -d "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe" -A -n "Dreamsecurity ROOT CA" -i "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\dreamsecurity-rootca.der" -t "CT,c,C" -d sql:"C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "NTSMagicLineNP.exe")
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "MagicLine4NX.exe")
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Local\Temp\nsi7880.tmp Jump to behavior
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DF91120 GlobalMemoryStatus,GetLogicalDrives,GetComputerNameA,GetCurrentProcess,GetCurrentProcessId,GetCurrentThreadId,GetVolumeInformationA,GetDiskFreeSpaceA, 17_2_6DF91120
Source: certutil.exe, certutil.exe, 00000011.00000002.1304105554.000000006E121000.00000002.00000001.01000000.00000015.sdmp, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: certutil.exe, 0000001E.00000003.1374967152.00000000015D5000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000002.1379466690.0000000001528000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1375631766.00000000015D5000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000002.1380446029.00000000015D4000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1371252459.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1373372397.00000000015D5000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1374664130.00000000015D5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT ALL a3 FROM nssPublic WHERE id=$ID;
Source: certutil.exe, 0000001E.00000003.1376833795.0000000001550000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1377756336.0000000001553000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT ALL id FROM nssPublic WHERE a0=$DATA0 AND a3=$DATA1;
Source: certutil.exe, certutil.exe, 00000011.00000002.1304105554.000000006E121000.00000002.00000001.01000000.00000015.sdmp, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: certutil.exe, certutil.exe, 00000011.00000002.1304105554.000000006E121000.00000002.00000001.01000000.00000015.sdmp, softokn3.dll.0.dr Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: certutil.exe, 00000011.00000002.1303638387.000000006E0CF000.00000002.00000001.01000000.00000016.sdmp, sqlite3.dll.0.dr Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: certutil.exe, 0000001E.00000003.1377708586.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1375917887.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1372903585.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1371011223.000000000159B000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1375126215.00000000015AA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT ALL * FROM metaData LIMIT 0;
Source: certutil.exe, certutil.exe, 00000011.00000002.1303638387.000000006E0CF000.00000002.00000001.01000000.00000016.sdmp, sqlite3.dll.0.dr Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: certutil.exe, 0000001E.00000002.1379466690.0000000001528000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT ALL a3 FROM nssPublic WHERE id=$ID;ION=5507ProgramData=C:\
Source: certutil.exe, certutil.exe, 00000011.00000002.1303638387.000000006E0CF000.00000002.00000001.01000000.00000016.sdmp, sqlite3.dll.0.dr Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: certutil.exe, certutil.exe, 00000011.00000002.1304105554.000000006E121000.00000002.00000001.01000000.00000015.sdmp, softokn3.dll.0.dr Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: certutil.exe, certutil.exe, 00000011.00000002.1303638387.000000006E0CF000.00000002.00000001.01000000.00000016.sdmp, sqlite3.dll.0.dr Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: certutil.exe, certutil.exe, 00000011.00000002.1304105554.000000006E121000.00000002.00000001.01000000.00000015.sdmp, softokn3.dll.0.dr Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: certutil.exe, 0000001E.00000002.1379466690.0000000001528000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT ALL id FROM nssPublic WHERE a1=$DATA0 AND a0=$DATA1 AND a81=$DATA2 AND a82=$DATA3;T
Source: certutil.exe, certutil.exe, 00000011.00000002.1303638387.000000006E0CF000.00000002.00000001.01000000.00000016.sdmp, sqlite3.dll.0.dr Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: certutil.exe, 0000001E.00000002.1379466690.0000000001528000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT ALL id FROM nssPublic WHERE a1=$DATA0 AND a0=$DATA1 AND a81=$DATA2 AND a82=$DATA3;
Source: certutil.exe, certutil.exe, 00000011.00000002.1304105554.000000006E121000.00000002.00000001.01000000.00000015.sdmp, softokn3.dll.0.dr Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: certutil.exe, 00000013.00000003.1314265380.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 00000013.00000003.1317206279.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 00000013.00000003.1313534896.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 00000013.00000003.1312561794.0000000000A4B000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 00000013.00000003.1314508844.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 00000013.00000003.1315248578.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 00000013.00000003.1315435474.0000000000A58000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT ALL * FROM nssPublic LIMIT 0;
Source: certutil.exe, 0000001E.00000002.1379466690.0000000001528000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT ALL id FROM nssPublic WHERE a1=$DATA0 AND a0=$DATA1 AND a81=$DATA2 AND a82=$DATA3;e4NX\cert\plc4.dll
Source: certutil.exe, 0000001E.00000003.1377708586.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1375917887.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1372903585.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1371011223.000000000159B000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000003.1375126215.00000000015AA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT ALL * FROM metaData LIMIT 0;S
Source: certutil.exe, certutil.exe, 00000011.00000002.1304105554.000000006E121000.00000002.00000001.01000000.00000015.sdmp, softokn3.dll.0.dr Binary or memory string: SELECT ALL id FROM %s;
Source: certutil.exe, certutil.exe, 00000011.00000002.1304105554.000000006E121000.00000002.00000001.01000000.00000015.sdmp, softokn3.dll.0.dr Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: certutil.exe, certutil.exe, 00000011.00000002.1304105554.000000006E121000.00000002.00000001.01000000.00000015.sdmp, softokn3.dll.0.dr Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: certutil.exe, certutil.exe, 00000011.00000002.1303638387.000000006E0CF000.00000002.00000001.01000000.00000016.sdmp, sqlite3.dll.0.dr Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: certutil.exe, certutil.exe, 00000011.00000002.1303638387.000000006E0CF000.00000002.00000001.01000000.00000016.sdmp, sqlite3.dll.0.dr Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: certutil.exe, certutil.exe, 00000011.00000002.1304105554.000000006E121000.00000002.00000001.01000000.00000015.sdmp, softokn3.dll.0.dr Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1392:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6572:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6660:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6664:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6572:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6720:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6620:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6444:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5772:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6212:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6444:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7108:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6440:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6664:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6620:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6520:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6660:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6296:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6212:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6916:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6520:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6720:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6916:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6828:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7108:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6440:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5772:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6828:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6296:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6544:120:WilError_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6544:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1392:304:WilStaging_02
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File written: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\ENG.ini Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: magicline4nx_setup.exe Static file information: File size 10774328 > 1048576
Source: magicline4nx_setup.exe Static PE information: certificate valid
Source: magicline4nx_setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: CertMgr.pdb source: certmgr.exe, certmgr.exe, 0000000D.00000000.1265517894.0000000000221000.00000020.00000001.01000000.0000000A.sdmp, certmgr.exe, 0000000D.00000002.1269714571.0000000000221000.00000020.00000001.01000000.0000000A.sdmp, certmgr.exe.0.dr
Source: Binary string: F:\DEV\svn\MagicLineNP\trunk\Code\window\MagicLineNXServices\lib\Win32\Release\MagicLine4NXServices.pdb source: MagicLine4NXServices.exe, 0000002C.00000003.1486510887.0000000005140000.00000004.00001000.00020000.00000000.sdmp, MagicLine4NXServices.exe, 0000002C.00000002.1498312164.0000000000771000.00000040.00000001.01000000.0000001C.sdmp
Source: Binary string: C:\openssl-1.0.1u\out32dll\ssleay32.pdbfk7RCMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgN8 source: MagicLine4NX.exe, 0000002B.00000002.2480365493.0000000005C88000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\projects\01.MagicAPI\DSToolkitV3\proj\vs2008\bin32\DSCToolkitV30-v3.4.2.20.pdb source: MagicLine4NX.exe, 0000002B.00000003.1521469654.0000000005DF8000.00000004.00000800.00020000.00000000.sdmp, MagicLine4NX.exe, 0000002B.00000002.2523885578.000000006E490000.00000002.00000001.01000000.0000001D.sdmp, DSCToolkitV30-v3.4.2.20.dll.0.dr
Source: Binary string: F:\DEV\svn\MagicLineNP\trunk\Code\window\LocalServerNTS\NTSMagicLineNP\NTSMagicLineNP\lib\Win32\Release\MagicLine4NX.pdb source: MagicLine4NX.exe, 0000002B.00000002.2445190032.0000000000A9F000.00000040.00000001.01000000.0000001B.sdmp, MagicLine4NX.exe, 0000002B.00000003.1486681414.00000000058B0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: WaaSMedicSvc.pdb source: waasmedic.20221128_142248_759.etl.34.dr
Source: Binary string: C:\openssl-1.0.1u\out32dll\ssleay32.pdb source: MagicLine4NX.exe, 0000002B.00000002.2480365493.0000000005C88000.00000004.00000020.00020000.00000000.sdmp, ssleay32.dll.0.dr
Source: Binary string: C:\openssl-1.0.1u\out32dll\libeay32.pdb source: libeay32.dll.0.dr

Data Obfuscation

barindex
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Unpacked PE file: 43.2.MagicLine4NX.exe.820000.0.unpack :EW;.rsrc:W;.idata :W; :EW;pnesegkq:EW;oygmmjtk:EW; vs :ER;.rsrc:W;f::W; :EW;pnesegkq:EW;oygmmjtk:EW;
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Unpacked PE file: 44.2.MagicLine4NXServices.exe.770000.0.unpack :EW;.rsrc:W;.idata :W; :EW;yqheebrs:EW;intuqfii:EW; vs :ER;.rsrc:W;W:W; :EW;yqheebrs:EW;intuqfii:EW;
Source: Yara match File source: 00000000.00000003.1579576184.0000000000501000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1580731607.0000000000553000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1209899240.0000000000542000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: magicline4nx_setup.exe PID: 5736, type: MEMORYSTR
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD9536 push ecx; ret 17_2_6DFD9549
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E0265C6 push ecx; ret 17_2_6E0265D9
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E15E726 push ecx; ret 19_2_6E15E739
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E192436 push ecx; ret 19_2_6E192449
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Code function: 0_2_100010D0 GetVersionExA,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,WideCharToMultiByte,lstrcmpiA,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenA,lstrcpynA,lstrcmpiA,CloseHandle,FreeLibrary, 0_2_100010D0
Source: MagicLine4NX.exe.0.dr Static PE information: section name:
Source: MagicLine4NX.exe.0.dr Static PE information: section name: .idata
Source: MagicLine4NX.exe.0.dr Static PE information: section name:
Source: MagicLine4NX.exe.0.dr Static PE information: section name: pnesegkq
Source: MagicLine4NX.exe.0.dr Static PE information: section name: oygmmjtk
Source: MagicLine4NXServices.exe.0.dr Static PE information: section name:
Source: MagicLine4NXServices.exe.0.dr Static PE information: section name: .idata
Source: MagicLine4NXServices.exe.0.dr Static PE information: section name:
Source: MagicLine4NXServices.exe.0.dr Static PE information: section name: yqheebrs
Source: MagicLine4NXServices.exe.0.dr Static PE information: section name: intuqfii
Source: initial sample Static PE information: section where entry point is pointing to: oygmmjtk
Source: libeay32.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x128361
Source: libplds4.dll.0.dr Static PE information: real checksum: 0x0 should be: 0xecc0
Source: System.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x773f
Source: NsisUtil.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x117e5
Source: libplc4.dll.0.dr Static PE information: real checksum: 0x0 should be: 0xfc66
Source: nsldap32v50.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x2490d
Source: nssdbm3.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x3d5b9
Source: smime3.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x31fee
Source: certutil.exe.0.dr Static PE information: real checksum: 0x0 should be: 0x3f02c
Source: MagicCrypto32V21.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x68cbe
Source: nssutil3.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x3fedb
Source: freebl3.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x70c11
Source: plc4.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x18993
Source: version.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x6c99
Source: MagicLine4NX_Uninstall.exe.0.dr Static PE information: real checksum: 0xa4d58e should be: 0x24b0e
Source: ssleay32.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x42eba
Source: nsExec.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x42dc
Source: KillProcDLL.dll.0.dr Static PE information: real checksum: 0x0 should be: 0xad9e
Source: softokn3.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x3ee84
Source: nspr4.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x52d80
Source: sqlite3.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x9f03d
Source: libnspr4.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x3b16e
Source: DumpLog.dll.0.dr Static PE information: real checksum: 0x0 should be: 0xcb85
Source: nss3.dll.0.dr Static PE information: real checksum: 0x0 should be: 0xe6abb
Source: plds4.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x16b3d
Source: initial sample Static PE information: section name: pnesegkq entropy: 7.955837403140946
Source: initial sample Static PE information: section name: oygmmjtk entropy: 7.238849092285538
Source: initial sample Static PE information: section name: entropy: 7.985957605567069
Source: initial sample Static PE information: section name: yqheebrs entropy: 7.955595621686765
Source: initial sample Static PE information: section name: intuqfii entropy: 7.263983528026377
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1

Persistence and Installation Behavior

barindex
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certmgr.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0BAFEC00CC085C92F94FD1F2DECA2374C72EFFDA Blob Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\nssdbm3.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\sqlite3.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\libeay32.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicCrypto32V21.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\smime3.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Local\Temp\nst78C0.tmp\nsExec.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\nssutil3.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\libplds4.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\ssleay32.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\nspr4.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\nsldap32v50.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certmgr.exe Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\plds4.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\CertManager.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Local\Temp\nst78C0.tmp\DumpLog.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Local\Temp\nst78C0.tmp\NsisUtil.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Local\Temp\nst78C0.tmp\version.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\libnspr4.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Local\Temp\nst78C0.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\libplc4.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\DSCToolkitV30-v3.4.2.20.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\plc4.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\softokn3.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX_Uninstall.exe Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Local\Temp\nst78C0.tmp\KillProcDLL.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\httptx.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Local\Temp\nst78C0.tmp\nsProcess.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Local\DreamSecurity\MagicLine4NX\logs\install-202211281523.log Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicLine4NX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicLine4NX\MagicLine4NX.lnk Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicLine4NX\Uninstall.lnk Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\sc.exe sc stop MagicLine4NXSVC
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe File opened: HKEY_USERS.DEFAULT\Software\Wine
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Special instruction interceptor: First address: 00000000008D991D instructions caused by: Self-modifying code
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Special instruction interceptor: First address: 00000000008D99C2 instructions caused by: Self-modifying code
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Special instruction interceptor: First address: 0000000000D45584 instructions caused by: Self-modifying code
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Special instruction interceptor: First address: 0000000000D45A76 instructions caused by: Self-modifying code
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Special instruction interceptor: First address: 0000000000BB9E00 instructions caused by: Self-modifying code
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Special instruction interceptor: First address: 0000000000A4EEA4 instructions caused by: Self-modifying code
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Special instruction interceptor: First address: 0000000000A56696 instructions caused by: Self-modifying code
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Special instruction interceptor: First address: 0000000000AC9B24 instructions caused by: Self-modifying code
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Special instruction interceptor: First address: 0000000000DC496B instructions caused by: Self-modifying code
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D0ED44 second address: 0000000000D0ED4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D0ED4D second address: 0000000000D0ED53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D0ED53 second address: 0000000000D0ED74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F4BEC76D8D0h 0x0000000b jmp 00007F4BEC76D8C4h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D0ED74 second address: 0000000000D0ED85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 jp 00007F4BEC3895D6h 0x0000000e pushad 0x0000000f popad 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D20AB0 second address: 0000000000D20AB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D2115B second address: 0000000000D21169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F4BEC3895D6h 0x0000000e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D24091 second address: 0000000000D240BD instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4BEC76D8BCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d add ecx, 1EA912FAh 0x00000013 push 00000000h 0x00000015 mov edx, 01049759h 0x0000001a mov esi, edx 0x0000001c push FFEEB69Fh 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D240BD second address: 0000000000D240C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D240C1 second address: 0000000000D2410F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a popad 0x0000000b add dword ptr [esp], 001149E1h 0x00000012 mov esi, dword ptr [ebp+120B3AF5h] 0x00000018 push 00000003h 0x0000001a mov edx, 70E684E2h 0x0000001f push 00000000h 0x00000021 push ebx 0x00000022 mov ecx, dword ptr [ebp+120B1AC8h] 0x00000028 pop ecx 0x00000029 push 00000003h 0x0000002b mov dh, 15h 0x0000002d push B0457F99h 0x00000032 pushad 0x00000033 pushad 0x00000034 jmp 00007F4BEC76D8C0h 0x00000039 jl 00007F4BEC76D8B6h 0x0000003f popad 0x00000040 push edi 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D24196 second address: 0000000000D2420A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b jl 00007F4BEC3895E7h 0x00000011 jmp 00007F4BEC3895E1h 0x00000016 popad 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007F4BEC3895D8h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 00000017h 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 push 00000000h 0x00000034 mov cl, D1h 0x00000036 call 00007F4BEC3895D9h 0x0000003b push eax 0x0000003c pushad 0x0000003d je 00007F4BEC3895D6h 0x00000043 jmp 00007F4BEC3895E0h 0x00000048 popad 0x00000049 pop eax 0x0000004a push eax 0x0000004b pushad 0x0000004c jl 00007F4BEC3895DCh 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D2420A second address: 0000000000D24216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jg 00007F4BEC76D8B6h 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D2435F second address: 0000000000D2442C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4BEC3895ECh 0x00000008 jmp 00007F4BEC3895E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 js 00007F4BEC3895E0h 0x00000016 nop 0x00000017 mov edi, 00C3469Ch 0x0000001c push 00000000h 0x0000001e movsx esi, ax 0x00000021 mov dword ptr [ebp+120B1C3Fh], esi 0x00000027 push DF7BB84Ch 0x0000002c jnl 00007F4BEC3895DEh 0x00000032 jg 00007F4BEC3895D8h 0x00000038 push edx 0x00000039 pop edx 0x0000003a add dword ptr [esp], 20844834h 0x00000041 push esi 0x00000042 mov dword ptr [ebp+120B19B0h], eax 0x00000048 pop edi 0x00000049 mov dx, ax 0x0000004c push 00000003h 0x0000004e add dword ptr [ebp+120B1BCBh], edi 0x00000054 push 00000000h 0x00000056 mov dword ptr [ebp+120B1B78h], eax 0x0000005c mov esi, edx 0x0000005e push 00000003h 0x00000060 jmp 00007F4BEC3895DFh 0x00000065 call 00007F4BEC3895D9h 0x0000006a jmp 00007F4BEC3895E3h 0x0000006f push eax 0x00000070 jmp 00007F4BEC3895DBh 0x00000075 mov eax, dword ptr [esp+04h] 0x00000079 jmp 00007F4BEC3895DBh 0x0000007e mov eax, dword ptr [eax] 0x00000080 push eax 0x00000081 push edx 0x00000082 jnc 00007F4BEC3895D8h 0x00000088 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D2442C second address: 0000000000D24431 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D24431 second address: 0000000000D2444C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4BEC3895D6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 jp 00007F4BEC3895E0h 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a pop edx 0x0000001b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D41C31 second address: 0000000000D41C4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F4BEC76D8B6h 0x0000000a jc 00007F4BEC76D8B6h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 pushad 0x00000014 push edx 0x00000015 pop edx 0x00000016 ja 00007F4BEC76D8B6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D41C4F second address: 0000000000D41C5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4BEC3895D6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D41C5A second address: 0000000000D41C66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007F4BEC76D8B6h 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D41C66 second address: 0000000000D41C6C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D1C20B second address: 0000000000D1C213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D1C213 second address: 0000000000D1C22B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F4BEC3895DCh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D1C22B second address: 0000000000D1C23B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4BEC76D8BAh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D3FA96 second address: 0000000000D3FAA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D3FAA0 second address: 0000000000D3FAA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D3FAA7 second address: 0000000000D3FAAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D3FAAD second address: 0000000000D3FAEE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 je 00007F4BEC76D8B6h 0x0000000f jmp 00007F4BEC76D8BDh 0x00000014 jmp 00007F4BEC76D8C1h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c jnp 00007F4BEC76D8C6h 0x00000022 pushad 0x00000023 push esi 0x00000024 pop esi 0x00000025 jns 00007F4BEC76D8B6h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D3FD73 second address: 0000000000D3FD7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F4BEC3895D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D3FD7E second address: 0000000000D3FDA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC76D8C5h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 je 00007F4BEC76D8B6h 0x00000017 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D3FDA5 second address: 0000000000D3FDAB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D3FEEE second address: 0000000000D3FEF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D3FEF2 second address: 0000000000D3FEF8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D3FEF8 second address: 0000000000D3FF25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c pushad 0x0000000d jnp 00007F4BEC76D8B6h 0x00000013 push eax 0x00000014 pop eax 0x00000015 jmp 00007F4BEC76D8C3h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D400C7 second address: 0000000000D400DB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4BEC3895DAh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D400DB second address: 0000000000D400DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 00000000008DA074 second address: 00000000008D9963 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4BEC3895E0h 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e clc 0x0000000f push dword ptr [ebp+141D0551h] 0x00000015 clc 0x00000016 call dword ptr [ebp+141D1A56h] 0x0000001c pushad 0x0000001d jmp 00007F4BEC3895DAh 0x00000022 xor eax, eax 0x00000024 mov dword ptr [ebp+141D187Dh], ebx 0x0000002a mov edx, dword ptr [esp+28h] 0x0000002e jng 00007F4BEC3895ECh 0x00000034 pushad 0x00000035 movzx ecx, bx 0x00000038 popad 0x00000039 mov dword ptr [ebp+141D3893h], eax 0x0000003f sub dword ptr [ebp+141D187Dh], ebx 0x00000045 mov esi, 0000003Ch 0x0000004a add dword ptr [ebp+141D187Dh], ebx 0x00000050 add esi, dword ptr [esp+24h] 0x00000054 mov dword ptr [ebp+141D187Dh], ebx 0x0000005a jmp 00007F4BEC3895E4h 0x0000005f lodsw 0x00000061 cmc 0x00000062 add eax, dword ptr [esp+24h] 0x00000066 cld 0x00000067 mov ebx, dword ptr [esp+24h] 0x0000006b or dword ptr [ebp+141D1759h], eax 0x00000071 push eax 0x00000072 pushad 0x00000073 pushad 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 00000000008D9963 second address: 00000000008D996E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 00000000008D996E second address: 00000000008D9972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40254 second address: 0000000000D40274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F4BEC76D8C4h 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F4BEC76D8BCh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40274 second address: 0000000000D40278 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40278 second address: 0000000000D4028E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007F4BEC76D8B6h 0x0000000d jns 00007F4BEC76D8B6h 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4028E second address: 0000000000D40294 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A27EC0 second address: 0000000000A27EC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40294 second address: 0000000000D40298 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A27EC5 second address: 0000000000A27ECB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40673 second address: 0000000000D40680 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A27ECB second address: 0000000000A27EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4BEC76D8B6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F4BEC76D8B6h 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40680 second address: 0000000000D4068A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A27EE2 second address: 0000000000A27EE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4068A second address: 0000000000D4068F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A27176 second address: 0000000000A2717C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D407D0 second address: 0000000000D40805 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4BEC3895D6h 0x0000000a pop ecx 0x0000000b push edi 0x0000000c push ecx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4BEC3895DBh 0x00000019 jmp 00007F4BEC3895E6h 0x0000001e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2717C second address: 0000000000A2718D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jnp 00007F4BEC76D8B6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40967 second address: 0000000000D40971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2718D second address: 0000000000A27191 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40971 second address: 0000000000D40975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A27191 second address: 0000000000A27197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40975 second address: 0000000000D4098A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4BEC3895D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d