Windows Analysis Report
NOVA ORDEM.exe

AV Detection

Source: NOVA ORDEM.exe	Virustotal: Detection: 33%			Perma Link
Source: NOVA ORDEM.exe	ReversingLabs: Detection: 34%

Source: Yara match	File source: 4.2.wmplayer.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.wmplayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.2063350156.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2062866789.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Exploits

Source: Yara match	File source: 00000000.00000002.1785713329.000002571E87D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: NOVA ORDEM.exe PID: 1344, type: MEMORYSTR

Compliance

Source: NOVA ORDEM.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: Microsoft.VisualBasic.ni.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Drawing.pdb/ source: WER6844.tmp.dmp.8.dr
Source:	Binary string: mscorlib.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.ni.pdbRSDS source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Windows.Forms.ni.pdbRSDS source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Drawing.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Windows.Forms.ni.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: mscorlib.ni.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: wntdll.pdbUGP source: wmplayer.exe, 00000004.00000002.2063083233.00000000037B0000.00000040.00001000.00020000.00000000.sdmp, wmplayer.exe, 00000004.00000002.2063083233.000000000394E000.00000040.00001000.00020000.00000000.sdmp, wmplayer.exe, 00000004.00000003.2029609050.0000000003452000.00000004.00000020.00020000.00000000.sdmp, wmplayer.exe, 00000004.00000003.2031438414.0000000003606000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Drawing.ni.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: wntdll.pdb source: wmplayer.exe, wmplayer.exe, 00000004.00000002.2063083233.00000000037B0000.00000040.00001000.00020000.00000000.sdmp, wmplayer.exe, 00000004.00000002.2063083233.000000000394E000.00000040.00001000.00020000.00000000.sdmp, wmplayer.exe, 00000004.00000003.2029609050.0000000003452000.00000004.00000020.00020000.00000000.sdmp, wmplayer.exe, 00000004.00000003.2031438414.0000000003606000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: mscorlib.ni.pdbRSDS7^3l source: WER6844.tmp.dmp.8.dr
Source:	Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Drawing.ni.pdbRSDS source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Core.pdbh- source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.ni.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Core.ni.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: Microsoft.VisualBasic.pdb source: WER6844.tmp.dmp.8.dr

Networking

Source: Amcache.hve.8.dr	String found in binary or memory: http://upx.sf.net
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: NOVA ORDEM.exe, 00000000.00000002.1787859610.0000025737ED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

E-Banking Fraud

Source: Yara match	File source: 4.2.wmplayer.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.wmplayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.2063350156.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2062866789.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

System Summary

Source: 4.2.wmplayer.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 4.2.wmplayer.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.2063350156.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.2062866789.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0042B6B3 NtClose,		4_2_0042B6B3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038235C0 NtCreateMutant,LdrInitializeThunk,		4_2_038235C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822B60 NtClose,LdrInitializeThunk,		4_2_03822B60
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822DF0 NtQuerySystemInformation,LdrInitializeThunk,		4_2_03822DF0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822C70 NtFreeVirtualMemory,LdrInitializeThunk,		4_2_03822C70
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03824340 NtSetContextThread,		4_2_03824340
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03823090 NtSetValueKey,		4_2_03823090
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03823010 NtOpenDirectoryObject,		4_2_03823010
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03824650 NtSuspendThread,		4_2_03824650
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822B80 NtQueryInformationFile,		4_2_03822B80
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822BA0 NtEnumerateValueKey,		4_2_03822BA0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822BE0 NtQueryValueKey,		4_2_03822BE0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822BF0 NtAllocateVirtualMemory,		4_2_03822BF0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822AB0 NtWaitForSingleObject,		4_2_03822AB0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822AD0 NtReadFile,		4_2_03822AD0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822AF0 NtWriteFile,		4_2_03822AF0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038239B0 NtGetContextThread,		4_2_038239B0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822F90 NtProtectVirtualMemory,		4_2_03822F90
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822FA0 NtQuerySection,		4_2_03822FA0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822FB0 NtResumeThread,		4_2_03822FB0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822FE0 NtCreateFile,		4_2_03822FE0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822F30 NtCreateSection,		4_2_03822F30
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822F60 NtCreateProcessEx,		4_2_03822F60
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822E80 NtReadVirtualMemory,		4_2_03822E80
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822EA0 NtAdjustPrivilegesToken,		4_2_03822EA0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822EE0 NtQueueApcThread,		4_2_03822EE0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822E30 NtWriteVirtualMemory,		4_2_03822E30
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822DB0 NtEnumerateKey,		4_2_03822DB0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822DD0 NtDelayExecution,		4_2_03822DD0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822D00 NtSetInformationFile,		4_2_03822D00
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822D10 NtMapViewOfSection,		4_2_03822D10
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03823D10 NtOpenProcessToken,		4_2_03823D10
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822D30 NtUnmapViewOfSection,		4_2_03822D30
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03823D70 NtOpenThread,		4_2_03823D70
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822CA0 NtQueryInformationToken,		4_2_03822CA0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822CC0 NtQueryVirtualMemory,		4_2_03822CC0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822CF0 NtOpenProcess,		4_2_03822CF0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822C00 NtQueryInformationProcess,		4_2_03822C00
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822C60 NtCreateKey,		4_2_03822C60

Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Code function: 0_2_00007FFD9B88D409		0_2_00007FFD9B88D409
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Code function: 0_2_00007FFD9B88CC44		0_2_00007FFD9B88CC44
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Code function: 0_2_00007FFD9B88A7D0		0_2_00007FFD9B88A7D0
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Code function: 0_2_00007FFD9B885D7F		0_2_00007FFD9B885D7F
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Code function: 0_2_00007FFD9B8814ED		0_2_00007FFD9B8814ED
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Code function: 0_2_00007FFD9B880508		0_2_00007FFD9B880508
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Code function: 0_2_00007FFD9B88FD35		0_2_00007FFD9B88FD35
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Code function: 0_2_00007FFD9B960050		0_2_00007FFD9B960050
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_004032C0		4_2_004032C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0042DAC3		4_2_0042DAC3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_004022F4		4_2_004022F4
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_00401350		4_2_00401350
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_00402300		4_2_00402300
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_004103EB		4_2_004103EB
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_004103F3		4_2_004103F3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_004024E0		4_2_004024E0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_00416CAE		4_2_00416CAE
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_00416CB3		4_2_00416CB3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_00410613		4_2_00410613
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0040E693		4_2_0040E693
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_004027A0		4_2_004027A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0383739A		4_2_0383739A
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DD34C		4_2_037DD34C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B03E6		4_2_038B03E6
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FE3F0		4_2_037FE3F0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A132D		4_2_038A132D
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AA352		4_2_038AA352
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380B2C0		4_2_0380B2C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F52A0		4_2_037F52A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890274		4_2_03890274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B01AA		4_2_038B01AA
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A81CC		4_2_038A81CC
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E0100		4_2_037E0100
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0388A118		4_2_0388A118
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FB1B0		4_2_037FB1B0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038BB16B		4_2_038BB16B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0382516C		4_2_0382516C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389F0CC		4_2_0389F0CC
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A70E9		4_2_038A70E9
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AF0E0		4_2_038AF0E0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0770		4_2_037F0770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AF7B0		4_2_038AF7B0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EC7C0		4_2_037EC7C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03814750		4_2_03814750
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A16CC		4_2_038A16CC
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380C6E0		4_2_0380C6E0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B0591		4_2_038B0591
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0388D5B0		4_2_0388D5B0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0535		4_2_037F0535
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A7571		4_2_038A7571
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E1460		4_2_037E1460
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389E4F6		4_2_0389E4F6
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AF43F		4_2_038AF43F
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A2446		4_2_038A2446
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380FB80		4_2_0380FB80
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A6BD7		4_2_038A6BD7
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0382DBF9		4_2_0382DBF9
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AAB40		4_2_038AAB40
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AFB76		4_2_038AFB76
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03835AA0		4_2_03835AA0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0388DAAC		4_2_0388DAAC
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389DAC6		4_2_0389DAC6
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AFA49		4_2_038AFA49
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A7A46		4_2_038A7A46
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03863A6C		4_2_03863A6C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EEA80		4_2_037EEA80
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038BA9A6		4_2_038BA9A6
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F9950		4_2_037F9950
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380B950		4_2_0380B950
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F29A0		4_2_037F29A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03806962		4_2_03806962
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F2840		4_2_037F2840
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FA840		4_2_037FA840
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381E8F0		4_2_0381E8F0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F38E0		4_2_037F38E0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D68B8		4_2_037D68B8
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AFFB1		4_2_038AFFB1
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AFF09		4_2_038AFF09
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03832F28		4_2_03832F28
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03810F30		4_2_03810F30
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E2FC8		4_2_037E2FC8
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03864F40		4_2_03864F40
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1F92		4_2_037F1F92
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03802E90		4_2_03802E90
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038ACE93		4_2_038ACE93
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0E59		4_2_037F0E59
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AEEDB		4_2_038AEEDB
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AEE26		4_2_038AEE26
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F9EB0		4_2_037F9EB0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F3D40		4_2_037F3D40
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03808DBF		4_2_03808DBF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380FDC0		4_2_0380FDC0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FAD00		4_2_037FAD00
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EADE0		4_2_037EADE0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A1D5A		4_2_038A1D5A
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A7D73		4_2_038A7D73
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890CB5		4_2_03890CB5
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AFCF2		4_2_038AFCF2
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0C00		4_2_037F0C00
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E0CF2		4_2_037E0CF2
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03869C32		4_2_03869C32

Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: String function: 0386F290 appears 105 times
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: String function: 03837E54 appears 86 times
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: String function: 03825130 appears 36 times
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: String function: 037DB970 appears 251 times
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: String function: 0385EA12 appears 84 times

Source: C:\Users\user\Desktop\NOVA ORDEM.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1344 -s 1128

Source: NOVA ORDEM.exe

Static PE information: No import functions for PE file found

Source: NOVA ORDEM.exe, 00000000.00000000.1636984120.000002571C892000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameUgexonelexudapivu4 vs NOVA ORDEM.exe
Source: NOVA ORDEM.exe	Binary or memory string: OriginalFilenameUgexonelexudapivu4 vs NOVA ORDEM.exe

Source: 4.2.wmplayer.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 4.2.wmplayer.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.2063350156.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.2062866789.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.expl.evad.winEXE@9/5@0/0

Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3272:120:WilError_03
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1344

Source: C:\Windows\System32\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\8f23950c-af07-4f37-b31f-6c1b858762cc

Jump to behavior

Source: NOVA ORDEM.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: NOVA ORDEM.exe

Static file information: TRID: Win64 Executable Console Net Framework (206006/5) 48.58%

Source: C:\Users\user\Desktop\NOVA ORDEM.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: NOVA ORDEM.exe	Virustotal: Detection: 33%
Source: NOVA ORDEM.exe	ReversingLabs: Detection: 34%

Source: C:\Users\user\Desktop\NOVA ORDEM.exe

File read: C:\Users\user\Desktop\NOVA ORDEM.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\NOVA ORDEM.exe "C:\Users\user\Desktop\NOVA ORDEM.exe"
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe"
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process created: C:\Program Files (x86)\Windows Media Player\wmplayer.exe "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process created: C:\Program Files (x86)\Windows Media Player\wmplayer.exe "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1344 -s 1128
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe"			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process created: C:\Program Files (x86)\Windows Media Player\wmplayer.exe "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process created: C:\Program Files (x86)\Windows Media Player\wmplayer.exe "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"			Jump to behavior

Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: dwrite.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Section loaded: windows.storage.dll			Jump to behavior

Source: C:\Users\user\Desktop\NOVA ORDEM.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\NOVA ORDEM.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: NOVA ORDEM.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: NOVA ORDEM.exe

Static file information: File size 1553007 > 1048576

Source: NOVA ORDEM.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: NOVA ORDEM.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: Microsoft.VisualBasic.ni.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Drawing.pdb/ source: WER6844.tmp.dmp.8.dr
Source:	Binary string: mscorlib.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.ni.pdbRSDS source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Windows.Forms.ni.pdbRSDS source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Drawing.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Windows.Forms.ni.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: mscorlib.ni.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: wntdll.pdbUGP source: wmplayer.exe, 00000004.00000002.2063083233.00000000037B0000.00000040.00001000.00020000.00000000.sdmp, wmplayer.exe, 00000004.00000002.2063083233.000000000394E000.00000040.00001000.00020000.00000000.sdmp, wmplayer.exe, 00000004.00000003.2029609050.0000000003452000.00000004.00000020.00020000.00000000.sdmp, wmplayer.exe, 00000004.00000003.2031438414.0000000003606000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Drawing.ni.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: wntdll.pdb source: wmplayer.exe, wmplayer.exe, 00000004.00000002.2063083233.00000000037B0000.00000040.00001000.00020000.00000000.sdmp, wmplayer.exe, 00000004.00000002.2063083233.000000000394E000.00000040.00001000.00020000.00000000.sdmp, wmplayer.exe, 00000004.00000003.2029609050.0000000003452000.00000004.00000020.00020000.00000000.sdmp, wmplayer.exe, 00000004.00000003.2031438414.0000000003606000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: mscorlib.ni.pdbRSDS7^3l source: WER6844.tmp.dmp.8.dr
Source:	Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Drawing.ni.pdbRSDS source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Core.pdbh- source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.ni.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER6844.tmp.dmp.8.dr
Source:	Binary string: System.Core.ni.pdb source: WER6844.tmp.dmp.8.dr
Source:	Binary string: Microsoft.VisualBasic.pdb source: WER6844.tmp.dmp.8.dr

Data Obfuscation

Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Code function: 0_2_00007FFD9B960050 push esp; retf 4810h		0_2_00007FFD9B960312
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0040D063 push esi; iretd		4_2_0040D065
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_00418BBB push esi; retf		4_2_00418BC5
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_00412479 push edx; retf		4_2_0041247E
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_00403550 push eax; ret		4_2_00403552
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_00414D25 push ss; iretd		4_2_00414D26
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_00404DA3 push FFFFFFE7h; iretd		4_2_00404DA5
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_00404E06 pushad ; ret		4_2_00404E07
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_00418E1C push ss; retf		4_2_00418E2A
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_00426F63 push eax; ret		4_2_00426F72
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E09AD push ecx; mov dword ptr [esp], ecx		4_2_037E09B6

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: Yara match

File source: Process Memory Space: NOVA ORDEM.exe PID: 1344, type: MEMORYSTR

Source: NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E87D000.00000004.00000800.00020000.00000000.sdmp, NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E87D000.00000004.00000800.00020000.00000000.sdmp, NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Memory allocated: 2571CBC0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Memory allocated: 25736500000 memory reserve | memory write watch			Jump to behavior

Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Code function: 4_2_0380BBA0 rdtsc

4_2_0380BBA0

Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

API coverage: 0.8 %

Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe TID: 7268

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: Amcache.hve.8.dr	Binary or memory string: VMware
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.8.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.8.dr	Binary or memory string: VMware, Inc.
Source: NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: Amcache.hve.8.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.8.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.8.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWARE
Source: NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
Source: Amcache.hve.8.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: Amcache.hve.8.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
Source: Amcache.hve.8.dr	Binary or memory string: vmci.syshbin`
Source: NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: Amcache.hve.8.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
Source: NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: Amcache.hve.8.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.8.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.8.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.8.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.8.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.8.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.8.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
Source: NOVA ORDEM.exe, 00000000.00000002.1785713329.000002571E540000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
Source: Amcache.hve.8.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.8.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.8.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Code function: 4_2_0380BBA0 rdtsc

4_2_0380BBA0

Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Code function: 4_2_00417C63 LdrLoadDll,

