Windows Analysis Report
Ozn#U00e1men#U00ed o poru#U0161en#U00ed autorsk#U00fdch pr#U00e1v.zip

Overview

General Information

Sample name:	Ozn#U00e1men#U00ed o poru#U0161en#U00ed autorsk#U00fdch pr#U00e1v.zip renamed because original name is a hash value
Original sample name:	Oznmen o poruen autorskch prv.zip
Analysis ID:	1541141
MD5:	a8514c77b69afbb14d56ccacaea28149
SHA1:	b3d430ac79e7a27cc32e37d59f61a44de5a5dfc2
SHA256:	b044a842194be9e0a839e6f4bfc16861318a9e98148c89ad7706a0143efe6479
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries the volume information (name, serial number etc) of a device

Searches for user specific document files

Classification

Signatures

Source:	Binary string: /app/crashsubmit?appname=SumatraPDFhttp://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5.3.0.pdbSumatraPDF.pdblibmupdf.pdbSumatraPDF-no-MuPDF.pdbhttp://kjkpub.s3.amazonaws.com/sumatrapdf/prerel/SumatraPDF-prerelease-SVN_PRE_RELEASE_VER.pdb.zipsymbols_tmp.ziphttp://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-1.5.3.0.pdb.zipsymbols_tmp.zipSUMATRAPDF_FULLDUMPHaihaisoft PDF Reader crashedSorry, that shouldn't have happened! source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: SumatraPDF-no-MuPDF.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: SumatraPDF-1.5.3.0.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: xOdx>a0m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: libmupdf.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /pdfversion.htm HTTP/1.1Accept: */*User-Agent: HDMHost: www.drm-x.comConnection: Keep-AliveCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: www.drm-x.com

Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://HDMHDMLoading...%s
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://blog.kowalczyk.info/software/sumatrapdf/translations.htmlContribute
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://blog.kowalczyk.info/software/sumatrapdf/translators.htmlThe
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://blog.kowalczyk.infoKrzysztof
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopen
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://cn.haihaisoft.comhttp://www.haihaisoft.comcnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://itexmac.sourceforge.net/SyncTeX.htmlJ
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://mailto:EmbeddedFilesTypeFilespecD%s%dR%s%sA%s%sKids.seen.seen.seenNumsSPStD%s.%d:%d:%dInfoPag
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://mupdf.comMuPDFpdf
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://p.yusukekamiyamane.com/Yusuke
Source: Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1705336227.0000000006A4F000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1705490557.0000000006A4F000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1593833299.0000000006A4E000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1593068846.0000000006A4F000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1592860044.0000000006A4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purl.oen
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://william.famille-blum.org/William
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.drm-x.com/pdfversion.htm
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.drm-x.com/pdfversion.htm1.5.7.0..http://www.haihaisoft.com/PDF_Reader_download.aspxopenSo
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.drm-x.com/pdfversion.htmV
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.drm-x.com/pdfversion.htmo76
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.drm-x.com/pdfversion.htmt
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.drm-x.com/pdfversion.htmv
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?c
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.flashvidz.tk/Zenonprogram
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.freetype.org/FreeTypefont
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.haihaisoft.com/Contact.aspx
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.haihaisoft.com/Contact.aspx%u%?.Install_DirSoftware
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.haihaisoft.com/PDF_Reader_download.aspxhttp://www.drm-x.com/pdfversion.htmMS
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.haihaisoft.comSumatraPDF
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.winimage.com/zLibDll
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.winimage.com/zLibDllbad
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.zeniko.ch/#SumatraPDFSimon
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: https://www.globalsign.com/repository/0
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: https://www.globalsign.com/repository/06