jc 00007F4BEC3895D6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A27197 second address: 0000000000A2719D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40DE8 second address: 0000000000D40E01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC3895E2h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2719D second address: 0000000000A271A2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40E01 second address: 0000000000D40E39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC3895E6h 0x00000007 je 00007F4BEC3895DAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F4BEC3895DFh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A271A2 second address: 0000000000A271BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 push ebx 0x00000009 jnl 00007F4BEC76D8B6h 0x0000000f pop ebx 0x00000010 pushad 0x00000011 jnp 00007F4BEC76D8B6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40E39 second address: 0000000000D40E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC3895DBh 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A271BB second address: 0000000000A271C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40E48 second address: 0000000000D40E5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC3895E2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A27492 second address: 0000000000A27496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D40E5E second address: 0000000000D40E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jno 00007F4BEC3895D6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2760E second address: 0000000000A27614 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D41ABB second address: 0000000000D41ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D41ABF second address: 0000000000D41AC5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2A4B7 second address: 0000000000A2A4DF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4BEC3895E2h 0x00000008 jmp 00007F4BEC3895DCh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jl 00007F4BEC3895DCh 0x0000001b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2A4DF second address: 0000000000A2A4F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BEC76D8C5h 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2A6B3 second address: 0000000000A2A6B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2A6B7 second address: 0000000000A2A6C1 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4BEC76D8B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2A6C1 second address: 0000000000A2A742 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC3895DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push edi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop edi 0x0000000f pop ebx 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 jmp 00007F4BEC3895DDh 0x0000001a pop eax 0x0000001b mov eax, dword ptr [eax] 0x0000001d jmp 00007F4BEC3895DBh 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 jnc 00007F4BEC3895E2h 0x0000002c pop eax 0x0000002d pushad 0x0000002e jmp 00007F4BEC3895DFh 0x00000033 mov eax, edi 0x00000035 popad 0x00000036 lea ebx, dword ptr [ebp+1432434Bh] 0x0000003c mov dword ptr [ebp+141D1773h], edx 0x00000042 xchg eax, ebx 0x00000043 jmp 00007F4BEC3895DDh 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b pushad 0x0000004c popad 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D459D6 second address: 0000000000D459DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D459DD second address: 0000000000D459F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BEC3895DFh 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2A781 second address: 0000000000A2A809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 nop 0x00000007 mov edi, dword ptr [ebp+141D377Fh] 0x0000000d push 00000000h 0x0000000f movsx ecx, ax 0x00000012 push 7B6C4C17h 0x00000017 push edx 0x00000018 push ebx 0x00000019 push esi 0x0000001a pop esi 0x0000001b pop ebx 0x0000001c pop edx 0x0000001d xor dword ptr [esp], 7B6C4C97h 0x00000024 mov edi, eax 0x00000026 push 00000003h 0x00000028 jmp 00007F4BEC76D8C1h 0x0000002d push 00000000h 0x0000002f sub dword ptr [ebp+141D193Ch], eax 0x00000035 push 00000003h 0x00000037 xor dword ptr [ebp+141D1B3Eh], edx 0x0000003d call 00007F4BEC76D8C8h 0x00000042 mov dword ptr [ebp+141D23E6h], eax 0x00000048 pop edi 0x00000049 call 00007F4BEC76D8B9h 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 push edi 0x00000052 pop edi 0x00000053 jmp 00007F4BEC76D8C1h 0x00000058 popad 0x00000059 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D459F0 second address: 0000000000D459F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2A809 second address: 0000000000A2A818 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2A818 second address: 0000000000A2A856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007F4BEC3895E6h 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jmp 00007F4BEC3895E0h 0x0000001b ja 00007F4BEC3895D6h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2A856 second address: 0000000000A2A870 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4BEC76D8B8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jc 00007F4BEC76D8C4h 0x00000016 push eax 0x00000017 push edx 0x00000018 push edi 0x00000019 pop edi 0x0000001a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D45C14 second address: 0000000000D45C18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A2A870 second address: 0000000000A2A874 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4BF80 second address: 0000000000D4BF84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4C0F1 second address: 0000000000D4C101 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F4BEC76D8BEh 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4C3C7 second address: 0000000000D4C3CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4C3CC second address: 0000000000D4C3D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4C3D1 second address: 0000000000D4C405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F4BEC3895D6h 0x0000000a ja 00007F4BEC3895D6h 0x00000010 popad 0x00000011 jne 00007F4BEC3895D8h 0x00000017 pushad 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F4BEC3895E7h 0x00000022 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4C405 second address: 0000000000D4C410 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F4BEC76D8B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4C6A0 second address: 0000000000D4C6A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4C6A4 second address: 0000000000D4C6AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4C6AE second address: 0000000000D4C6B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4C6B2 second address: 0000000000D4C6B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4C928 second address: 0000000000D4C92E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4C92E second address: 0000000000D4C932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4E1CA second address: 0000000000D4E1CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4E1CE second address: 0000000000D4E1E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4E3AE second address: 0000000000D4E3B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4E3B2 second address: 0000000000D4E3BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4E3BB second address: 0000000000D4E3D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F4BEC3895DCh 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4E6B0 second address: 0000000000D4E6B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4E6B7 second address: 0000000000D4E6BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4E6BD second address: 0000000000D4E6C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4ED63 second address: 0000000000D4ED67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D4ED67 second address: 0000000000D4ED6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D50057 second address: 0000000000D500B8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jl 00007F4BEC3895DEh 0x0000000d jnp 00007F4BEC3895D8h 0x00000013 push edx 0x00000014 pop edx 0x00000015 nop 0x00000016 mov edi, dword ptr [ebp+120B3AD5h] 0x0000001c mov esi, dword ptr [ebp+120B2278h] 0x00000022 push 00000000h 0x00000024 jmp 00007F4BEC3895DDh 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F4BEC3895D8h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 0000001Ah 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 mov edi, 77D5641Bh 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D500B8 second address: 0000000000D500BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D500BC second address: 0000000000D500D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC3895E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D53CED second address: 0000000000D53D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4BEC76D8C4h 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D53D09 second address: 0000000000D53D83 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F4BEC3895DBh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F4BEC3895D8h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 push 00000000h 0x00000028 mov esi, dword ptr [ebp+120B19B0h] 0x0000002e clc 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ecx 0x00000034 call 00007F4BEC3895D8h 0x00000039 pop ecx 0x0000003a mov dword ptr [esp+04h], ecx 0x0000003e add dword ptr [esp+04h], 00000019h 0x00000046 inc ecx 0x00000047 push ecx 0x00000048 ret 0x00000049 pop ecx 0x0000004a ret 0x0000004b jmp 00007F4BEC3895DDh 0x00000050 or dword ptr [ebp+120B2712h], edi 0x00000056 push eax 0x00000057 pushad 0x00000058 pushad 0x00000059 pushad 0x0000005a popad 0x0000005b pushad 0x0000005c popad 0x0000005d popad 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 popad 0x00000062 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D5490D second address: 0000000000D54911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D54911 second address: 0000000000D54915 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D56793 second address: 0000000000D56797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D56797 second address: 0000000000D567C2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4BEC3895D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F4BEC3895E7h 0x0000000f popad 0x00000010 push edx 0x00000011 je 00007F4BEC3895DEh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D567C2 second address: 0000000000D567CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D567CB second address: 0000000000D567D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D58973 second address: 0000000000D58977 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D58E8B second address: 0000000000D58E9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BEC3895E0h 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D58E9F second address: 0000000000D58F0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F4BEC76D8B8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 jmp 00007F4BEC76D8C1h 0x00000028 push 00000000h 0x0000002a mov di, 2F21h 0x0000002e push 00000000h 0x00000030 jmp 00007F4BEC76D8C2h 0x00000035 xchg eax, esi 0x00000036 jp 00007F4BEC76D8BEh 0x0000003c push eax 0x0000003d pushad 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D59F08 second address: 0000000000D59F0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D59F0C second address: 0000000000D59F2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D59F2D second address: 0000000000D59F31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D59FA5 second address: 0000000000D59FAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D52FCD second address: 0000000000D52FD7 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4BEC3895D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D54622 second address: 0000000000D54626 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D54626 second address: 0000000000D54638 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 js 00007F4BEC3895E4h 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D5F5A0 second address: 0000000000D5F5BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D5F5BC second address: 0000000000D5F648 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC3895DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F4BEC3895D8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+120B3BE5h] 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push eax 0x0000002f call 00007F4BEC3895D8h 0x00000034 pop eax 0x00000035 mov dword ptr [esp+04h], eax 0x00000039 add dword ptr [esp+04h], 00000016h 0x00000041 inc eax 0x00000042 push eax 0x00000043 ret 0x00000044 pop eax 0x00000045 ret 0x00000046 push 00000000h 0x00000048 push 00000000h 0x0000004a push ebx 0x0000004b call 00007F4BEC3895D8h 0x00000050 pop ebx 0x00000051 mov dword ptr [esp+04h], ebx 0x00000055 add dword ptr [esp+04h], 0000001Ch 0x0000005d inc ebx 0x0000005e push ebx 0x0000005f ret 0x00000060 pop ebx 0x00000061 ret 0x00000062 and edi, dword ptr [ebp+120B1A7Ch] 0x00000068 xchg eax, esi 0x00000069 push ecx 0x0000006a push eax 0x0000006b push edx 0x0000006c pushad 0x0000006d popad 0x0000006e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D5F648 second address: 0000000000D5F65E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 ja 00007F4BEC76D8C4h 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007F4BEC76D8B6h 0x00000016 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D60702 second address: 0000000000D60708 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D60708 second address: 0000000000D6070C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D626A4 second address: 0000000000D626A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D626A9 second address: 0000000000D626D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F4BEC76D8BEh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D626D2 second address: 0000000000D6270E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC3895E2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b pushad 0x0000000c mov si, B16Bh 0x00000010 mov al, 4Ch 0x00000012 popad 0x00000013 push 00000000h 0x00000015 mov edi, dword ptr [ebp+120B2A0Bh] 0x0000001b xor dword ptr [ebp+120B2A71h], edx 0x00000021 push 00000000h 0x00000023 mov dword ptr [ebp+120B267Bh], esi 0x00000029 xchg eax, esi 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D6270E second address: 0000000000D62719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4BEC76D8B6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D62719 second address: 0000000000D6274B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F4BEC3895E2h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f jmp 00007F4BEC3895E5h 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D652D7 second address: 0000000000D652DD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D652DD second address: 0000000000D652E7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4BEC3895DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D66277 second address: 0000000000D6627B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D6627B second address: 0000000000D66293 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC3895DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D66293 second address: 0000000000D66297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D66297 second address: 0000000000D662A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC3895DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D662A6 second address: 0000000000D662AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D662AC second address: 0000000000D662B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D6736D second address: 0000000000D6737F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4BEC76D8B8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D6737F second address: 0000000000D67383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D67383 second address: 0000000000D67396 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D67396 second address: 0000000000D67418 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007F4BEC3895D8h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 push edi 0x00000023 mov edi, dword ptr [ebp+120B1CB5h] 0x00000029 pop ebx 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edi 0x0000002f call 00007F4BEC3895D8h 0x00000034 pop edi 0x00000035 mov dword ptr [esp+04h], edi 0x00000039 add dword ptr [esp+04h], 00000015h 0x00000041 inc edi 0x00000042 push edi 0x00000043 ret 0x00000044 pop edi 0x00000045 ret 0x00000046 mov ebx, dword ptr [ebp+120B3C51h] 0x0000004c push 00000000h 0x0000004e mov edi, dword ptr [ebp+120B3D55h] 0x00000054 xchg eax, esi 0x00000055 jnc 00007F4BEC3895E0h 0x0000005b push eax 0x0000005c push ebx 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007F4BEC3895E0h 0x00000064 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D6829E second address: 0000000000D682AF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jc 00007F4BEC76D8C0h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D71D95 second address: 0000000000D71D9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D71504 second address: 0000000000D7151F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8C7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7151F second address: 0000000000D71540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4BEC3895E7h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D71540 second address: 0000000000D71544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D71544 second address: 0000000000D71557 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jns 00007F4BEC3895D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D71683 second address: 0000000000D7168E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4BEC76D8B6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7168E second address: 0000000000D716AE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jo 00007F4BEC3895D6h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4BEC3895DEh 0x00000011 jno 00007F4BEC3895D6h 0x00000017 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D71950 second address: 0000000000D71956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D71956 second address: 0000000000D71966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4BEC3895DBh 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D71966 second address: 0000000000D7197F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4BEC76D8C4h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7197F second address: 0000000000D719AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4BEC3895DEh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4BEC3895E8h 0x00000013 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D719AE second address: 0000000000D719C2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F4BEC76D8BDh 0x00000008 pop edi 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D719C2 second address: 0000000000D719C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D75C46 second address: 0000000000D75C4B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D5A1A1 second address: 0000000000D5A1A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D5A1A5 second address: 0000000000D5A23B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4BEC76D8B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov dword ptr [esp], eax 0x0000000e pushad 0x0000000f mov dword ptr [ebp+1221B48Dh], ebx 0x00000015 adc ebx, 5B2483DBh 0x0000001b popad 0x0000001c push dword ptr fs:[00000000h] 0x00000023 jg 00007F4BEC76D8BCh 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 sbb di, 6E85h 0x00000035 mov eax, dword ptr [ebp+120B0879h] 0x0000003b push 00000000h 0x0000003d push edx 0x0000003e call 00007F4BEC76D8B8h 0x00000043 pop edx 0x00000044 mov dword ptr [esp+04h], edx 0x00000048 add dword ptr [esp+04h], 00000018h 0x00000050 inc edx 0x00000051 push edx 0x00000052 ret 0x00000053 pop edx 0x00000054 ret 0x00000055 jmp 00007F4BEC76D8C7h 0x0000005a push FFFFFFFFh 0x0000005c mov di, A0E2h 0x00000060 nop 0x00000061 jmp 00007F4BEC76D8C0h 0x00000066 push eax 0x00000067 push eax 0x00000068 push edx 0x00000069 push ebx 0x0000006a pushad 0x0000006b popad 0x0000006c pop ebx 0x0000006d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D5E78F second address: 0000000000D5E795 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D5F797 second address: 0000000000D5F79B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D5F79B second address: 0000000000D5F7B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC3895E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D5F7B5 second address: 0000000000D5F7BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F4BEC76D8B6h 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D62952 second address: 0000000000D62976 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC3895E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d jc 00007F4BEC3895D6h 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D638C4 second address: 0000000000D638CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D638CA second address: 0000000000D638D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F4BEC3895D6h 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D79A1E second address: 0000000000D79A62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jno 00007F4BEC76D8BEh 0x0000000b pop ebx 0x0000000c pushad 0x0000000d je 00007F4BEC76D8C4h 0x00000013 jmp 00007F4BEC76D8C8h 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D66493 second address: 0000000000D66499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D66499 second address: 0000000000D6649E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D67632 second address: 0000000000D6763D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F4BEC3895D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D79B7A second address: 0000000000D79B80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D79E45 second address: 0000000000D79E62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC3895E9h 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7A115 second address: 0000000000D7A119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7A119 second address: 0000000000D7A129 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F4BEC3895D8h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7A399 second address: 0000000000D7A39F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7A39F second address: 0000000000D7A3A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7A3A3 second address: 0000000000D7A3BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8C8h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7A50D second address: 0000000000D7A514 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7F064 second address: 0000000000D7F068 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7F068 second address: 0000000000D7F06E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7F06E second address: 0000000000D7F088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F4BEC76D8B6h 0x0000000a jmp 00007F4BEC76D8C0h 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7F088 second address: 0000000000D7F0C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F4BEC3895F8h 0x0000000e jmp 00007F4BEC3895E7h 0x00000013 jmp 00007F4BEC3895DBh 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7F0C1 second address: 0000000000D7F0C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7DAF4 second address: 0000000000D7DB0D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F4BEC3895E1h 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7DFA5 second address: 0000000000D7DFAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7DFAB second address: 0000000000D7DFB9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4BEC3895D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7DFB9 second address: 0000000000D7DFBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7DFBD second address: 0000000000D7DFDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC3895DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F4BEC3895ECh 0x00000011 push ebx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7DFDF second address: 0000000000D7DFE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7E953 second address: 0000000000D7E97C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4BEC3895D6h 0x0000000a jmp 00007F4BEC3895DEh 0x0000000f jmp 00007F4BEC3895DBh 0x00000014 popad 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D7EAD8 second address: 0000000000D7EAE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D37BB9 second address: 0000000000D37BBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D37BBD second address: 0000000000D37BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D37BC5 second address: 0000000000D37BD3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jbe 00007F4BEC3895D6h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D12259 second address: 0000000000D1225F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D1225F second address: 0000000000D12265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D12265 second address: 0000000000D12269 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D12269 second address: 0000000000D1227B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4BEC3895D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D1227B second address: 0000000000D1227F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D1227F second address: 0000000000D12283 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D85D44 second address: 0000000000D85D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC76D8C5h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D85D61 second address: 0000000000D85D77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F4BEC3895DFh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D0D1A7 second address: 0000000000D0D1B1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4BEC76D8B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D0D1B1 second address: 0000000000D0D1B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D0D1B6 second address: 0000000000D0D232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC76D8C9h 0x00000009 jmp 00007F4BEC76D8BCh 0x0000000e jnp 00007F4BEC76D8B6h 0x00000014 popad 0x00000015 jmp 00007F4BEC76D8BAh 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pushad 0x0000001d jmp 00007F4BEC76D8BDh 0x00000022 jmp 00007F4BEC76D8BDh 0x00000027 jl 00007F4BEC76D8D1h 0x0000002d jmp 00007F4BEC76D8C5h 0x00000032 jng 00007F4BEC76D8B6h 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D57112 second address: 0000000000D57116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D57548 second address: 0000000000D5754D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D576B0 second address: 0000000000D576B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D5781E second address: 0000000000D57828 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F4BEC76D8B6h 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D57A77 second address: 0000000000D57A83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D57A83 second address: 0000000000D57A88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D57A88 second address: 0000000000D57A92 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4BEC3895DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D57EAE second address: 0000000000D57EB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D57FEA second address: 0000000000D57FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D58267 second address: 0000000000D5827A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 je 00007F4BEC76D8B8h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D5827A second address: 0000000000D582DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 nop 0x00000007 jmp 00007F4BEC3895E5h 0x0000000c mov di, bx 0x0000000f lea eax, dword ptr [ebp+12250DCDh] 0x00000015 call 00007F4BEC3895E6h 0x0000001a mov edi, dword ptr [ebp+120B3CC1h] 0x00000020 pop ecx 0x00000021 mov ecx, edx 0x00000023 nop 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 push esi 0x00000028 pop esi 0x00000029 jmp 00007F4BEC3895E6h 0x0000002e popad 0x0000002f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D582DB second address: 0000000000D37BB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F4BEC76D8B6h 0x00000009 jc 00007F4BEC76D8B6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 jmp 00007F4BEC76D8C5h 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007F4BEC76D8B8h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 0000001Ah 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 pushad 0x00000034 call 00007F4BEC76D8BEh 0x00000039 jmp 00007F4BEC76D8C0h 0x0000003e pop edi 0x0000003f mov ecx, ebx 0x00000041 popad 0x00000042 lea eax, dword ptr [ebp+12250D89h] 0x00000048 mov edx, esi 0x0000004a push eax 0x0000004b jmp 00007F4BEC76D8C3h 0x00000050 mov dword ptr [esp], eax 0x00000053 call 00007F4BEC76D8BEh 0x00000058 xor dword ptr [ebp+120B1D09h], ebx 0x0000005e pop edi 0x0000005f stc 0x00000060 call dword ptr [ebp+120B248Eh] 0x00000066 push eax 0x00000067 push edx 0x00000068 pushad 0x00000069 pushad 0x0000006a popad 0x0000006b jmp 00007F4BEC76D8BAh 0x00000070 popad 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007F4BEC76D8BAh 0x00000078 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D850BA second address: 0000000000D850BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A48AA5 second address: 0000000000A48AAF instructions: 0x00000000 rdtsc 0x00000002 js 00007F4BEC76D8B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A48AAF second address: 0000000000A48AB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A48AB5 second address: 0000000000A48AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A48AB9 second address: 0000000000A48ABD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A48ABD second address: 0000000000A48AF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jno 00007F4BEC76D8B6h 0x0000000f js 00007F4BEC76D8B6h 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push ecx 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c jp 00007F4BEC76D8B6h 0x00000022 jbe 00007F4BEC76D8B6h 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F4BEC76D8BFh 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A48AF9 second address: 0000000000A48AFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D8523D second address: 0000000000D85243 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D854CA second address: 0000000000D854D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D854D0 second address: 0000000000D854D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D858D4 second address: 0000000000D858DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A47741 second address: 0000000000A4777D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8C8h 0x00000007 jmp 00007F4BEC76D8C4h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 jng 00007F4BEC76D8B6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A4777D second address: 0000000000A47785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A478F3 second address: 0000000000A47900 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4BEC76D8B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A47900 second address: 0000000000A47906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A47906 second address: 0000000000A47912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4BEC76D8B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A411A9 second address: 0000000000A411B3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4BEC3895D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D8A0C1 second address: 0000000000D8A0CB instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4BEC76D8B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D8A0CB second address: 0000000000D8A0D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F4BEC3895D6h 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D8A0D7 second address: 0000000000D8A0DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A484B3 second address: 0000000000A484C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BEC3895DEh 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A484C7 second address: 0000000000A484D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F4BEC76D8B6h 0x00000010 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D89D6B second address: 0000000000D89D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC3895E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D89D87 second address: 0000000000D89DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007F4BEC76D8C4h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A504F3 second address: 0000000000A504FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F4BEC3895D6h 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A17CD3 second address: 0000000000A17CDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A17CDA second address: 0000000000A17CF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BEC3895E2h 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A5518C second address: 0000000000A5519C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 jg 00007F4BEC76D8B6h 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A5519C second address: 0000000000A551A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A551A2 second address: 0000000000A551AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F4BEC76D8B6h 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A551AC second address: 0000000000A551B6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4BEC3895D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A551B6 second address: 0000000000A551BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A555DC second address: 0000000000A555E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A55A0D second address: 0000000000A55A24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4BEC76D8BEh 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A55A24 second address: 0000000000A55A3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4BEC3895E0h 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A57DE8 second address: 0000000000A57DF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F4BEC76D8B6h 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A57DF2 second address: 0000000000A57DF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A5828A second address: 0000000000A58290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A588E6 second address: 0000000000A588F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F4BEC3895D6h 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A5896A second address: 0000000000A589A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4BEC76D8C8h 0x0000000b popad 0x0000000c mov dword ptr [esp], ebx 0x0000000f movsx esi, cx 0x00000012 jnc 00007F4BEC76D8BCh 0x00000018 and esi, 13A5240Bh 0x0000001e nop 0x0000001f js 00007F4BEC76D8BEh 0x00000025 push edi 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A58B79 second address: 0000000000A58B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A58B7D second address: 0000000000A58B83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A58C58 second address: 0000000000A58C5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A58EE5 second address: 0000000000A58EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A58FB2 second address: 0000000000A58FB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A58FB7 second address: 0000000000A58FC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A58FC5 second address: 0000000000A58FEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop esi 0x00000006 nop 0x00000007 mov esi, 6445E480h 0x0000000c xchg eax, ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4BEC3895E6h 0x00000014 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A5BAE8 second address: 0000000000A5BAED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A5DBAA second address: 0000000000A5DBB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007F4BEC3895D6h 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A5DBB7 second address: 0000000000A5DBDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edi 0x0000000c jnc 00007F4BEC76D8BCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A5E5BD second address: 0000000000A5E653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007F4BEC3895E8h 0x0000000b pop esi 0x0000000c popad 0x0000000d nop 0x0000000e call 00007F4BEC3895E8h 0x00000013 pop edi 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007F4BEC3895D8h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 sbb edi, 331EA68Eh 0x00000036 push 00000000h 0x00000038 jmp 00007F4BEC3895E7h 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F4BEC3895E8h 0x00000045 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A61688 second address: 0000000000A616AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4BEC76D8BAh 0x00000013 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A616AF second address: 0000000000A616B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A616B3 second address: 0000000000A616B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A616B9 second address: 0000000000A61725 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007F4BEC3895D8h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 mov ebx, 71E2FC80h 0x00000028 jns 00007F4BEC3895DCh 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007F4BEC3895D8h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 00000017h 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a push 00000000h 0x0000004c mov dword ptr [ebp+14333BB3h], ebx 0x00000052 xchg eax, esi 0x00000053 pushad 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A61725 second address: 0000000000A61729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A61729 second address: 0000000000A6172D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A6172D second address: 0000000000A61745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4BEC76D8C0h 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A61745 second address: 0000000000A61749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A6677B second address: 0000000000A66794 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F4BEC76D8B6h 0x00000014 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A66794 second address: 0000000000A6679A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A67713 second address: 0000000000A6771A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A6771A second address: 0000000000A6775F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F4BEC3895DBh 0x0000000c nop 0x0000000d or dword ptr [ebp+141D2338h], edi 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 mov ebx, dword ptr [ebp+141D1885h] 0x0000001c pop ebx 0x0000001d push 00000000h 0x0000001f and ebx, dword ptr [ebp+141D28CFh] 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 jo 00007F4BEC3895E7h 0x0000002e jmp 00007F4BEC3895E1h 0x00000033 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A69D1A second address: 0000000000A69D20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A6ADFE second address: 0000000000A6AE17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC3895E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A6FE00 second address: 0000000000A6FE64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+141D19E9h], ecx 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 mov dword ptr [ebp+143355DAh], ecx 0x0000001a pop ebx 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ecx 0x00000020 call 00007F4BEC76D8B8h 0x00000025 pop ecx 0x00000026 mov dword ptr [esp+04h], ecx 0x0000002a add dword ptr [esp+04h], 00000017h 0x00000032 inc ecx 0x00000033 push ecx 0x00000034 ret 0x00000035 pop ecx 0x00000036 ret 0x00000037 jmp 00007F4BEC76D8BEh 0x0000003c push eax 0x0000003d jc 00007F4BEC76D8CFh 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F4BEC76D8C1h 0x0000004a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A5D901 second address: 0000000000A5D926 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4BEC3895D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4BEC3895E7h 0x00000013 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A5E31F second address: 0000000000A5E323 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A5E323 second address: 0000000000A5E33C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4BEC3895E1h 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A5E33C second address: 0000000000A5E340 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A618D0 second address: 0000000000A618D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A7B259 second address: 0000000000A7B25D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A7B25D second address: 0000000000A7B27C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC3895E4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A7B27C second address: 0000000000A7B288 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4BEC76D8B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A7A9F2 second address: 0000000000A7A9FC instructions: 0x00000000 rdtsc 0x00000002 js 00007F4BEC3895D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A7AB4E second address: 0000000000A7AB59 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jns 00007F4BEC76D8B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A7EE87 second address: 0000000000A7EE8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A7EE8B second address: 0000000000A7EE94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D8E2A1 second address: 0000000000D8E2A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D8E2A9 second address: 0000000000D8E2AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D8E2AF second address: 0000000000D8E2DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4BEC3895D6h 0x0000000a popad 0x0000000b push ecx 0x0000000c jmp 00007F4BEC3895E2h 0x00000011 jbe 00007F4BEC3895D6h 0x00000017 pop ecx 0x00000018 pushad 0x00000019 je 00007F4BEC3895D6h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D8E441 second address: 0000000000D8E467 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c jne 00007F4BEC76D8B6h 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D8E467 second address: 0000000000D8E46D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D8FFEB second address: 0000000000D8FFF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4BEC76D8B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D91DD8 second address: 0000000000D91DDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D91DDE second address: 0000000000D91DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F4BEC76D8B6h 0x0000000e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D91B01 second address: 0000000000D91B07 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D94B97 second address: 0000000000D94B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D94B9D second address: 0000000000D94BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D94BA1 second address: 0000000000D94BB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D94CEF second address: 0000000000D94D09 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F4BEC3895E4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D94D09 second address: 0000000000D94D0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D94D0E second address: 0000000000D94D14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D94D14 second address: 0000000000D94D3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edi 0x0000000d jmp 00007F4BEC76D8BAh 0x00000012 jbe 00007F4BEC76D8B6h 0x00000018 pop edi 0x00000019 pushad 0x0000001a jl 00007F4BEC76D8B6h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A840D7 second address: 0000000000A840DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8462B second address: 0000000000A8462F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8462F second address: 0000000000A84635 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A88092 second address: 0000000000A88098 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A88098 second address: 0000000000A8809C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A881FC second address: 0000000000A88206 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4BEC76D8BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A88206 second address: 0000000000A88222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4BEC3895DCh 0x0000000a js 00007F4BEC3895D6h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 jnc 00007F4BEC3895D6h 0x0000001b pop ecx 0x0000001c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A88222 second address: 0000000000A88249 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8BAh 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F4BEC76D8B6h 0x0000000f jmp 00007F4BEC76D8C3h 0x00000014 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A883A4 second address: 0000000000A883A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A886CA second address: 0000000000A886D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A886D4 second address: 0000000000A886DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A88818 second address: 0000000000A8881E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8881E second address: 0000000000A88833 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007F4BEC3895DBh 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A87D84 second address: 0000000000A87D9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8BCh 0x00000007 pushad 0x00000008 jno 00007F4BEC76D8B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D99F7B second address: 0000000000D99F95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC3895DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jng 00007F4BEC3895D6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D99F95 second address: 0000000000D99FB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4BEC76D8BEh 0x0000000b popad 0x0000000c jbe 00007F4BEC76D8BCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D99FB2 second address: 0000000000D99FBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9889D second address: 0000000000D988C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F4BEC76D8BFh 0x0000000b popad 0x0000000c jmp 00007F4BEC76D8BEh 0x00000011 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D988C1 second address: 0000000000D988C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D98FFC second address: 0000000000D99021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC76D8C7h 0x00000009 pop ecx 0x0000000a pushad 0x0000000b jl 00007F4BEC76D8B6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D99021 second address: 0000000000D9903D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4BEC3895E2h 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D57CBE second address: 0000000000D57CC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F4BEC76D8B6h 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A65838 second address: 0000000000A6583C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A679F0 second address: 0000000000A679F5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A88CC2 second address: 0000000000A88CD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F4BEC3895D6h 0x0000000d jnl 00007F4BEC3895D6h 0x00000013 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8914F second address: 0000000000A89173 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4BEC76D8CFh 0x00000008 jmp 00007F4BEC76D8C9h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A89173 second address: 0000000000A89188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F4BEC3895D6h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A89188 second address: 0000000000A8918E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8DA55 second address: 0000000000A8DA5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8DA5B second address: 0000000000A8DA5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8DA5F second address: 0000000000A8DA65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8DEB3 second address: 0000000000A8DEB8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8DEB8 second address: 0000000000A8DF07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F4BEC3895E6h 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 jmp 00007F4BEC3895DDh 0x0000001c push esi 0x0000001d push edx 0x0000001e pop edx 0x0000001f jmp 00007F4BEC3895DAh 0x00000024 pop esi 0x00000025 push ebx 0x00000026 jns 00007F4BEC3895D6h 0x0000002c pop ebx 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8DF07 second address: 0000000000A8DF15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC76D8BAh 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8DF15 second address: 0000000000A8DF19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8E050 second address: 0000000000A8E055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8E1B5 second address: 0000000000A8E1C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 ja 00007F4BEC3895D6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8E1C7 second address: 0000000000A8E1EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC76D8C6h 0x00000009 pop ecx 0x0000000a jc 00007F4BEC76D8C2h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8E1EA second address: 0000000000A8E1F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8E1F0 second address: 0000000000A8E1F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8E1F8 second address: 0000000000A8E208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC3895DCh 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8E4B6 second address: 0000000000A8E4C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jg 00007F4BEC5CA3C6h 0x0000000c je 00007F4BEC5CA3C6h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A41B7D second address: 0000000000A41B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8D5E8 second address: 0000000000A8D5EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A8D5EF second address: 0000000000A8D61B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BED30CDB6h 0x00000007 pushad 0x00000008 jns 00007F4BED30CDA6h 0x0000000e jl 00007F4BED30CDA6h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push edi 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A93BD8 second address: 0000000000A93BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F4BEC5CA3C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A6C0E4 second address: 0000000000A6C0EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56C43 second address: 0000000000A56C5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC5CA3D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56C5F second address: 0000000000A56C65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56C65 second address: 0000000000A56C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56C69 second address: 0000000000A56C6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56C6D second address: 0000000000A56C80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F4BEC5CA3C6h 0x00000013 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56C80 second address: 0000000000A56C86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56C86 second address: 0000000000A56C9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BEC5CA3D3h 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56C9D second address: 0000000000A56CB7 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4BED30CDA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jp 00007F4BED30CDB4h 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56CB7 second address: 0000000000A56CBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56CBB second address: 0000000000A56CCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jp 00007F4BED30CDAEh 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56CCC second address: 0000000000A56CDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56CDB second address: 0000000000A56CF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BED30CDB2h 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56CF1 second address: 0000000000A56D32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F4BEC5CA3C8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 call 00007F4BEC5CA3C9h 0x00000028 jl 00007F4BEC5CA3D0h 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56D32 second address: 0000000000A56D3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56D3E second address: 0000000000A56D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56D45 second address: 0000000000A56D63 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007F4BED30CDAAh 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56D63 second address: 0000000000A56D67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56D67 second address: 0000000000A56D6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56E61 second address: 0000000000A56E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56E6F second address: 0000000000A56E73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A56E73 second address: 0000000000A56E77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A6CFE8 second address: 0000000000A6CFEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A57132 second address: 0000000000A57136 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A57136 second address: 0000000000A571B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4BED30CDB8h 0x0000000c jns 00007F4BED30CDA6h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push esi 0x00000016 jmp 00007F4BED30CDB8h 0x0000001b pop esi 0x0000001c nop 0x0000001d js 00007F4BED30CDAAh 0x00000023 jmp 00007F4BED30CDAEh 0x00000028 push 00000004h 0x0000002a mov di, ax 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 jmp 00007F4BED30CDB3h 0x00000036 jng 00007F4BED30CDA6h 0x0000003c popad 0x0000003d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A575A6 second address: 0000000000A57628 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F4BEC5CA3C8h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 mov di, EB30h 0x0000002b push 0000001Eh 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007F4BEC5CA3C8h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 0000001Dh 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 movsx ecx, di 0x0000004a nop 0x0000004b jmp 00007F4BEC5CA3D8h 0x00000050 push eax 0x00000051 push eax 0x00000052 pushad 0x00000053 jl 00007F4BEC5CA3C6h 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A6EEBD second address: 0000000000A6EF37 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4BED30CDBCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F4BED30CDA8h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 mov bl, 08h 0x00000027 mov bl, 81h 0x00000029 push dword ptr fs:[00000000h] 0x00000030 mov dword ptr [ebp+141D180Ch], ecx 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d sub dword ptr [ebp+141D339Ch], ebx 0x00000043 mov eax, dword ptr [ebp+141D0069h] 0x00000049 or di, 08B6h 0x0000004e push FFFFFFFFh 0x00000050 mov edi, edx 0x00000052 nop 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007F4BED30CDAAh 0x0000005c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A6EF37 second address: 0000000000A6EF50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC5CA3D5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A6EF50 second address: 0000000000A6EF6F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4BED30CDB0h 0x00000008 jmp 00007F4BED30CDAAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 jnc 00007F4BED30CDA6h 0x00000019 pop ebx 0x0000001a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A6EF6F second address: 0000000000A6EF8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BEC5CA3D7h 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DA09A8 second address: 0000000000DA09AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DA09AE second address: 0000000000DA09B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DA09B4 second address: 0000000000DA09B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DA09B8 second address: 0000000000DA0A0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC5CA3D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F4BEC5CA3D9h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F4BEC5CA3D9h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DA0A0C second address: 0000000000DA0A24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4BED30CDB0h 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DA0A24 second address: 0000000000DA0A84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4BEC5CA3D5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F4BEC5CA3D7h 0x00000011 jmp 00007F4BEC5CA3D2h 0x00000016 jng 00007F4BEC5CA3C6h 0x0000001c popad 0x0000001d pushad 0x0000001e jg 00007F4BEC5CA3C6h 0x00000024 jmp 00007F4BEC5CA3CBh 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9EBBA second address: 0000000000D9EBBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9EED1 second address: 0000000000D9EED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9EED7 second address: 0000000000D9EEE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9EEE0 second address: 0000000000D9EEE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9EEE8 second address: 0000000000D9EEF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F4BED30CDA6h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9EEF7 second address: 0000000000D9EEFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9EEFB second address: 0000000000D9EF01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9F1B9 second address: 0000000000D9F1BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9F4CF second address: 0000000000D9F4D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9F4D3 second address: 0000000000D9F4D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9F4D7 second address: 0000000000D9F510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4BED30CDA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4BED30CDB8h 0x00000014 jnl 00007F4BED30CDB2h 0x0000001a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9F510 second address: 0000000000D9F52F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4BEC5CA3CEh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4BEC5CA3CDh 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A6FFC5 second address: 0000000000A6FFCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A6FFCB second address: 0000000000A6FFCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A7008E second address: 0000000000A70092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A579FA second address: 0000000000A57AAC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC5CA3D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov ecx, 6F846E13h 0x0000000f lea eax, dword ptr [ebp+143502CEh] 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F4BEC5CA3C8h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f mov edx, dword ptr [ebp+141D35EFh] 0x00000035 mov cx, si 0x00000038 push eax 0x00000039 pushad 0x0000003a jmp 00007F4BEC5CA3D8h 0x0000003f ja 00007F4BEC5CA3CCh 0x00000045 popad 0x00000046 mov dword ptr [esp], eax 0x00000049 call 00007F4BEC5CA3D2h 0x0000004e push eax 0x0000004f mov dword ptr [ebp+141D1A77h], ecx 0x00000055 pop edi 0x00000056 pop ecx 0x00000057 lea eax, dword ptr [ebp+1435028Ah] 0x0000005d call 00007F4BEC5CA3CBh 0x00000062 sub dword ptr [ebp+141DB355h], ecx 0x00000068 pop edi 0x00000069 xor edx, 187D65F5h 0x0000006f nop 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A57AAC second address: 0000000000A57AB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A57AB0 second address: 0000000000A57AB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A57AB9 second address: 0000000000A57ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A57ABF second address: 0000000000A41B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jne 00007F4BEC5CA3CEh 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007F4BEC5CA3C8h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 mov edi, dword ptr [ebp+141D3743h] 0x0000002e call dword ptr [ebp+141D269Eh] 0x00000034 jnp 00007F4BEC5CA3E0h 0x0000003a jmp 00007F4BEC5CA3CCh 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A70F62 second address: 0000000000A70F66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A70F66 second address: 0000000000A70F6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A92F75 second address: 0000000000A92F7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A92F7B second address: 0000000000A92F86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A92F86 second address: 0000000000A92F8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A92F8C second address: 0000000000A92F90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A92F90 second address: 0000000000A92F96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9F7EC second address: 0000000000D9F7F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A930E5 second address: 0000000000A9311D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 je 00007F4BED3126C6h 0x00000009 je 00007F4BED3126C6h 0x0000000f pop ecx 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 jmp 00007F4BED3126D8h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d je 00007F4BED3126CCh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A9311D second address: 0000000000A93121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A93512 second address: 0000000000A9351C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A9351C second address: 0000000000A9353A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC530E96h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A9353A second address: 0000000000A93540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A96899 second address: 0000000000A968A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 js 00007F4BEC530E88h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A99308 second address: 0000000000A9930F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A98C3D second address: 0000000000A98C41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A9B225 second address: 0000000000A9B229 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A9B229 second address: 0000000000A9B231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A9B231 second address: 0000000000A9B252 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BED3126D7h 