4_2_00417C63

Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E7370 mov eax, dword ptr fs:[00000030h]		4_2_037E7370
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E7370 mov eax, dword ptr fs:[00000030h]		4_2_037E7370
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E7370 mov eax, dword ptr fs:[00000030h]		4_2_037E7370
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380438F mov eax, dword ptr fs:[00000030h]		4_2_0380438F
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380438F mov eax, dword ptr fs:[00000030h]		4_2_0380438F
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B539D mov eax, dword ptr fs:[00000030h]		4_2_038B539D
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0383739A mov eax, dword ptr fs:[00000030h]		4_2_0383739A
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0383739A mov eax, dword ptr fs:[00000030h]		4_2_0383739A
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038133A0 mov eax, dword ptr fs:[00000030h]		4_2_038133A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038133A0 mov eax, dword ptr fs:[00000030h]		4_2_038133A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038033A5 mov eax, dword ptr fs:[00000030h]		4_2_038033A5
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D9353 mov eax, dword ptr fs:[00000030h]		4_2_037D9353
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D9353 mov eax, dword ptr fs:[00000030h]		4_2_037D9353
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DD34C mov eax, dword ptr fs:[00000030h]		4_2_037DD34C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DD34C mov eax, dword ptr fs:[00000030h]		4_2_037DD34C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389C3CD mov eax, dword ptr fs:[00000030h]		4_2_0389C3CD
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D7330 mov eax, dword ptr fs:[00000030h]		4_2_037D7330
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389B3D0 mov ecx, dword ptr fs:[00000030h]		4_2_0389B3D0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DC310 mov ecx, dword ptr fs:[00000030h]		4_2_037DC310
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389F3E6 mov eax, dword ptr fs:[00000030h]		4_2_0389F3E6
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B53FC mov eax, dword ptr fs:[00000030h]		4_2_038B53FC
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038163FF mov eax, dword ptr fs:[00000030h]		4_2_038163FF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381A30B mov eax, dword ptr fs:[00000030h]		4_2_0381A30B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381A30B mov eax, dword ptr fs:[00000030h]		4_2_0381A30B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381A30B mov eax, dword ptr fs:[00000030h]		4_2_0381A30B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386930B mov eax, dword ptr fs:[00000030h]		4_2_0386930B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386930B mov eax, dword ptr fs:[00000030h]		4_2_0386930B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386930B mov eax, dword ptr fs:[00000030h]		4_2_0386930B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FE3F0 mov eax, dword ptr fs:[00000030h]		4_2_037FE3F0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FE3F0 mov eax, dword ptr fs:[00000030h]		4_2_037FE3F0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FE3F0 mov eax, dword ptr fs:[00000030h]		4_2_037FE3F0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03800310 mov ecx, dword ptr fs:[00000030h]		4_2_03800310
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F03E9 mov eax, dword ptr fs:[00000030h]		4_2_037F03E9
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F03E9 mov eax, dword ptr fs:[00000030h]		4_2_037F03E9
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F03E9 mov eax, dword ptr fs:[00000030h]		4_2_037F03E9
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F03E9 mov eax, dword ptr fs:[00000030h]		4_2_037F03E9
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F03E9 mov eax, dword ptr fs:[00000030h]		4_2_037F03E9
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F03E9 mov eax, dword ptr fs:[00000030h]		4_2_037F03E9
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F03E9 mov eax, dword ptr fs:[00000030h]		4_2_037F03E9
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F03E9 mov eax, dword ptr fs:[00000030h]		4_2_037F03E9
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A132D mov eax, dword ptr fs:[00000030h]		4_2_038A132D
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A132D mov eax, dword ptr fs:[00000030h]		4_2_038A132D
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380F32A mov eax, dword ptr fs:[00000030h]		4_2_0380F32A
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EA3C0 mov eax, dword ptr fs:[00000030h]		4_2_037EA3C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EA3C0 mov eax, dword ptr fs:[00000030h]		4_2_037EA3C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EA3C0 mov eax, dword ptr fs:[00000030h]		4_2_037EA3C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EA3C0 mov eax, dword ptr fs:[00000030h]		4_2_037EA3C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EA3C0 mov eax, dword ptr fs:[00000030h]		4_2_037EA3C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EA3C0 mov eax, dword ptr fs:[00000030h]		4_2_037EA3C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E83C0 mov eax, dword ptr fs:[00000030h]		4_2_037E83C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E83C0 mov eax, dword ptr fs:[00000030h]		4_2_037E83C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E83C0 mov eax, dword ptr fs:[00000030h]		4_2_037E83C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E83C0 mov eax, dword ptr fs:[00000030h]		4_2_037E83C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B5341 mov eax, dword ptr fs:[00000030h]		4_2_038B5341
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03862349 mov eax, dword ptr fs:[00000030h]		4_2_03862349
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AA352 mov eax, dword ptr fs:[00000030h]		4_2_038AA352
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386035C mov eax, dword ptr fs:[00000030h]		4_2_0386035C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386035C mov eax, dword ptr fs:[00000030h]		4_2_0386035C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386035C mov eax, dword ptr fs:[00000030h]		4_2_0386035C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386035C mov ecx, dword ptr fs:[00000030h]		4_2_0386035C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386035C mov eax, dword ptr fs:[00000030h]		4_2_0386035C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386035C mov eax, dword ptr fs:[00000030h]		4_2_0386035C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D8397 mov eax, dword ptr fs:[00000030h]		4_2_037D8397
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D8397 mov eax, dword ptr fs:[00000030h]		4_2_037D8397
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D8397 mov eax, dword ptr fs:[00000030h]		4_2_037D8397
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389F367 mov eax, dword ptr fs:[00000030h]		4_2_0389F367
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0388437C mov eax, dword ptr fs:[00000030h]		4_2_0388437C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DE388 mov eax, dword ptr fs:[00000030h]		4_2_037DE388
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DE388 mov eax, dword ptr fs:[00000030h]		4_2_037DE388
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DE388 mov eax, dword ptr fs:[00000030h]		4_2_037DE388
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03860283 mov eax, dword ptr fs:[00000030h]		4_2_03860283
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03860283 mov eax, dword ptr fs:[00000030h]		4_2_03860283
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03860283 mov eax, dword ptr fs:[00000030h]		4_2_03860283
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381E284 mov eax, dword ptr fs:[00000030h]		4_2_0381E284
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381E284 mov eax, dword ptr fs:[00000030h]		4_2_0381E284
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B5283 mov eax, dword ptr fs:[00000030h]		4_2_038B5283
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D826B mov eax, dword ptr fs:[00000030h]		4_2_037D826B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E4260 mov eax, dword ptr fs:[00000030h]		4_2_037E4260
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E4260 mov eax, dword ptr fs:[00000030h]		4_2_037E4260
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E4260 mov eax, dword ptr fs:[00000030h]		4_2_037E4260
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381329E mov eax, dword ptr fs:[00000030h]		4_2_0381329E
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381329E mov eax, dword ptr fs:[00000030h]		4_2_0381329E
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038762A0 mov eax, dword ptr fs:[00000030h]		4_2_038762A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038762A0 mov ecx, dword ptr fs:[00000030h]		4_2_038762A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038762A0 mov eax, dword ptr fs:[00000030h]		4_2_038762A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038762A0 mov eax, dword ptr fs:[00000030h]		4_2_038762A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038762A0 mov eax, dword ptr fs:[00000030h]		4_2_038762A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038762A0 mov eax, dword ptr fs:[00000030h]		4_2_038762A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038772A0 mov eax, dword ptr fs:[00000030h]		4_2_038772A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038772A0 mov eax, dword ptr fs:[00000030h]		4_2_038772A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E6259 mov eax, dword ptr fs:[00000030h]		4_2_037E6259
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A92A6 mov eax, dword ptr fs:[00000030h]		4_2_038A92A6
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A92A6 mov eax, dword ptr fs:[00000030h]		4_2_038A92A6
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A92A6 mov eax, dword ptr fs:[00000030h]		4_2_038A92A6
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A92A6 mov eax, dword ptr fs:[00000030h]		4_2_038A92A6
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DA250 mov eax, dword ptr fs:[00000030h]		4_2_037DA250
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038692BC mov eax, dword ptr fs:[00000030h]		4_2_038692BC
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038692BC mov eax, dword ptr fs:[00000030h]		4_2_038692BC
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038692BC mov ecx, dword ptr fs:[00000030h]		4_2_038692BC
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038692BC mov ecx, dword ptr fs:[00000030h]		4_2_038692BC
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D9240 mov eax, dword ptr fs:[00000030h]		4_2_037D9240
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D9240 mov eax, dword ptr fs:[00000030h]		4_2_037D9240
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380B2C0 mov eax, dword ptr fs:[00000030h]		4_2_0380B2C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380B2C0 mov eax, dword ptr fs:[00000030h]		4_2_0380B2C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380B2C0 mov eax, dword ptr fs:[00000030h]		4_2_0380B2C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380B2C0 mov eax, dword ptr fs:[00000030h]		4_2_0380B2C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380B2C0 mov eax, dword ptr fs:[00000030h]		4_2_0380B2C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380B2C0 mov eax, dword ptr fs:[00000030h]		4_2_0380B2C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380B2C0 mov eax, dword ptr fs:[00000030h]		4_2_0380B2C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D823B mov eax, dword ptr fs:[00000030h]		4_2_037D823B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380F2D0 mov eax, dword ptr fs:[00000030h]		4_2_0380F2D0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380F2D0 mov eax, dword ptr fs:[00000030h]		4_2_0380F2D0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038912ED mov eax, dword ptr fs:[00000030h]		4_2_038912ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B52E2 mov eax, dword ptr fs:[00000030h]		4_2_038B52E2
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389F2F8 mov eax, dword ptr fs:[00000030h]		4_2_0389F2F8
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D92FF mov eax, dword ptr fs:[00000030h]		4_2_037D92FF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03817208 mov eax, dword ptr fs:[00000030h]		4_2_03817208
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03817208 mov eax, dword ptr fs:[00000030h]		4_2_03817208
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F02E1 mov eax, dword ptr fs:[00000030h]		4_2_037F02E1
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F02E1 mov eax, dword ptr fs:[00000030h]		4_2_037F02E1
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F02E1 mov eax, dword ptr fs:[00000030h]		4_2_037F02E1
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B5227 mov eax, dword ptr fs:[00000030h]		4_2_038B5227
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DB2D3 mov eax, dword ptr fs:[00000030h]		4_2_037DB2D3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DB2D3 mov eax, dword ptr fs:[00000030h]		4_2_037DB2D3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DB2D3 mov eax, dword ptr fs:[00000030h]		4_2_037DB2D3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E92C5 mov eax, dword ptr fs:[00000030h]		4_2_037E92C5
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E92C5 mov eax, dword ptr fs:[00000030h]		4_2_037E92C5
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EA2C3 mov eax, dword ptr fs:[00000030h]		4_2_037EA2C3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EA2C3 mov eax, dword ptr fs:[00000030h]		4_2_037EA2C3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EA2C3 mov eax, dword ptr fs:[00000030h]		4_2_037EA2C3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EA2C3 mov eax, dword ptr fs:[00000030h]		4_2_037EA2C3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EA2C3 mov eax, dword ptr fs:[00000030h]		4_2_037EA2C3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381724D mov eax, dword ptr fs:[00000030h]		4_2_0381724D
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F02A0 mov eax, dword ptr fs:[00000030h]		4_2_037F02A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F02A0 mov eax, dword ptr fs:[00000030h]		4_2_037F02A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389B256 mov eax, dword ptr fs:[00000030h]		4_2_0389B256
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389B256 mov eax, dword ptr fs:[00000030h]		4_2_0389B256
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F52A0 mov eax, dword ptr fs:[00000030h]		4_2_037F52A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F52A0 mov eax, dword ptr fs:[00000030h]		4_2_037F52A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F52A0 mov eax, dword ptr fs:[00000030h]		4_2_037F52A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F52A0 mov eax, dword ptr fs:[00000030h]		4_2_037F52A0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AD26B mov eax, dword ptr fs:[00000030h]		4_2_038AD26B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038AD26B mov eax, dword ptr fs:[00000030h]		4_2_038AD26B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03821270 mov eax, dword ptr fs:[00000030h]		4_2_03821270
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03821270 mov eax, dword ptr fs:[00000030h]		4_2_03821270
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03809274 mov eax, dword ptr fs:[00000030h]		4_2_03809274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890274 mov eax, dword ptr fs:[00000030h]		4_2_03890274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890274 mov eax, dword ptr fs:[00000030h]		4_2_03890274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890274 mov eax, dword ptr fs:[00000030h]		4_2_03890274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890274 mov eax, dword ptr fs:[00000030h]		4_2_03890274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890274 mov eax, dword ptr fs:[00000030h]		4_2_03890274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890274 mov eax, dword ptr fs:[00000030h]		4_2_03890274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890274 mov eax, dword ptr fs:[00000030h]		4_2_03890274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890274 mov eax, dword ptr fs:[00000030h]		4_2_03890274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890274 mov eax, dword ptr fs:[00000030h]		4_2_03890274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890274 mov eax, dword ptr fs:[00000030h]		4_2_03890274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890274 mov eax, dword ptr fs:[00000030h]		4_2_03890274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03890274 mov eax, dword ptr fs:[00000030h]		4_2_03890274
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389C188 mov eax, dword ptr fs:[00000030h]		4_2_0389C188
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389C188 mov eax, dword ptr fs:[00000030h]		4_2_0389C188
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03820185 mov eax, dword ptr fs:[00000030h]		4_2_03820185
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF172 mov eax, dword ptr fs:[00000030h]		4_2_037DF172
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386019F mov eax, dword ptr fs:[00000030h]		4_2_0386019F
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386019F mov eax, dword ptr fs:[00000030h]		4_2_0386019F
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386019F mov eax, dword ptr fs:[00000030h]		4_2_0386019F
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386019F mov eax, dword ptr fs:[00000030h]		4_2_0386019F
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E6154 mov eax, dword ptr fs:[00000030h]		4_2_037E6154
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E6154 mov eax, dword ptr fs:[00000030h]		4_2_037E6154
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DC156 mov eax, dword ptr fs:[00000030h]		4_2_037DC156
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E7152 mov eax, dword ptr fs:[00000030h]		4_2_037E7152
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038911A4 mov eax, dword ptr fs:[00000030h]		4_2_038911A4
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038911A4 mov eax, dword ptr fs:[00000030h]		4_2_038911A4
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038911A4 mov eax, dword ptr fs:[00000030h]		4_2_038911A4
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038911A4 mov eax, dword ptr fs:[00000030h]		4_2_038911A4
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D9148 mov eax, dword ptr fs:[00000030h]		4_2_037D9148
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D9148 mov eax, dword ptr fs:[00000030h]		4_2_037D9148
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D9148 mov eax, dword ptr fs:[00000030h]		4_2_037D9148
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D9148 mov eax, dword ptr fs:[00000030h]		4_2_037D9148
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B51CB mov eax, dword ptr fs:[00000030h]		4_2_038B51CB
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A61C3 mov eax, dword ptr fs:[00000030h]		4_2_038A61C3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A61C3 mov eax, dword ptr fs:[00000030h]		4_2_038A61C3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DB136 mov eax, dword ptr fs:[00000030h]		4_2_037DB136
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DB136 mov eax, dword ptr fs:[00000030h]		4_2_037DB136
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DB136 mov eax, dword ptr fs:[00000030h]		4_2_037DB136
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DB136 mov eax, dword ptr fs:[00000030h]		4_2_037DB136
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E1131 mov eax, dword ptr fs:[00000030h]		4_2_037E1131
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E1131 mov eax, dword ptr fs:[00000030h]		4_2_037E1131
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381D1D0 mov eax, dword ptr fs:[00000030h]		4_2_0381D1D0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381D1D0 mov ecx, dword ptr fs:[00000030h]		4_2_0381D1D0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B61E5 mov eax, dword ptr fs:[00000030h]		4_2_038B61E5
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038051EF mov eax, dword ptr fs:[00000030h]		4_2_038051EF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038051EF mov eax, dword ptr fs:[00000030h]		4_2_038051EF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038051EF mov eax, dword ptr fs:[00000030h]		4_2_038051EF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038051EF mov eax, dword ptr fs:[00000030h]		4_2_038051EF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038051EF mov eax, dword ptr fs:[00000030h]		4_2_038051EF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038051EF mov eax, dword ptr fs:[00000030h]		4_2_038051EF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038051EF mov eax, dword ptr fs:[00000030h]		4_2_038051EF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038051EF mov eax, dword ptr fs:[00000030h]		4_2_038051EF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038051EF mov eax, dword ptr fs:[00000030h]		4_2_038051EF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038051EF mov eax, dword ptr fs:[00000030h]		4_2_038051EF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038051EF mov eax, dword ptr fs:[00000030h]		4_2_038051EF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038051EF mov eax, dword ptr fs:[00000030h]		4_2_038051EF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038051EF mov eax, dword ptr fs:[00000030h]		4_2_038051EF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038101F8 mov eax, dword ptr fs:[00000030h]		4_2_038101F8
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0388A118 mov ecx, dword ptr fs:[00000030h]		4_2_0388A118
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0388A118 mov eax, dword ptr fs:[00000030h]		4_2_0388A118
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0388A118 mov eax, dword ptr fs:[00000030h]		4_2_0388A118
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0388A118 mov eax, dword ptr fs:[00000030h]		4_2_0388A118
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E51ED mov eax, dword ptr fs:[00000030h]		4_2_037E51ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A0115 mov eax, dword ptr fs:[00000030h]		4_2_038A0115
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03810124 mov eax, dword ptr fs:[00000030h]		4_2_03810124
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03874144 mov eax, dword ptr fs:[00000030h]		4_2_03874144
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03874144 mov eax, dword ptr fs:[00000030h]		4_2_03874144
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03874144 mov ecx, dword ptr fs:[00000030h]		4_2_03874144
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03874144 mov eax, dword ptr fs:[00000030h]		4_2_03874144
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03874144 mov eax, dword ptr fs:[00000030h]		4_2_03874144
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FB1B0 mov eax, dword ptr fs:[00000030h]		4_2_037FB1B0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B5152 mov eax, dword ptr fs:[00000030h]		4_2_038B5152
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DA197 mov eax, dword ptr fs:[00000030h]		4_2_037DA197
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DA197 mov eax, dword ptr fs:[00000030h]		4_2_037DA197
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DA197 mov eax, dword ptr fs:[00000030h]		4_2_037DA197
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03879179 mov eax, dword ptr fs:[00000030h]		4_2_03879179
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1070 mov eax, dword ptr fs:[00000030h]		4_2_037F1070
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1070 mov ecx, dword ptr fs:[00000030h]		4_2_037F1070
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1070 mov eax, dword ptr fs:[00000030h]		4_2_037F1070
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1070 mov eax, dword ptr fs:[00000030h]		4_2_037F1070
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1070 mov eax, dword ptr fs:[00000030h]		4_2_037F1070
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1070 mov eax, dword ptr fs:[00000030h]		4_2_037F1070
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1070 mov eax, dword ptr fs:[00000030h]		4_2_037F1070
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1070 mov eax, dword ptr fs:[00000030h]		4_2_037F1070
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1070 mov eax, dword ptr fs:[00000030h]		4_2_037F1070
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1070 mov eax, dword ptr fs:[00000030h]		4_2_037F1070
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1070 mov eax, dword ptr fs:[00000030h]		4_2_037F1070
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1070 mov eax, dword ptr fs:[00000030h]		4_2_037F1070
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F1070 mov eax, dword ptr fs:[00000030h]		4_2_037F1070
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380D090 mov eax, dword ptr fs:[00000030h]		4_2_0380D090
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380D090 mov eax, dword ptr fs:[00000030h]		4_2_0380D090
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381909C mov eax, dword ptr fs:[00000030h]		4_2_0381909C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E2050 mov eax, dword ptr fs:[00000030h]		4_2_037E2050
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A60B8 mov eax, dword ptr fs:[00000030h]		4_2_038A60B8
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A60B8 mov ecx, dword ptr fs:[00000030h]		4_2_038A60B8
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B50D9 mov eax, dword ptr fs:[00000030h]		4_2_038B50D9
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038620DE mov eax, dword ptr fs:[00000030h]		4_2_038620DE
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038090DB mov eax, dword ptr fs:[00000030h]		4_2_038090DB
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DA020 mov eax, dword ptr fs:[00000030h]		4_2_037DA020
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DC020 mov eax, dword ptr fs:[00000030h]		4_2_037DC020
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038050E4 mov eax, dword ptr fs:[00000030h]		4_2_038050E4
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038050E4 mov ecx, dword ptr fs:[00000030h]		4_2_038050E4
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FE016 mov eax, dword ptr fs:[00000030h]		4_2_037FE016
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FE016 mov eax, dword ptr fs:[00000030h]		4_2_037FE016
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FE016 mov eax, dword ptr fs:[00000030h]		4_2_037FE016
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FE016 mov eax, dword ptr fs:[00000030h]		4_2_037FE016
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038220F0 mov ecx, dword ptr fs:[00000030h]		4_2_038220F0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DC0F0 mov eax, dword ptr fs:[00000030h]		4_2_037DC0F0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E80E9 mov eax, dword ptr fs:[00000030h]		4_2_037E80E9
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DA0E3 mov ecx, dword ptr fs:[00000030h]		4_2_037DA0E3
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A903E mov eax, dword ptr fs:[00000030h]		4_2_038A903E
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A903E mov eax, dword ptr fs:[00000030h]		4_2_038A903E
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A903E mov eax, dword ptr fs:[00000030h]		4_2_038A903E
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A903E mov eax, dword ptr fs:[00000030h]		4_2_038A903E
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov ecx, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov ecx, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov ecx, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov ecx, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F70C0 mov eax, dword ptr fs:[00000030h]		4_2_037F70C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380B052 mov eax, dword ptr fs:[00000030h]		4_2_0380B052
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0388705E mov ebx, dword ptr fs:[00000030h]		4_2_0388705E
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0388705E mov eax, dword ptr fs:[00000030h]		4_2_0388705E
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E5096 mov eax, dword ptr fs:[00000030h]		4_2_037E5096
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B5060 mov eax, dword ptr fs:[00000030h]		4_2_038B5060
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DD08D mov eax, dword ptr fs:[00000030h]		4_2_037DD08D
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380C073 mov eax, dword ptr fs:[00000030h]		4_2_0380C073
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E208A mov eax, dword ptr fs:[00000030h]		4_2_037E208A
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389F78A mov eax, dword ptr fs:[00000030h]		4_2_0389F78A
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E8770 mov eax, dword ptr fs:[00000030h]		4_2_037E8770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0770 mov eax, dword ptr fs:[00000030h]		4_2_037F0770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0770 mov eax, dword ptr fs:[00000030h]		4_2_037F0770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0770 mov eax, dword ptr fs:[00000030h]		4_2_037F0770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0770 mov eax, dword ptr fs:[00000030h]		4_2_037F0770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0770 mov eax, dword ptr fs:[00000030h]		4_2_037F0770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0770 mov eax, dword ptr fs:[00000030h]		4_2_037F0770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0770 mov eax, dword ptr fs:[00000030h]		4_2_037F0770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0770 mov eax, dword ptr fs:[00000030h]		4_2_037F0770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0770 mov eax, dword ptr fs:[00000030h]		4_2_037F0770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0770 mov eax, dword ptr fs:[00000030h]		4_2_037F0770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0770 mov eax, dword ptr fs:[00000030h]		4_2_037F0770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F0770 mov eax, dword ptr fs:[00000030h]		4_2_037F0770
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DB765 mov eax, dword ptr fs:[00000030h]		4_2_037DB765
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DB765 mov eax, dword ptr fs:[00000030h]		4_2_037DB765
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DB765 mov eax, dword ptr fs:[00000030h]		4_2_037DB765
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DB765 mov eax, dword ptr fs:[00000030h]		4_2_037DB765
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386F7AF mov eax, dword ptr fs:[00000030h]		4_2_0386F7AF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386F7AF mov eax, dword ptr fs:[00000030h]		4_2_0386F7AF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386F7AF mov eax, dword ptr fs:[00000030h]		4_2_0386F7AF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386F7AF mov eax, dword ptr fs:[00000030h]		4_2_0386F7AF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386F7AF mov eax, dword ptr fs:[00000030h]		4_2_0386F7AF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E0750 mov eax, dword ptr fs:[00000030h]		4_2_037E0750
