Windows Analysis Report
Ozn#U00e1men#U00ed o poru#U0161en#U00ed autorsk#U00fdch pr#U00e1v.zip

Overview

General Information

Sample name: Ozn#U00e1men#U00ed o poru#U0161en#U00ed autorsk#U00fdch pr#U00e1v.zip
renamed because original name is a hash value
Original sample name: Oznmen o poruen autorskch prv.zip
Analysis ID: 1541141
MD5: a8514c77b69afbb14d56ccacaea28149
SHA1: b3d430ac79e7a27cc32e37d59f61a44de5a5dfc2
SHA256: b044a842194be9e0a839e6f4bfc16861318a9e98148c89ad7706a0143efe6479
Infos:

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files

Classification

Source: Binary string: /app/crashsubmit?appname=SumatraPDFhttp://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5.3.0.pdbSumatraPDF.pdblibmupdf.pdbSumatraPDF-no-MuPDF.pdbhttp://kjkpub.s3.amazonaws.com/sumatrapdf/prerel/SumatraPDF-prerelease-SVN_PRE_RELEASE_VER.pdb.zipsymbols_tmp.ziphttp://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-1.5.3.0.pdb.zipsymbols_tmp.zipSUMATRAPDF_FULLDUMPHaihaisoft PDF Reader crashedSorry, that shouldn't have happened! source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source: Binary string: SumatraPDF-no-MuPDF.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source: Binary string: SumatraPDF-1.5.3.0.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source: Binary string: m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source: Binary string: xOdx>a0m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source: Binary string: libmupdf.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /pdfversion.htm HTTP/1.1Accept: */*User-Agent: HDMHost: www.drm-x.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic DNS traffic detected: DNS query: www.drm-x.com
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://HDMHDMLoading...%s
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://blog.kowalczyk.info/software/sumatrapdf/translations.htmlContribute
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://blog.kowalczyk.info/software/sumatrapdf/translators.htmlThe
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://blog.kowalczyk.infoKrzysztof
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopen
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://cn.haihaisoft.comhttp://www.haihaisoft.comcnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://itexmac.sourceforge.net/SyncTeX.htmlJ
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://mailto:EmbeddedFilesTypeFilespecD%s%dR%s%sA%s%sKids.seen.seen.seenNumsSPStD%s.%d:%d:%dInfoPag
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://mupdf.comMuPDFpdf
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://p.yusukekamiyamane.com/Yusuke
Source: Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1705336227.0000000006A4F000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1705490557.0000000006A4F000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1593833299.0000000006A4E000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1593068846.0000000006A4F000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1592860044.0000000006A4E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://purl.oen
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://william.famille-blum.org/William
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.drm-x.com/pdfversion.htm
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.drm-x.com/pdfversion.htm1.5.7.0..http://www.haihaisoft.com/PDF_Reader_download.aspxopenSo
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.drm-x.com/pdfversion.htmV
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.drm-x.com/pdfversion.htmo76
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.drm-x.com/pdfversion.htmt
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.drm-x.com/pdfversion.htmv
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?c
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.flashvidz.tk/Zenonprogram
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.freetype.org/FreeTypefont
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.haihaisoft.com/Contact.aspx
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.haihaisoft.com/Contact.aspx%u%?.Install_DirSoftware
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.haihaisoft.com/PDF_Reader_download.aspxhttp://www.drm-x.com/pdfversion.htmMS
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.haihaisoft.comSumatraPDF
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.winimage.com/zLibDll
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.winimage.com/zLibDllbad
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe String found in binary or memory: http://www.zeniko.ch/#SumatraPDFSimon
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: https://www.globalsign.com/repository/0
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: https://www.globalsign.com/repository/06
Source: classification engine Classification label: clean1.winZIP@3/0@1/1
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe File created: C:\Users\user\AppData\Roaming\Haihaisoft PDF Reader Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: PdfVersion%d.%d Adobe Extension Level %d%d.%dRootPageLayoutRightTwoViewerPreferencesDirectionR2LRootBaseURITypeFilespecUFF\/EF.pdf%s:%d:%dSGoToRFF\/LaunchURLScrollToEFLaunchEmbeddedLaunchFileGoToRSDScrollToExScrollToExDLaunchEmbeddedFUFEFXYZFitRFitHFitBHFitFitVFitBFitBV%PDF.pdfhttp:https:mailto:<FixedPage<FixedPageFixedPageWidthHeightDeviceRGB%s#%s
Source: Oznmen o poruen autorskch prv.exe String found in binary or memory: 0WarningVirtual printing was deniedPrinting problem.Cannot print this fileDevices%S,%S,%S,%SPrinting problem.Printer with given name doesn't existPrinting problem.Could not open PrinterPrinting problem.Could not obtain Printer propertiesPrinting problem.Couldn't initialize printerCPDFLoginDlg%I64uhttp://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?cid=%s&kid=%s&ci=%s&vid=%s&lt=%s&session=%sButtonOKButtonCancelres://Loading...3licstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x2<TD></TD><TD></TD><TD></TD><TD></TD><TD></TD>&#13;&#10;%s\Haihaisoft\XPDF\V%s.lic%s\Haihaisoft\XPDF\Cache</LICSET></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LIC><KID></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LICSET><LIC><KID>%d, reason is:Cannot write license file licstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x1<TD></TD><TD></TD><TD></TD>"== = =content=name=>%d,%d,%d,%d,%d,%d,%d,%d,Incorrect web page!PlayerVersionSettings&#13;&#10;%s\Haihaisoft\XPDF\V%s.lic%s\Haihaisoft\XPDF\Cache</LICSET></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LIC><KID></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LICSET><LIC><KID>%d, reason is:Cannot write license file Cannot get CSIDL_COMMON_APPDATAlicstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x1<TD></TD></LICSET><LIC><KID>%s</KID><CID>%s</CID><CONTENT>%s</CONTENT></LIC></LICSET>Cannot write license file<LICSET><LIC><KID>%s</KID><CID>%s</CID><CONTENT>%s</CONTENT></LIC></LICSET>%s\Haihaisoft\XPDF\bad allocationSUMATRA_PDF_NOTIFICATION_WINDOWSUMATRA_PDF_NOTIFICATION_WINDOWbad allocation&OpenCtrl+O&CloseCtrl+W&Print...Ctrl+P-----Save S&hortcut...Ctrl+Shift+SOpen in &Adobe ReaderOpen in &Foxit ReaderOpen in PDF-XChangeSend by &E-mail...