0x00000009 jl 00007F4BED3126C6h 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A9B252 second address: 0000000000A9B26A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC530E94h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9FDCD second address: 0000000000D9FDD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9FDD3 second address: 0000000000D9FDD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000D9FDD9 second address: 0000000000D9FDDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A9F4FC second address: 0000000000A9F50D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BEC530E8Dh 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A9EDD4 second address: 0000000000A9EDDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A9EDDA second address: 0000000000A9EDE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A9EF1C second address: 0000000000A9EF3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BED3126D5h 0x00000007 jnl 00007F4BED3126C6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AA2F49 second address: 0000000000AA2F6B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4BEC530E86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d js 00007F4BEC530E86h 0x00000013 jbe 00007F4BEC530E86h 0x00000019 popad 0x0000001a ja 00007F4BEC530E8Eh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AA2F6B second address: 0000000000AA2F82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop eax 0x0000000a popad 0x0000000b jnp 00007F4BED3126DAh 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AA2F82 second address: 0000000000AA2F86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A57337 second address: 0000000000A5733B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A5733B second address: 0000000000A573ED instructions: 0x00000000 rdtsc 0x00000002 js 00007F4BEC530E88h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F4BEC530E92h 0x00000013 pushad 0x00000014 jno 00007F4BEC530E86h 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c popad 0x0000001d popad 0x0000001e nop 0x0000001f jmp 00007F4BEC530E98h 0x00000024 mov ebx, dword ptr [ebp+143502C9h] 0x0000002a push 00000000h 0x0000002c push ecx 0x0000002d call 00007F4BEC530E88h 0x00000032 pop ecx 0x00000033 mov dword ptr [esp+04h], ecx 0x00000037 add dword ptr [esp+04h], 00000018h 0x0000003f inc ecx 0x00000040 push ecx 0x00000041 ret 0x00000042 pop ecx 0x00000043 ret 0x00000044 jns 00007F4BEC530E86h 0x0000004a mov edi, ebx 0x0000004c add eax, ebx 0x0000004e push 00000000h 0x00000050 push edx 0x00000051 call 00007F4BEC530E88h 0x00000056 pop edx 0x00000057 mov dword ptr [esp+04h], edx 0x0000005b add dword ptr [esp+04h], 00000016h 0x00000063 inc edx 0x00000064 push edx 0x00000065 ret 0x00000066 pop edx 0x00000067 ret 0x00000068 jg 00007F4BEC530E8Ch 0x0000006e push eax 0x0000006f push eax 0x00000070 push edx 0x00000071 jmp 00007F4BEC530E91h 0x00000076 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000A573ED second address: 0000000000A57481 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4BED3126CCh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 mov di, 8690h 0x00000014 push 00000004h 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007F4BED3126C8h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 0000001Dh 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 jnl 00007F4BED3126D7h 0x00000036 nop 0x00000037 push edx 0x00000038 jmp 00007F4BED3126D5h 0x0000003d pop edx 0x0000003e push eax 0x0000003f pushad 0x00000040 pushad 0x00000041 jmp 00007F4BED3126D5h 0x00000046 pushad 0x00000047 popad 0x00000048 popad 0x00000049 je 00007F4BED3126CCh 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DA00FE second address: 0000000000DA0109 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4BEC530E86h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AA3DC1 second address: 0000000000AA3DCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4BED3126C6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AA3DCE second address: 0000000000AA3DD5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AAA960 second address: 0000000000AAA96C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AAA96C second address: 0000000000AAA983 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC530E93h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AA8CA7 second address: 0000000000AA8CAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AA8CAB second address: 0000000000AA8CE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F4BEC530E8Eh 0x00000014 jmp 00007F4BEC530E98h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AA8F73 second address: 0000000000AA8F77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DA06B7 second address: 0000000000DA06D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4BEC530E90h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DA06D0 second address: 0000000000DA0701 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4BED3126C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F4BED3126D9h 0x00000014 pop eax 0x00000015 jns 00007F4BED3126C8h 0x0000001b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DA476E second address: 0000000000DA4784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BEC530E90h 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DA4784 second address: 0000000000DA4788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AA97E3 second address: 0000000000AA97EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DABA40 second address: 0000000000DABA44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DABA44 second address: 0000000000DABA4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DABA4A second address: 0000000000DABA68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F4BED3126D8h 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DB215F second address: 0000000000DB2195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC530E90h 0x00000009 popad 0x0000000a pushad 0x0000000b jng 00007F4BEC530E86h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 jmp 00007F4BEC530E8Bh 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jl 00007F4BEC530E86h 0x00000023 push ebx 0x00000024 pop ebx 0x00000025 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DB044C second address: 0000000000DB0450 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DB0450 second address: 0000000000DB045E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jbe 00007F4BEC530E86h 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DB0B4B second address: 0000000000DB0B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DB0FC9 second address: 0000000000DB0FCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DB0FCD second address: 0000000000DB0FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4BED3126D8h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AA9D77 second address: 0000000000AA9D7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AA9D7B second address: 0000000000AA9D7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DAFE95 second address: 0000000000DAFEA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F4BEC530E86h 0x00000010 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DB6E8A second address: 0000000000DB6E90 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DB6BA7 second address: 0000000000DB6BD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jg 00007F4BEC530E88h 0x0000000b jmp 00007F4BEC530E91h 0x00000010 pushad 0x00000011 jng 00007F4BEC530E86h 0x00000017 pushad 0x00000018 popad 0x00000019 jg 00007F4BEC530E86h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC017C second address: 0000000000DC0191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F4BED3126D0h 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC0191 second address: 0000000000DC01AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4BEC530E96h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC06F1 second address: 0000000000DC06F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC086E second address: 0000000000DC088C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC530E8Bh 0x00000007 jmp 00007F4BEC530E8Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC088C second address: 0000000000DC0894 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC0894 second address: 0000000000DC0898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DBF69E second address: 0000000000DBF6A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC09E2 second address: 0000000000DC09E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC0B68 second address: 0000000000DC0B9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007F4BED3126D2h 0x0000000c jmp 00007F4BED3126D6h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC0D11 second address: 0000000000DC0D28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4BEC530E92h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC0D28 second address: 0000000000DC0D47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4BED3126D4h 0x00000008 jno 00007F4BED3126C6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC0D47 second address: 0000000000DC0D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4BEC530E91h 0x0000000e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC0D61 second address: 0000000000DC0D7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F4BED3126D7h 0x0000000b rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC1182 second address: 0000000000DC11A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F4BEC530E94h 0x0000000f rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC1480 second address: 0000000000DC149E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4BED3126D3h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC149E second address: 0000000000DC14A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe RDTSC instruction interceptor: First address: 0000000000DC14A2 second address: 0000000000DC14DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BED3126D6h 0x00000007 jmp 00007F4BED3126D8h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jl 00007F4BED3126CEh 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AB2532 second address: 0000000000AB254A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F4BEC3895E3h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AB254A second address: 0000000000AB256A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4BEC76D8C7h 0x0000000e rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AB26A0 second address: 0000000000AB26A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe RDTSC instruction interceptor: First address: 0000000000AB2976 second address: 0000000000AB299F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4BEC76D8C3h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F4BEC76D8BDh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe TID: 6624 Thread sleep time: -68034s >= -30000s
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe TID: 6628 Thread sleep time: -88044s >= -30000s
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe TID: 6612 Thread sleep time: -46023s >= -30000s
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe TID: 6616 Thread sleep time: -58029s >= -30000s
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe TID: 964 Thread sleep count: 34 > 30
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe TID: 964 Thread sleep time: -68034s >= -30000s
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe TID: 6800 Thread sleep time: -42021s >= -30000s
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe TID: 2320 Thread sleep count: 38 > 30
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe TID: 2320 Thread sleep time: -76038s >= -30000s
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Last function: Thread delayed
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Window / User API: threadDelayed 415
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certmgr.exe API coverage: 6.2 %
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe API coverage: 2.1 %
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe API coverage: 6.9 %
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Dropped PE file which has not been started: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicCrypto32V21.dll Jump to dropped file
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Dropped PE file which has not been started: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX_Uninstall.exe Jump to dropped file
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
Source: C:\Windows\SysWOW64\cscript.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\ Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe File opened: C:\Users\user\AppData\Roaming\ Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: MagicLine4NX.exe, 0000002B.00000002.2457679120.0000000000D28000.00000040.00000001.01000000.0000001B.sdmp, MagicLine4NXServices.exe, 0000002C.00000002.1509377448.0000000000A32000.00000040.00000001.01000000.0000001C.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: MagicLine4NX.exe, 0000002B.00000002.2464388155.00000000016D3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllp
Source: svchost.exe, 0000001A.00000002.2423245909.00000241FC413000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW\w%SystemRoot%\system32\mswsock.dll\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Windows\Serv
Source: cscript.exe, 00000016.00000003.1384442431.000000000321C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMWar&Prod_VMware_SATA_C
Source: MagicLine4NX.exe, 0000002B.00000002.2457679120.0000000000D28000.00000040.00000001.01000000.0000001B.sdmp, MagicLine4NXServices.exe, 0000002C.00000002.1509377448.0000000000A32000.00000040.00000001.01000000.0000001C.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: svchost.exe, 00000002.00000002.2429760809.0000010A84C6D000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 00000011.00000002.1300249086.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 00000013.00000002.1318847140.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 00000018.00000002.1352328513.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, certutil.exe, 0000001E.00000002.1379466690.0000000001528000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000023.00000002.1406667750.0000000001358000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000025.00000002.1418215234.0000000001538000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E1480F0 GetSystemInfo, 19_2_6E1480F0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFDD673 FindFirstFileExA, 17_2_6DFDD673
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E02F393 FindFirstFileExA, 17_2_6E02F393
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E159CF0 __mbsinc,FindFirstFileA,GetLastError, 19_2_6E159CF0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E17300F FindFirstFileExA, 19_2_6E17300F
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E1952CD FindFirstFileExA, 19_2_6E1952CD
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E282291 FindFirstFileExA, 19_2_6E282291
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe System information queried: ModuleInformation

Anti Debugging

barindex
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Open window title or class name: regmonclass
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Open window title or class name: gbdyllo
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Open window title or class name: procmon_window_class
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Open window title or class name: ollydbg
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Open window title or class name: filemonclass
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Thread information set: HideFromDebugger
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Thread information set: HideFromDebugger
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Thread information set: HideFromDebugger
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Code function: 0_2_100010D0 GetVersionExA,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,WideCharToMultiByte,lstrcmpiA,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenA,lstrcpynA,lstrcmpiA,CloseHandle,FreeLibrary, 0_2_100010D0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFDADAB mov eax, dword ptr fs:[00000030h] 17_2_6DFDADAB
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFDD448 mov eax, dword ptr fs:[00000030h] 17_2_6DFDD448
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E029903 mov eax, dword ptr fs:[00000030h] 17_2_6E029903
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E02F168 mov eax, dword ptr fs:[00000030h] 17_2_6E02F168
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E169038 mov eax, dword ptr fs:[00000030h] 19_2_6E169038
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E1721B7 mov eax, dword ptr fs:[00000030h] 19_2_6E1721B7
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E1721FC mov eax, dword ptr fs:[00000030h] 19_2_6E1721FC
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E194E0D mov eax, dword ptr fs:[00000030h] 19_2_6E194E0D
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E193BDA mov eax, dword ptr fs:[00000030h] 19_2_6E193BDA
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E282066 mov eax, dword ptr fs:[00000030h] 19_2_6E282066
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E27DD30 mov eax, dword ptr fs:[00000030h] 19_2_6E27DD30
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Process queried: DebugPort
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Process queried: DebugPort
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe Process queried: DebugPort
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Process queried: DebugPort
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Process queried: DebugPort
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Process queried: DebugPort
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Process queried: DebugPort
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Process queried: DebugPort
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Process queried: DebugPort
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe File opened: NTICE
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe File opened: SICE
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe File opened: SIWVID
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFDB940 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 17_2_6DFDB940
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFDE2E8 GetProcessHeap, 17_2_6DFDE2E8
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD8CCC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 17_2_6DFD8CCC
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFDB940 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 17_2_6DFDB940
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD936A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 17_2_6DFD936A
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E025EFA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 17_2_6E025EFA
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E02D2FB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 17_2_6E02D2FB
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E0263FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 17_2_6E0263FF
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E16AA4D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_6E16AA4D
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E15D6DB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_6E15D6DB
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E15E55C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_6E15E55C
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E194E40 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_6E194E40
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E19260B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_6E19260B
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E192265 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_6E192265
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E27887F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_6E27887F

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: C:\Windows\SysWOW64\version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: C:\Windows\SysWOW64\version.dll Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: C:\Windows\SysWOW64\version.dll Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: C:\Windows\SysWOW64\version.dll Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe c:\program files (x86)\dreamsecurity\magicline4nx\cert\certutil.exe" -a -n "dreamsecurity root ca" -i "c:\program files (x86)\dreamsecurity\magicline4nx\cert\dreamsecurity-rootca.der" -t "ct,c,c" -d "c:\users\user\appdata\roaming\mozilla\firefox\profiles\kc1pur8x.default
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe c:\program files (x86)\dreamsecurity\magicline4nx\cert\certutil.exe" -a -n "dreamsecurity root ca" -i "c:\program files (x86)\dreamsecurity\magicline4nx\cert\dreamsecurity-rootca.der" -t "ct,c,c" -d sql:"c:\users\user\appdata\roaming\mozilla\firefox\profiles\tjbwzv1u.default-release
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe c:\program files (x86)\dreamsecurity\magicline4nx\cert\certutil.exe" -a -n "dreamsecurity root ca" -i "c:\program files (x86)\dreamsecurity\magicline4nx\cert\dreamsecurity-rootca.der" -t "ct,c,c" -d "c:\users\user\appdata\roaming\mozilla\firefox\profiles\kc1pur8x.default Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe c:\program files (x86)\dreamsecurity\magicline4nx\cert\certutil.exe" -a -n "dreamsecurity root ca" -i "c:\program files (x86)\dreamsecurity\magicline4nx\cert\dreamsecurity-rootca.der" -t "ct,c,c" -d sql:"c:\users\user\appdata\roaming\mozilla\firefox\profiles\tjbwzv1u.default-release Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C taskkill /f /im NTSMagicLineNP.exe Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\sc.exe sc stop MagicLine4NXSVC Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\sc.exe sc delete MagicLine4NXSVC Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C taskkill /f /im MagicLine4NX.exe Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certmgr.exe "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certmgr.exe" -add dreamsecurity-rootca.der -c -s -r localMachine Root Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\cscript.exe cscript" "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\ImportCAtoFirefoxCheck.vbs" "MagicLine4NX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\cscript.exe cscript" "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\ImportCAtoFirefox.vbs" "MagicLine4NX Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="MagicLine4NX" program="C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe" Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="MagicLine4NX" dir=in action=allow program="C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe" enable=yes Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\CheckNetIsolation.exe CheckNetIsolation LoopbackExempt -a -n="Microsoft.MicrosoftEdge_8wekyb3d8bbwe" Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\CheckNetIsolation.exe CheckNetIsolation LoopbackExempt -a -n="Microsoft.Windows.Spartan_cw5n1h2txyewy" Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe" -install Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\sc.exe sc start MagicLine4NXSVC Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im NTSMagicLineNP.exe Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im MagicLine4NX.exe Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe" -L -d "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default" -n "Dreamsecurity ROOT CA Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe" -L -d sql:"C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release" -n "Dreamsecurity ROOT CA Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe" -A -n "Dreamsecurity ROOT CA" -i "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\dreamsecurity-rootca.der" -t "CT,c,C" -d "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe Process created: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe" -A -n "Dreamsecurity ROOT CA" -i "C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\dreamsecurity-rootca.der" -t "CT,c,C" -d sql:"C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im NTSMagicLineNP.exe Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im MagicLine4NX.exe Jump to behavior
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E158BD0 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetLengthSid,CopySid,GetTokenInformation,GetLengthSid,CopySid,FindCloseChangeNotification,AllocateAndInitializeSid, 19_2_6E158BD0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E158D20 GetLastError,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,GetLengthSid,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetLastError, 19_2_6E158D20
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\secmod.db VolumeInformation
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\cert8.db VolumeInformation
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\key3.db VolumeInformation
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Queries volume information: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\dreamsecurity-rootca.der VolumeInformation
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Queries volume information: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\dreamsecurity-rootca.der VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD8DEF cpuid 17_2_6DFD8DEF
Source: C:\Windows\SysWOW64\cscript.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6DFD8F8E GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 17_2_6DFD8F8E
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E031A8B _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free, 17_2_6E031A8B
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Code function: 0_2_100010D0 GetVersionExA,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,WideCharToMultiByte,lstrcmpiA,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenA,lstrcpynA,lstrcmpiA,CloseHandle,FreeLibrary, 0_2_100010D0

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="MagicLine4NX" program="C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe"
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Registry key created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 1406 Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Registry key created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 1607 Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Registry key created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 CurrentLevel Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Registry key created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 1406 Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Registry key created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 1607 Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Registry key created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 CurrentLevel Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 1406 Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 1607 Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 CurrentLevel Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 1406 Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 1607 Jump to behavior
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 CurrentLevel Jump to behavior
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\secmod.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\secmod.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\secmod.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\cert8.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\cert8.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\cert8.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\key3.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\key3.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\key3.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release\cert9.db-journal
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release\cert9.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release\key4.db-journal
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release\key4.db
Source: C:\Windows\System32\svchost.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
Source: C:\Users\user\Desktop\magicline4nx_setup.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="MagicLine4NX" program="C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe"
Source: C:\Windows\System32\svchost.exe WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exe WMI Queries: AntiVirusProduct.instanceGuid="{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"
Source: svchost.exe, 00000021.00000002.2430348352.000001D1EF702000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: gramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 00000021.00000002.2429556963.000001D1EF666000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: AntiVirusProduct{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}Windows DefenderMon, 28 Nov 2022 14:22:50 GMTwindowsdefender://%ProgramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 00000021.00000002.2427255821.000001D1EF644000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: (@V%ProgramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 00000021.00000002.2427255821.000001D1EF644000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: @V%ProgramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 00000021.00000002.2430348352.000001D1EF702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000021.00000002.2429556963.000001D1EF666000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Stealing of Sensitive Information

barindex
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\key.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release\pkcs11.txt
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\cert6.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\cert5.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\cert8.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\cert7.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release\key4.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\cert.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release\cert9.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release\cert9.db-journal
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\secmod.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\key3.db
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release\key4.db-journal
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 17_2_6E055C30 sqlite3_clear_bindings, 17_2_6E055C30
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E15ACF0 listen,WSAGetLastError, 19_2_6E15ACF0
Source: C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe Code function: 19_2_6E15AB20 bind,WSAGetLastError, 19_2_6E15AB20
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs