Which of the following best describes a Windows Registry change that redirects the default program used to open common document types (such as .txt or .docx) to an unknown executable located in an unexpected directory?
It is a strong indicator of malware or unauthorized tampering that warrants immediate investigation.
It is standard behavior for legitimate third-party document viewers and can be safely ignored.
It is a recommended performance-optimization technique to speed up document loading.
It is typically harmless and often left over from normal Windows updates.
Redirecting default file associations in the Windows Registry to an unknown or suspicious executable is a classic persistence technique (MITRE ATT&CK T1546.001). Attackers use it so that whenever a user opens a normal document, the malicious program launches, often without the user noticing. Such changes are rarely legitimate and should be investigated immediately. Routine operating-system updates and legitimate software generally point file associations to known, signed executables located in standard paths.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Windows Registry and why is it important?
Open an interactive chat with Bash
What are some signs that a configuration in the Registry might be malicious?
Open an interactive chat with Bash
How can one safely investigate suspicious Registry changes?