-----P&ropertiesCtrl+D-----E&xitCtrl+Q&Single PageCtrl+6&FacingCtrl+7&Book ViewCtrl+8Show &pages continuously-----Rotate &LeftCtrl+Shift+-Rotate &RightCtrl+Shift++-----Pr&esentationCtrl+LF&ullscreenCtrl+Shift+L-----Book&marksF12Show &Toolbar-----Select &AllCtrl+A&Copy SelectionCtrl+C&Next PageRight Arrow&Previous PageLeft Arrow&First PageHome&Last PageEndPa&ge...Ctrl+G-----&BackAlt+Left ArrowF&orwardAlt+Right Arrow-----Fin&d...Ctrl+FFit &PageCtrl+0&Actual SizeCtrl+1Fit &WidthCtrl+2Fit &ContentCtrl+3Custom &Zoom...Ctrl+Y-----6400%3200%1600%800%400%200%150%125%100%50%25%12.5%8.33%Change Language&Options...Add to favoritesRemove from favoritesShow FavoritesVisit &Website&ManualCheck for &Updates-----&About&Copy SelectionCopy &Link AddressCopy Co&mment-----Select &All-----&Print...P&roperties&Open Document&Pin Document-----&Remove Document&%d) %s-----&File&View&Go To&ZoomF&avorites&Settings&Help&Print... (denied)&OpenCtrl+O&CloseCtrl+W-----E&xitCtrl+QPr&esentationCtrl+LF&ullscreenCtrl+Shift+L-----Book&marksF12Show &Toolbar&Next PageRight Arrow&Previous PageLeft Arrow&First PageHome&Last PageEndPa&ge...Ctrl+G-----&BackAlt+Left ArrowF&orwardAlt+Right
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe "C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe"
Source: unknown Process created: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe "C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe"
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: oledlg.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: sendmail.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: oledlg.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: sendmail.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: thumbcache.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: windows.ui.fileexplorer.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: assignedaccessruntime.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: structuredquery.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: windows.storage.search.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: iconcodecservice.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: twinapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: actxprxy.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: networkexplorer.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Window detected: Number of UI elements: 12
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Window detected: Number of UI elements: 12
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Window detected: Number of UI elements: 13
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Window detected: Number of UI elements: 12
Source: Ozn#U00e1men#U00ed o poru#U0161en#U00ed autorsk#U00fdch pr#U00e1v.zip Static file information: File size 34365663 > 1048576
Source: Binary string: /app/crashsubmit?appname=SumatraPDFhttp://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5.3.0.pdbSumatraPDF.pdblibmupdf.pdbSumatraPDF-no-MuPDF.pdbhttp://kjkpub.s3.amazonaws.com/sumatrapdf/prerel/SumatraPDF-prerelease-SVN_PRE_RELEASE_VER.pdb.zipsymbols_tmp.ziphttp://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-1.5.3.0.pdb.zipsymbols_tmp.zipSUMATRAPDF_FULLDUMPHaihaisoft PDF Reader crashedSorry, that shouldn't have happened! source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source: Binary string: SumatraPDF-no-MuPDF.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source: Binary string: SumatraPDF-1.5.3.0.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source: Binary string: m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source: Binary string: xOdx>a0m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source: Binary string: libmupdf.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Registry key monitored for changes: HKEY_CURRENT_USER_Classes Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Registry key monitored for changes: HKEY_CURRENT_USER_Classes Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWkQ/
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Queries volume information: C:\Program Files (x86) VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Queries volume information: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Queries volume information: C:\Program Files (x86) VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Queries volume information: C:\Users\user VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Queries volume information: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Queries volume information: C:\Program Files (x86) VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Queries volume information: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Queries volume information: C:\Program Files (x86) VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Queries volume information: C:\Program Files (x86) VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Queries volume information: C:\Users VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Queries volume information: C:\Program Files (x86) VolumeInformation Jump to behavior
Searches for user specific document files
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe Directory queried: C:\Users\user\Documents Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541141 Sample: Ozn#U00e1men#U00ed o poru#U... Startdate: 24/10/2024 Architecture: WINDOWS Score: 1 12 www.drm-x.com.wswebpic.com 2->12 14 www.drm-x.com 2->14 5 Ozn men  o poru en  autorsk ch pr v.exe 1 20 2->5         started        8 Ozn men  o poru en  autorsk ch pr v.exe 24 10 2->8         started        10 rundll32.exe 2->10         started        process3 dnsIp4 16 www.drm-x.com.wswebpic.com 163.171.128.241, 49703, 80 QUANTILNETWORKSUS European Union 5->16
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
163.171.128.241
 www.drm-x.com.wswebpic.com European Union
54994 QUANTILNETWORKSUS false

Contacted Domains

Name IP Active
www.drm-x.com.wswebpic.com 163.171.128.241 true
www.drm-x.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.drm-x.com/pdfversion.htm false
    		unknown