| Source: C:\Windows\System32\notepad.exe |
Window detected: IMPORTANT NOTICE: This license only applies if you downloaded this content asa subscribed (or "premium") user. If you are an unsubscribed user (or "free"user) you are bound to the license terms described in the accompanying file"License free.txt".---------------------You can download from your profile in Freepik a personalized license statingyour right to use this content as a "premium" user: https://profile.freepik.com/my_downloadsYou are free to use this image:- For both personal and commercial projects and to modify it.- In a website or presentation template or application or as part of your design.You are not allowed to:- Sub-license resell or rent it.- Include it in any online or offline archive or database.The full terms of the license are described in sections 7 and 8 of the Freepikterms of use available online in the following link: http://www.freepik.com/terms_of_useThe terms described in the above link have precedence over the terms describedin the present document. In case of disagreement the Freepik Terms of Usewill prevail. |
| Source: notepad.exe, 00000000.00000002.3435965402.000002922DF8C000.00000004.00000020.00020000.00000000.sdmp, License premium.txt |
String found in binary or memory: http://www.freepik.com/terms_of_use |
| Source: notepad.exe, 00000000.00000002.3435965402.000002922DF8C000.00000004.00000020.00020000.00000000.sdmp, License premium.txt |
String found in binary or memory: https://profile.freepik.com/my_downloads |
| Source: classification engine |
Classification label: clean0.winTXT@1/0@0/0 |
| Source: C:\Windows\System32\notepad.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: mrmcorer.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: textshaping.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: efswrt.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: mpr.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: oleacc.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: propsys.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: policymanager.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32 |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Window detected: IMPORTANT NOTICE: This license only applies if you downloaded this content asa subscribed (or "premium") user. If you are an unsubscribed user (or "free"user) you are bound to the license terms described in the accompanying file"License free.txt".---------------------You can download from your profile in Freepik a personalized license statingyour right to use this content as a "premium" user: https://profile.freepik.com/my_downloadsYou are free to use this image:- For both personal and commercial projects and to modify it.- In a website or presentation template or application or as part of your design.You are not allowed to:- Sub-license resell or rent it.- Include it in any online or offline archive or database.The full terms of the license are described in sections 7 and 8 of the Freepikterms of use available online in the following link: http://www.freepik.com/terms_of_useThe terms described in the above link have precedence over the terms describedin the present document. In case of disagreement the Freepik Terms of Usewill prevail. |
| Source: C:\Windows\System32\notepad.exe |
Queries volume information: C:\Users\user\Desktop\License premium.txt VolumeInformation |
Jump to behavior |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet