Whan a file extension inside the analysis VM (Windows) is not associated with an
application Windows presents the user with a dialog to choose the application
with which to open the file or search the web.
These reg files applied to Windows 7 or Windows 10 respectively will set keys
inside the registry to open files with unassociated file extensions with
wordpad. This imitates the actions of an experienced user.
False positives due to the open with dialog are avoided while not introducing a
high risk for new false positives.
In addition it could be possible to target an experienced user and wordpad using
an unassigned file extension. Which now can be detected.
Whan a file extension inside the analysis VM (Windows) is not associated with an application Windows presents the user with a dialog to choose the application with which to open the file or search the web.
These reg files applied to Windows 7 or Windows 10 respectively will set keys inside the registry to open files with unassociated file extensions with wordpad. This imitates the actions of an experienced user.
False positives due to the open with dialog are avoided while not introducing a high risk for new false positives.
In addition it could be possible to target an experienced user and wordpad using an unassigned file extension. Which now can be detected.