Source: C:\Windows\SysWOW64\mspaint.exe |
File created: C:\Windows\Debug\WIA |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
File created: C:\Windows\Debug\WIA\wiatrace.log |
Jump to behavior |
Source: classification engine |
Classification label: clean1.winPNG@1/1@0/0 |
Source: C:\Windows\SysWOW64\mspaint.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: mfc42u.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: msftedit.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: uiribbon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: efswrt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: sti.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: wiatrace.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: atlthunk.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: photometadatahandler.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: C:\Windows\SysWOW64\mspaint.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: mspaint.exe, 00000000.00000002.3290782674.0000000002C0F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}V?$ |
Source: mspaint.exe, 00000000.00000002.3290782674.0000000002C0F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\ |
Source: C:\Windows\SysWOW64\mspaint.exe |
Process information queried: ProcessInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\mspaint.exe |
Queries volume information: C:\Users\user\Desktop\Outlook-ghmt04mr.png VolumeInformation |
Jump to behavior |