Source: classification engine |
Classification label: clean0.winTXT@1/0@0/0 |
Source: C:\Windows\System32\notepad.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Windows\System32\notepad.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32 |
Jump to behavior |
Source: notepad.exe, 00000000.00000002.473998873.00000214130B0000.00000002.00000001.sdmp |
Binary or memory string: Program Manager |
Source: notepad.exe, 00000000.00000002.473998873.00000214130B0000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: notepad.exe, 00000000.00000002.473998873.00000214130B0000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: notepad.exe, 00000000.00000002.473998873.00000214130B0000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Windows\System32\notepad.exe |
Queries volume information: C:\Users\user\Desktop\test.txt VolumeInformation |
Jump to behavior |