Source: classification engine

Classification label: clean1.winZIP@3/0@1/1

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe

File created: C:\Users\user\AppData\Roaming\Haihaisoft PDF Reader

Jump to behavior

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: PdfVersion%d.%d Adobe Extension Level %d%d.%dRootPageLayoutRightTwoViewerPreferencesDirectionR2LRootBaseURITypeFilespecUFF\/EF.pdf%s:%d:%dSGoToRFF\/LaunchURLScrollToEFLaunchEmbeddedLaunchFileGoToRSDScrollToExScrollToExDLaunchEmbeddedFUFEFXYZFitRFitHFitBHFitFitVFitBFitBV%PDF.pdfhttp:https:mailto:<FixedPage<FixedPageFixedPageWidthHeightDeviceRGB%s#%s
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: 0WarningVirtual printing was deniedPrinting problem.Cannot print this fileDevices%S,%S,%S,%SPrinting problem.Printer with given name doesn't existPrinting problem.Could not open PrinterPrinting problem.Could not obtain Printer propertiesPrinting problem.Couldn't initialize printerCPDFLoginDlg%I64uhttp://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?cid=%s&kid=%s&ci=%s&vid=%s&lt=%s&session=%sButtonOKButtonCancelres://Loading...3licstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x2<TD></TD><TD></TD><TD></TD><TD></TD><TD></TD> %s\Haihaisoft\XPDF\V%s.lic%s\Haihaisoft\XPDF\Cache</LICSET></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LIC><KID></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LICSET><LIC><KID>%d, reason is:Cannot write license file licstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x1<TD></TD><TD></TD><TD></TD>"== = =content=name=>%d,%d,%d,%d,%d,%d,%d,%d,Incorrect web page!PlayerVersionSettings %s\Haihaisoft\XPDF\V%s.lic%s\Haihaisoft\XPDF\Cache</LICSET></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LIC><KID></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LICSET><LIC><KID>%d, reason is:Cannot write license file Cannot get CSIDL_COMMON_APPDATAlicstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x1<TD></TD></LICSET><LIC><KID>%s</KID><CID>%s</CID><CONTENT>%s</CONTENT></LIC></LICSET>Cannot write license file<LICSET><LIC><KID>%s</KID><CID>%s</CID><CONTENT>%s</CONTENT></LIC></LICSET>%s\Haihaisoft\XPDF\bad allocationSUMATRA_PDF_NOTIFICATION_WINDOWSUMATRA_PDF_NOTIFICATION_WINDOWbad allocation&OpenCtrl+O&CloseCtrl+W&Print...Ctrl+P-----Save S&hortcut...Ctrl+Shift+SOpen in &Adobe ReaderOpen in &Foxit ReaderOpen in PDF-XChangeSend by &E-mail...-----P&ropertiesCtrl+D-----E&xitCtrl+Q&Single PageCtrl+6&FacingCtrl+7&Book ViewCtrl+8Show &pages continuously-----Rotate &LeftCtrl+Shift+-Rotate &RightCtrl+Shift++-----Pr&esentationCtrl+LF&ullscreenCtrl+Shift+L-----Book&marksF12Show &Toolbar-----Select &AllCtrl+A&Copy SelectionCtrl+C&Next PageRight Arrow&Previous PageLeft Arrow&First PageHome&Last PageEndPa&ge...Ctrl+G-----&BackAlt+Left ArrowF&orwardAlt+Right Arrow-----Fin&d...Ctrl+FFit &PageCtrl+0&Actual SizeCtrl+1Fit &WidthCtrl+2Fit &ContentCtrl+3Custom &Zoom...Ctrl+Y-----6400%3200%1600%800%400%200%150%125%100%50%25%12.5%8.33%Change Language&Options...Add to favoritesRemove from favoritesShow FavoritesVisit &Website&ManualCheck for &Updates-----&About&Copy SelectionCopy &Link AddressCopy Co&mment-----Select &All-----&Print...P&roperties&Open Document&Pin Document-----&Remove Document&%d) %s-----&File&View&Go To&ZoomF&avorites&Settings&Help&Print... (denied)&OpenCtrl+O&CloseCtrl+W-----E&xitCtrl+QPr&esentationCtrl+LF&ullscreenCtrl+Shift+L-----Book&marksF12Show &Toolbar&Next PageRight Arrow&Previous PageLeft Arrow&First PageHome&Last PageEndPa&ge...Ctrl+G-----&BackAlt+Left ArrowF&orwardAlt+Right

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe "C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe"
Source: unknown	Process created: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe "C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe"

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: sendmail.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: sendmail.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windows.ui.fileexplorer.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: assignedaccessruntime.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: structuredquery.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windows.storage.search.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: networkexplorer.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Window detected: Number of UI elements: 12
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Window detected: Number of UI elements: 12
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Window detected: Number of UI elements: 13
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Window detected: Number of UI elements: 12

Source: Ozn#U00e1men#U00ed o poru#U0161en#U00ed autorsk#U00fdch pr#U00e1v.zip

Static file information: File size 34365663 > 1048576

Source:	Binary string: /app/crashsubmit?appname=SumatraPDFhttp://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5.3.0.pdbSumatraPDF.pdblibmupdf.pdbSumatraPDF-no-MuPDF.pdbhttp://kjkpub.s3.amazonaws.com/sumatrapdf/prerel/SumatraPDF-prerelease-SVN_PRE_RELEASE_VER.pdb.zipsymbols_tmp.ziphttp://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-1.5.3.0.pdb.zipsymbols_tmp.zipSUMATRAPDF_FULLDUMPHaihaisoft PDF Reader crashedSorry, that shouldn't have happened! source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: SumatraPDF-no-MuPDF.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: SumatraPDF-1.5.3.0.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: xOdx>a0m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: libmupdf.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes			Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes			Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWkQ/

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Program Files (x86) VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Program Files (x86) VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Users\user VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Program Files (x86) VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Program Files (x86) VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Program Files (x86) VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Users VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Program Files (x86) VolumeInformation	Jump to behavior

Searches for user specific document files

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe

Directory queried: C:\Users\user\Documents

Jump to behavior

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
163.171.128.241	www.drm-x.com.wswebpic.com	European Union		54994	QUANTILNETWORKSUS	false

Contacted Domains

Name	IP	Active
www.drm-x.com.wswebpic.com	163.171.128.241	true
www.drm-x.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.drm-x.com/pdfversion.htm	false		unknown

Source:	Binary string: /app/crashsubmit?appname=SumatraPDFhttp://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5.3.0.pdbSumatraPDF.pdblibmupdf.pdbSumatraPDF-no-MuPDF.pdbhttp://kjkpub.s3.amazonaws.com/sumatrapdf/prerel/SumatraPDF-prerelease-SVN_PRE_RELEASE_VER.pdb.zipsymbols_tmp.ziphttp://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-1.5.3.0.pdb.zipsymbols_tmp.zipSUMATRAPDF_FULLDUMPHaihaisoft PDF Reader crashedSorry, that shouldn't have happened! source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: SumatraPDF-no-MuPDF.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: SumatraPDF-1.5.3.0.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: xOdx>a0m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: libmupdf.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /pdfversion.htm HTTP/1.1Accept: */*User-Agent: HDMHost: www.drm-x.comConnection: Keep-AliveCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: www.drm-x.com

Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://HDMHDMLoading...%s
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://blog.kowalczyk.info/software/sumatrapdf/translations.htmlContribute
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://blog.kowalczyk.info/software/sumatrapdf/translators.htmlThe
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://blog.kowalczyk.infoKrzysztof
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopen
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://cn.haihaisoft.comhttp://www.haihaisoft.comcnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://itexmac.sourceforge.net/SyncTeX.htmlJ
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://mailto:EmbeddedFilesTypeFilespecD%s%dR%s%sA%s%sKids.seen.seen.seenNumsSPStD%s.%d:%d:%dInfoPag
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://mupdf.comMuPDFpdf
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://p.yusukekamiyamane.com/Yusuke
Source: Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1705336227.0000000006A4F000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1705490557.0000000006A4F000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1593833299.0000000006A4E000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1593068846.0000000006A4F000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 0000000A.00000003.1592860044.0000000006A4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purl.oen
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://william.famille-blum.org/William
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.drm-x.com/pdfversion.htm
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.drm-x.com/pdfversion.htm1.5.7.0..http://www.haihaisoft.com/PDF_Reader_download.aspxopenSo
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.drm-x.com/pdfversion.htmV
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.drm-x.com/pdfversion.htmo76
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.drm-x.com/pdfversion.htmt
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.drm-x.com/pdfversion.htmv
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?c
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.flashvidz.tk/Zenonprogram
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.freetype.org/FreeTypefont
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.haihaisoft.com/Contact.aspx
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.haihaisoft.com/Contact.aspx%u%?.Install_DirSoftware
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.haihaisoft.com/PDF_Reader_download.aspxhttp://www.drm-x.com/pdfversion.htmMS
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.haihaisoft.comSumatraPDF
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.winimage.com/zLibDll
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.winimage.com/zLibDllbad
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe	String found in binary or memory: http://www.zeniko.ch/#SumatraPDFSimon
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: https://www.globalsign.com/repository/0
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: https://www.globalsign.com/repository/06

Source: classification engine

Classification label: clean1.winZIP@3/0@1/1

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe

File created: C:\Users\user\AppData\Roaming\Haihaisoft PDF Reader

Jump to behavior

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: PdfVersion%d.%d Adobe Extension Level %d%d.%dRootPageLayoutRightTwoViewerPreferencesDirectionR2LRootBaseURITypeFilespecUFF\/EF.pdf%s:%d:%dSGoToRFF\/LaunchURLScrollToEFLaunchEmbeddedLaunchFileGoToRSDScrollToExScrollToExDLaunchEmbeddedFUFEFXYZFitRFitHFitBHFitFitVFitBFitBV%PDF.pdfhttp:https:mailto:<FixedPage<FixedPageFixedPageWidthHeightDeviceRGB%s#%s
Source: Oznmen o poruen autorskch prv.exe	String found in binary or memory: 0WarningVirtual printing was deniedPrinting problem.Cannot print this fileDevices%S,%S,%S,%SPrinting problem.Printer with given name doesn't existPrinting problem.Could not open PrinterPrinting problem.Could not obtain Printer propertiesPrinting problem.Couldn't initialize printerCPDFLoginDlg%I64uhttp://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?cid=%s&kid=%s&ci=%s&vid=%s&lt=%s&session=%sButtonOKButtonCancelres://Loading...3licstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x2<TD></TD><TD></TD><TD></TD><TD></TD><TD></TD> %s\Haihaisoft\XPDF\V%s.lic%s\Haihaisoft\XPDF\Cache</LICSET></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LIC><KID></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LICSET><LIC><KID>%d, reason is:Cannot write license file licstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x1<TD></TD><TD></TD><TD></TD>"== = =content=name=>%d,%d,%d,%d,%d,%d,%d,%d,Incorrect web page!PlayerVersionSettings %s\Haihaisoft\XPDF\V%s.lic%s\Haihaisoft\XPDF\Cache</LICSET></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LIC><KID></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LICSET><LIC><KID>%d, reason is:Cannot write license file Cannot get CSIDL_COMMON_APPDATAlicstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x1<TD></TD></LICSET><LIC><KID>%s</KID><CID>%s</CID><CONTENT>%s</CONTENT></LIC></LICSET>Cannot write license file<LICSET><LIC><KID>%s</KID><CID>%s</CID><CONTENT>%s</CONTENT></LIC></LICSET>%s\Haihaisoft\XPDF\bad allocationSUMATRA_PDF_NOTIFICATION_WINDOWSUMATRA_PDF_NOTIFICATION_WINDOWbad allocation&OpenCtrl+O&CloseCtrl+W&Print...Ctrl+P-----Save S&hortcut...Ctrl+Shift+SOpen in &Adobe ReaderOpen in &Foxit ReaderOpen in PDF-XChangeSend by &E-mail...-----P&ropertiesCtrl+D-----E&xitCtrl+Q&Single PageCtrl+6&FacingCtrl+7&Book ViewCtrl+8Show &pages continuously-----Rotate &LeftCtrl+Shift+-Rotate &RightCtrl+Shift++-----Pr&esentationCtrl+LF&ullscreenCtrl+Shift+L-----Book&marksF12Show &Toolbar-----Select &AllCtrl+A&Copy SelectionCtrl+C&Next PageRight Arrow&Previous PageLeft Arrow&First PageHome&Last PageEndPa&ge...Ctrl+G-----&BackAlt+Left ArrowF&orwardAlt+Right Arrow-----Fin&d...Ctrl+FFit &PageCtrl+0&Actual SizeCtrl+1Fit &WidthCtrl+2Fit &ContentCtrl+3Custom &Zoom...Ctrl+Y-----6400%3200%1600%800%400%200%150%125%100%50%25%12.5%8.33%Change Language&Options...Add to favoritesRemove from favoritesShow FavoritesVisit &Website&ManualCheck for &Updates-----&About&Copy SelectionCopy &Link AddressCopy Co&mment-----Select &All-----&Print...P&roperties&Open Document&Pin Document-----&Remove Document&%d) %s-----&File&View&Go To&ZoomF&avorites&Settings&Help&Print... (denied)&OpenCtrl+O&CloseCtrl+W-----E&xitCtrl+QPr&esentationCtrl+LF&ullscreenCtrl+Shift+L-----Book&marksF12Show &Toolbar&Next PageRight Arrow&Previous PageLeft Arrow&First PageHome&Last PageEndPa&ge...Ctrl+G-----&BackAlt+Left ArrowF&orwardAlt+Right

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe "C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe"
Source: unknown	Process created: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe "C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe"

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: sendmail.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: sendmail.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windows.ui.fileexplorer.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: assignedaccessruntime.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: structuredquery.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windows.storage.search.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: networkexplorer.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Window detected: Number of UI elements: 12
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Window detected: Number of UI elements: 12
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Window detected: Number of UI elements: 13
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Window detected: Number of UI elements: 12

Source: Ozn#U00e1men#U00ed o poru#U0161en#U00ed autorsk#U00fdch pr#U00e1v.zip

Static file information: File size 34365663 > 1048576

Source:	Binary string: /app/crashsubmit?appname=SumatraPDFhttp://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5.3.0.pdbSumatraPDF.pdblibmupdf.pdbSumatraPDF-no-MuPDF.pdbhttp://kjkpub.s3.amazonaws.com/sumatrapdf/prerel/SumatraPDF-prerelease-SVN_PRE_RELEASE_VER.pdb.zipsymbols_tmp.ziphttp://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-1.5.3.0.pdb.zipsymbols_tmp.zipSUMATRAPDF_FULLDUMPHaihaisoft PDF Reader crashedSorry, that shouldn't have happened! source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: SumatraPDF-no-MuPDF.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: SumatraPDF-1.5.3.0.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: xOdx>a0m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe
Source:	Binary string: libmupdf.pdb source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000000.1294363218.00000000006C9000.00000002.00000001.01000000.00000006.sdmp, Oznmen o poruen autorskch prv.exe

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes			Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes			Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CB5000.00000004.00000020.00020000.00000000.sdmp, Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Ozn men o poru en autorsk ch pr v.exe, 00000009.00000003.1379495665.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWkQ/

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Program Files (x86) VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Program Files (x86) VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Users\user VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Program Files (x86) VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Program Files (x86) VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Program Files (x86) VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Users VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe	Queries volume information: C:\Program Files (x86) VolumeInformation	Jump to behavior

Searches for user specific document files

Source: C:\Users\user\Desktop\Ozn men o poru en autorsk ch pr v\Ozn men o poru en autorsk ch pr v.exe

Directory queried: C:\Users\user\Documents

Jump to behavior

ID:	1541141
Product:	CloudBasic
Start time:	14:01:23
Start date:	24.10.2024
Sample:	Ozn#U00e1men#U00ed o poru#U0161en#U00ed autorsk#U00fdch pr#U00e1v.zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	a8514c77b69afbb14d56ccacaea28149
SHA1:	b3d430ac79e7a27cc32e37d59f61a44de5a5dfc2
SHA256:	b044a842194be9e0a839e6f4bfc16861318a9e98148c89ad7706a0143efe6479
Filetype:	ZIP compressed archive (8000/1) 99.91%

Windows Analysis Report
Ozn#U00e1men#U00ed o poru#U0161en#U00ed autorsk#U00fdch pr#U00e1v.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report Ozn#U00e1men#U00ed o poru#U0161en#U00ed autorsk#U00fdch pr#U00e1v.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
Ozn#U00e1men#U00ed o poru#U0161en#U00ed autorsk#U00fdch pr#U00e1v.zip