Source: Notepad2.exe | Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: Notepad2.exe | String found in binary or memory: http://www.flos-freeware.ch |
Source: Notepad2.exe | String found in binary or memory: http://www.flos-freeware.ch.JNo |
Source: Notepad2.exe | String found in binary or memory: http://www.flos-freeware.chFlorian |
Source: Notepad2.exe | String found in binary or memory: http://www.flos-freeware.chflorian.balmer |
Source: Notepad2.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: Notepad2.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: Notepad2.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: Notepad2.exe | Binary or memory string: OriginalFilename vs Notepad2.exe |
Source: Notepad2.exe, 00000001.00000002.942494383.0000000002D10000.00000002.00000001.sdmp | Binary or memory string: originalfilename vs Notepad2.exe |
Source: Notepad2.exe, 00000001.00000002.942494383.0000000002D10000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs Notepad2.exe |
Source: classification engine | Classification label: clean1.winEXE@1/0@0/0 |
Source: Notepad2.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\Notepad2.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: Notepad2.exe | String found in binary or memory: et-event get-eventlog get-eventsubscriber get-executionpolicy get-formatdata get-help get-history get-host get-hotfix get-item get-itemproperty get-job get-location get-member get-module get-pfxcertificate get-process get-psbreakpoint get-pscallstack get-psdri |
Source: Notepad2.exe | String found in binary or memory: add-computer add-content add-history add-member add-pssnapin add-type checkpoint-computer clear-content clear-eventlog clear-history clear-host clear-item clear-itemproperty clear-variable compare-object complete-transaction connect-wsman convertfrom-csv convertfrom-securestring convertfrom-stringdata convert-path convertto-csv convertto-html convertto-securestring convertto-xml copy-item copy-itemproperty debug-process disable-computerrestore disable-psbreakpoint disable-psremoting disable-pssessionconfiguration disable-wsmancredssp disconnect-wsman enable-computerrestore enable-psbreakpoint enable-psremoting enable-pssessionconfiguration enable-wsmancredssp enter-pssession exit-pssession export-alias export-clixml export-console export-counter export-csv export-formatdata export-modulemember export-pssession foreach-object format-custom format-list format-table format-wide get-acl get-alias get-authenticodesignature get-childitem get-command get-computerrestorepoint get-content get-counter get-credential get-culture get-date get-event get-eventlog get-eventsubscriber get-executionpolicy get-formatdata get-help get-history get-host get-hotfix get-item get-itemproperty get-job get-location get-member get-module get-pfxcertificate get-process get-psbreakpoint get-pscallstack get-psdrive get-psprovider get-pssession get-pssessionconfiguration get-pssnapin get-random get-service get-tracesource get-transaction get-uiculture get-unique get-variable get-verb get-winevent get-wmiobject get-wsmancredssp get-wsmaninstance group-object import-alias import-clixml import-counter import-csv import-localizeddata import-module import-pssession invoke-command invoke-expression invoke-history invoke-item invoke-wmimethod invoke-wsmanaction join-path limit-eventlog measure-command measure-object move-item move-itemproperty new-alias new-event new-eventlog new-item new-itemproperty new-module new-modulemanifest new-object new-psdrive new-pssession new-pssessionoption new-service new-timespan new-variable new-webserviceproxy new-wsmaninstance new-wsmansessionoption out-default out-file out-gridview out-host out-null out-printer out-string pop-location push-location read-host receive-job register-engineevent register-objectevent register-pssessionconfiguration register-wmievent remove-computer remove-event remove-eventlog remove-item remove-itemproperty remove-job remove-module remove-psbreakpoint remove-psdrive remove-pssession remove-pssnapin remove-vari |