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038697A9 mov eax, dword ptr fs:[00000030h]		4_2_038697A9
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380D7B0 mov eax, dword ptr fs:[00000030h]		4_2_0380D7B0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B37B6 mov eax, dword ptr fs:[00000030h]		4_2_038B37B6
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F3740 mov eax, dword ptr fs:[00000030h]		4_2_037F3740
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F3740 mov eax, dword ptr fs:[00000030h]		4_2_037F3740
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F3740 mov eax, dword ptr fs:[00000030h]		4_2_037F3740
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E973A mov eax, dword ptr fs:[00000030h]		4_2_037E973A
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E973A mov eax, dword ptr fs:[00000030h]		4_2_037E973A
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D9730 mov eax, dword ptr fs:[00000030h]		4_2_037D9730
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D9730 mov eax, dword ptr fs:[00000030h]		4_2_037D9730
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E3720 mov eax, dword ptr fs:[00000030h]		4_2_037E3720
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FF720 mov eax, dword ptr fs:[00000030h]		4_2_037FF720
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FF720 mov eax, dword ptr fs:[00000030h]		4_2_037FF720
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FF720 mov eax, dword ptr fs:[00000030h]		4_2_037FF720
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038027ED mov eax, dword ptr fs:[00000030h]		4_2_038027ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038027ED mov eax, dword ptr fs:[00000030h]		4_2_038027ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038027ED mov eax, dword ptr fs:[00000030h]		4_2_038027ED
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E0710 mov eax, dword ptr fs:[00000030h]		4_2_037E0710
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E5702 mov eax, dword ptr fs:[00000030h]		4_2_037E5702
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E5702 mov eax, dword ptr fs:[00000030h]		4_2_037E5702
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E7703 mov eax, dword ptr fs:[00000030h]		4_2_037E7703
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381C700 mov eax, dword ptr fs:[00000030h]		4_2_0381C700
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E47FB mov eax, dword ptr fs:[00000030h]		4_2_037E47FB
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E47FB mov eax, dword ptr fs:[00000030h]		4_2_037E47FB
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03810710 mov eax, dword ptr fs:[00000030h]		4_2_03810710
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037ED7E0 mov ecx, dword ptr fs:[00000030h]		4_2_037ED7E0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381F71F mov eax, dword ptr fs:[00000030h]		4_2_0381F71F
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381F71F mov eax, dword ptr fs:[00000030h]		4_2_0381F71F
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381C720 mov eax, dword ptr fs:[00000030h]		4_2_0381C720
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381C720 mov eax, dword ptr fs:[00000030h]		4_2_0381C720
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A972B mov eax, dword ptr fs:[00000030h]		4_2_038A972B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389F72E mov eax, dword ptr fs:[00000030h]		4_2_0389F72E
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0385C730 mov eax, dword ptr fs:[00000030h]		4_2_0385C730
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03815734 mov eax, dword ptr fs:[00000030h]		4_2_03815734
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038BB73C mov eax, dword ptr fs:[00000030h]		4_2_038BB73C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038BB73C mov eax, dword ptr fs:[00000030h]		4_2_038BB73C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038BB73C mov eax, dword ptr fs:[00000030h]		4_2_038BB73C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038BB73C mov eax, dword ptr fs:[00000030h]		4_2_038BB73C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381273C mov eax, dword ptr fs:[00000030h]		4_2_0381273C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381273C mov ecx, dword ptr fs:[00000030h]		4_2_0381273C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381273C mov eax, dword ptr fs:[00000030h]		4_2_0381273C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EC7C0 mov eax, dword ptr fs:[00000030h]		4_2_037EC7C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E57C0 mov eax, dword ptr fs:[00000030h]		4_2_037E57C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E57C0 mov eax, dword ptr fs:[00000030h]		4_2_037E57C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E57C0 mov eax, dword ptr fs:[00000030h]		4_2_037E57C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B3749 mov eax, dword ptr fs:[00000030h]		4_2_038B3749
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF7BA mov eax, dword ptr fs:[00000030h]		4_2_037DF7BA
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF7BA mov eax, dword ptr fs:[00000030h]		4_2_037DF7BA
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF7BA mov eax, dword ptr fs:[00000030h]		4_2_037DF7BA
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF7BA mov eax, dword ptr fs:[00000030h]		4_2_037DF7BA
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF7BA mov eax, dword ptr fs:[00000030h]		4_2_037DF7BA
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF7BA mov eax, dword ptr fs:[00000030h]		4_2_037DF7BA
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF7BA mov eax, dword ptr fs:[00000030h]		4_2_037DF7BA
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF7BA mov eax, dword ptr fs:[00000030h]		4_2_037DF7BA
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF7BA mov eax, dword ptr fs:[00000030h]		4_2_037DF7BA
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381674D mov esi, dword ptr fs:[00000030h]		4_2_0381674D
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381674D mov eax, dword ptr fs:[00000030h]		4_2_0381674D
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381674D mov eax, dword ptr fs:[00000030h]		4_2_0381674D
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E07AF mov eax, dword ptr fs:[00000030h]		4_2_037E07AF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822750 mov eax, dword ptr fs:[00000030h]		4_2_03822750
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822750 mov eax, dword ptr fs:[00000030h]		4_2_03822750
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03864755 mov eax, dword ptr fs:[00000030h]		4_2_03864755
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386368C mov eax, dword ptr fs:[00000030h]		4_2_0386368C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386368C mov eax, dword ptr fs:[00000030h]		4_2_0386368C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386368C mov eax, dword ptr fs:[00000030h]		4_2_0386368C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386368C mov eax, dword ptr fs:[00000030h]		4_2_0386368C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381C6A6 mov eax, dword ptr fs:[00000030h]		4_2_0381C6A6
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038166B0 mov eax, dword ptr fs:[00000030h]		4_2_038166B0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FC640 mov eax, dword ptr fs:[00000030h]		4_2_037FC640
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381A6C7 mov ebx, dword ptr fs:[00000030h]		4_2_0381A6C7
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381A6C7 mov eax, dword ptr fs:[00000030h]		4_2_0381A6C7
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A16CC mov eax, dword ptr fs:[00000030h]		4_2_038A16CC
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A16CC mov eax, dword ptr fs:[00000030h]		4_2_038A16CC
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A16CC mov eax, dword ptr fs:[00000030h]		4_2_038A16CC
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A16CC mov eax, dword ptr fs:[00000030h]		4_2_038A16CC
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389F6C7 mov eax, dword ptr fs:[00000030h]		4_2_0389F6C7
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038116CF mov eax, dword ptr fs:[00000030h]		4_2_038116CF
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E262C mov eax, dword ptr fs:[00000030h]		4_2_037E262C
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037FE627 mov eax, dword ptr fs:[00000030h]		4_2_037FE627
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF626 mov eax, dword ptr fs:[00000030h]		4_2_037DF626
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF626 mov eax, dword ptr fs:[00000030h]		4_2_037DF626
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF626 mov eax, dword ptr fs:[00000030h]		4_2_037DF626
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF626 mov eax, dword ptr fs:[00000030h]		4_2_037DF626
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF626 mov eax, dword ptr fs:[00000030h]		4_2_037DF626
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF626 mov eax, dword ptr fs:[00000030h]		4_2_037DF626
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF626 mov eax, dword ptr fs:[00000030h]		4_2_037DF626
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF626 mov eax, dword ptr fs:[00000030h]		4_2_037DF626
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DF626 mov eax, dword ptr fs:[00000030h]		4_2_037DF626
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380D6E0 mov eax, dword ptr fs:[00000030h]		4_2_0380D6E0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0380D6E0 mov eax, dword ptr fs:[00000030h]		4_2_0380D6E0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E3616 mov eax, dword ptr fs:[00000030h]		4_2_037E3616
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E3616 mov eax, dword ptr fs:[00000030h]		4_2_037E3616
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038736EE mov eax, dword ptr fs:[00000030h]		4_2_038736EE
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038736EE mov eax, dword ptr fs:[00000030h]		4_2_038736EE
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038736EE mov eax, dword ptr fs:[00000030h]		4_2_038736EE
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038736EE mov eax, dword ptr fs:[00000030h]		4_2_038736EE
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038736EE mov eax, dword ptr fs:[00000030h]		4_2_038736EE
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038736EE mov eax, dword ptr fs:[00000030h]		4_2_038736EE
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F260B mov eax, dword ptr fs:[00000030h]		4_2_037F260B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F260B mov eax, dword ptr fs:[00000030h]		4_2_037F260B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F260B mov eax, dword ptr fs:[00000030h]		4_2_037F260B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F260B mov eax, dword ptr fs:[00000030h]		4_2_037F260B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F260B mov eax, dword ptr fs:[00000030h]		4_2_037F260B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F260B mov eax, dword ptr fs:[00000030h]		4_2_037F260B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037F260B mov eax, dword ptr fs:[00000030h]		4_2_037F260B
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0385E6F2 mov eax, dword ptr fs:[00000030h]		4_2_0385E6F2
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0385E6F2 mov eax, dword ptr fs:[00000030h]		4_2_0385E6F2
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0385E6F2 mov eax, dword ptr fs:[00000030h]		4_2_0385E6F2
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0385E6F2 mov eax, dword ptr fs:[00000030h]		4_2_0385E6F2
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038606F1 mov eax, dword ptr fs:[00000030h]		4_2_038606F1
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038606F1 mov eax, dword ptr fs:[00000030h]		4_2_038606F1
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0389D6F0 mov eax, dword ptr fs:[00000030h]		4_2_0389D6F0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381F603 mov eax, dword ptr fs:[00000030h]		4_2_0381F603
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03811607 mov eax, dword ptr fs:[00000030h]		4_2_03811607
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0385E609 mov eax, dword ptr fs:[00000030h]		4_2_0385E609
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03822619 mov eax, dword ptr fs:[00000030h]		4_2_03822619
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03816620 mov eax, dword ptr fs:[00000030h]		4_2_03816620
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03818620 mov eax, dword ptr fs:[00000030h]		4_2_03818620
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038B5636 mov eax, dword ptr fs:[00000030h]		4_2_038B5636
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EB6C0 mov eax, dword ptr fs:[00000030h]		4_2_037EB6C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EB6C0 mov eax, dword ptr fs:[00000030h]		4_2_037EB6C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EB6C0 mov eax, dword ptr fs:[00000030h]		4_2_037EB6C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EB6C0 mov eax, dword ptr fs:[00000030h]		4_2_037EB6C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EB6C0 mov eax, dword ptr fs:[00000030h]		4_2_037EB6C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037EB6C0 mov eax, dword ptr fs:[00000030h]		4_2_037EB6C0
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D76B2 mov eax, dword ptr fs:[00000030h]		4_2_037D76B2
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D76B2 mov eax, dword ptr fs:[00000030h]		4_2_037D76B2
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037D76B2 mov eax, dword ptr fs:[00000030h]		4_2_037D76B2
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DD6AA mov eax, dword ptr fs:[00000030h]		4_2_037DD6AA
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037DD6AA mov eax, dword ptr fs:[00000030h]		4_2_037DD6AA
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381A660 mov eax, dword ptr fs:[00000030h]		4_2_0381A660
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381A660 mov eax, dword ptr fs:[00000030h]		4_2_0381A660
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03819660 mov eax, dword ptr fs:[00000030h]		4_2_03819660
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03819660 mov eax, dword ptr fs:[00000030h]		4_2_03819660
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A866E mov eax, dword ptr fs:[00000030h]		4_2_038A866E
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_038A866E mov eax, dword ptr fs:[00000030h]		4_2_038A866E
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E4690 mov eax, dword ptr fs:[00000030h]		4_2_037E4690
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_037E4690 mov eax, dword ptr fs:[00000030h]		4_2_037E4690
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03812674 mov eax, dword ptr fs:[00000030h]		4_2_03812674
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_03814588 mov eax, dword ptr fs:[00000030h]		4_2_03814588
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386B594 mov eax, dword ptr fs:[00000030h]		4_2_0386B594
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0386B594 mov eax, dword ptr fs:[00000030h]		4_2_0386B594
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exe	Code function: 4_2_0381E59C mov eax, dword ptr fs:[00000030h]		4_2_0381E59C

Source: C:\Users\user\Desktop\NOVA ORDEM.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\NOVA ORDEM.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: NOVA ORDEM.exe, ---------.cs	Reference to suspicious API methods: GetProcAddress(_0E67_EE35_061B_08FD_EEBC_EEA8_EE00_EE90_0655_060B_EE31, _EE47_EE21_064B_EE2E_0619_EEDE_08F0_0E7E)
Source: NOVA ORDEM.exe, ---------.cs	Reference to suspicious API methods: VirtualProtect(procAddress, (uint)_EE75_064E_08FD_08EE_08F2_EE24_FE75_EEA1_08CE_06EA_EE76_EE28_08FC_08CA_08C8_EE7E_08E1_0E77_EC7C_EE4F_EE5D_EEE1_ECAA_ECA4.Length, 64u, out var _EE25_EE71_EE22_EEC7_06DC_EE2C_ECA2_08F0_EECA_EE86_EE9E_EE6C_0E64)
Source: NOVA ORDEM.exe, ---------.cs	Reference to suspicious API methods: LoadLibrary(_0E6B_EE3F_EE71(_EE2E_EE27_08DF_0604_EC87_EE84_EECB_EE68._EE2B_0E79_08F5_EEB7_EEBF_EE75_EE70_0E79_EE61))

Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Memory allocated: C:\Windows\System32\cmd.exe base: 400000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Memory allocated: C:\Program Files (x86)\Windows Media Player\wmplayer.exe base: 400000 protect: page execute and read and write			Jump to behavior

Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Memory written: C:\Windows\System32\cmd.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Memory written: C:\Program Files (x86)\Windows Media Player\wmplayer.exe base: 400000 value starts with: 4D5A			Jump to behavior

Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Memory written: C:\Windows\System32\cmd.exe base: 400000			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Memory written: C:\Windows\System32\cmd.exe base: 401000			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Memory written: C:\Program Files (x86)\Windows Media Player\wmplayer.exe base: 400000			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Memory written: C:\Program Files (x86)\Windows Media Player\wmplayer.exe base: 401000			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Memory written: C:\Program Files (x86)\Windows Media Player\wmplayer.exe base: 30E5008			Jump to behavior

Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe"			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process created: C:\Program Files (x86)\Windows Media Player\wmplayer.exe "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Process created: C:\Program Files (x86)\Windows Media Player\wmplayer.exe "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"			Jump to behavior

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Users\user\Desktop\NOVA ORDEM.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\NOVA ORDEM.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\NOVA ORDEM.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Source: Amcache.hve.8.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Source: Yara match	File source: 4.2.wmplayer.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.wmplayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.2063350156.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2062866789.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Source: Yara match	File source: 4.2.wmplayer.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.wmplayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.2063350156.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2062866789.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY