What is DropboxExt.46.0.dll?
DropboxExt.46.0.dll is part of Dropbox and developed by Dropbox, Inc. according to the DropboxExt.46.0.dll version information.
DropboxExt.46.0.dll's description is "Dropbox Shell Extension"
DropboxExt.46.0.dll is digitally signed by Dropbox, Inc.
DropboxExt.46.0.dll is usually located in the 'C:\Program Files\Dropbox\Client\' folder.
None of the anti-virus scanners at VirusTotal reports anything malicious about DropboxExt.46.0.dll.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on DropboxExt.46.0.dll:
| Property | Value |
|---|---|
| Product name | Dropbox |
| Company name | Dropbox, Inc. |
| File description | Dropbox Shell Extension |
| Internal name | DropboxShellExt |
| Original filename | DropboxShellExt.dll |
| Legal copyright | (c) Dropbox, Inc. All rights reserved |
| Product version | 1.0.0.1 |
| File version | 1.0.46.0 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | Dropbox |
| Company name | Dropbox, Inc. |
| File description | Dropbox Shell Extension |
| Internal name | DropboxShellExt |
| Original filename | DropboxShellExt.dll |
| Legal copyright | (c) Dropbox, Inc. All rights reserved |
| Product version | 1.0.0.1 |
| File version | 1.0.46.0 |
Digital signatures [?]
DropboxExt.46.0.dll has a valid digital signature.
| Property | Value |
|---|---|
| Signer name | Dropbox, Inc |
| Certificate issuer name | DigiCert SHA2 Assured ID Code Signing CA |
| Certificate serial number | 08557a49a29ffd9253ca5ac8780f2c95 |
VirusTotal report
None of the 70 anti-virus programs at VirusTotal detected the DropboxExt.46.0.dll file.
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_opened": [
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex\\ContextMenuHandlers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\dllfile\\AutoRegister",
"HKEY_CURRENT_USER\\Directory\\shellex\\CopyHookHandlers",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\Programmable",
"HKEY_CURRENT_USER\\Software\\Microsoft",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\Programmable",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\lnkfile",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CLASSES_ROOT\\dllfile",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt08",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt09",
"HKEY_CURRENT_USER\\*\\shellex",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt01",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt02",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt03",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt04",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt05",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt06",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt07",
"HKEY_CURRENT_USER\\*\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\lnkfile\\shellex",
"HKEY_CURRENT_USER\\Directory\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows",
"HKEY_CURRENT_USER\\Directory",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Directory\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt10",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Classes",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt2",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Directory\\Background",
"HKEY_CURRENT_USER\\lnkfile\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\lnkfile\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved",
"HKEY_CURRENT_USER\\*",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\*\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\CLSID",
"HKEY_CURRENT_USER\\Directory\\shellex\\CopyHookHandlers\\DropboxCopyHook",
"HKEY_CURRENT_USER\\Directory\\shellex",
"HKEY_CLASSES_ROOT\\.dll",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dll\\(Default)"
],
"dll_loaded": [
"kernel32",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\56f75424a17cd2591d0eb83088b66a4ae9796bd2d7ab31ccb87a1928599a6c28.bin.dll",
"kernel32.dll"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt10\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt04\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt07\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt09\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt06\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt03\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\Directory\\shellex\\CopyHookHandlers\\DropboxCopyHook\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt02\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\*\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt08\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\lnkfile\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt05\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Directory\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt01\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)"
]
}Generic
[
{
"process_path": "C:\\Windows\\SysWOW64\\regsvr32.exe",
"process_name": "regsvr32.exe",
"pid": 1268,
"summary": {
"file_opened": [
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex\\ContextMenuHandlers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\dllfile\\AutoRegister",
"HKEY_CURRENT_USER\\Directory\\shellex\\CopyHookHandlers",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\Programmable",
"HKEY_CURRENT_USER\\Software\\Microsoft",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\Programmable",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\lnkfile",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CLASSES_ROOT\\dllfile",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt08",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt09",
"HKEY_CURRENT_USER\\*\\shellex",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt01",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt02",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt03",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt04",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt05",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt06",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt07",
"HKEY_CURRENT_USER\\*\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\lnkfile\\shellex",
"HKEY_CURRENT_USER\\Directory\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows",
"HKEY_CURRENT_USER\\Directory",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Directory\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt10",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Classes",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt2",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Directory\\Background",
"HKEY_CURRENT_USER\\lnkfile\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\lnkfile\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved",
"HKEY_CURRENT_USER\\*",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\*\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\CLSID",
"HKEY_CURRENT_USER\\Directory\\shellex\\CopyHookHandlers\\DropboxCopyHook",
"HKEY_CURRENT_USER\\Directory\\shellex",
"HKEY_CLASSES_ROOT\\.dll",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dll\\(Default)"
],
"dll_loaded": [
"kernel32",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\56f75424a17cd2591d0eb83088b66a4ae9796bd2d7ab31ccb87a1928599a6c28.bin.dll",
"kernel32.dll"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt10\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt04\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt07\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt09\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt06\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt03\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\Directory\\shellex\\CopyHookHandlers\\DropboxCopyHook\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt02\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\*\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt08\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\lnkfile\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt05\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Directory\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\ShellIconOverlayIdentifiers\\ DropboxExt01\\(Default)",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Wow6432Node\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)"
]
},
"first_seen": 1606074786.65625,
"ppid": 2308
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1606074786.34375,
"ppid": 376
}
]Signatures
[
{
"markcount": 1,
"families": [],
"description": "This executable has a PDB path",
"severity": 1,
"marks": [
{
"category": "pdb_path",
"ioc": "DropboxShellExt.pdb",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_pdb"
},
{
"markcount": 2,
"families": [],
"description": "The file contains an unknown PE resource name possibly indicative of a packer",
"severity": 1,
"marks": [
{
"category": "resource name",
"ioc": "REGISTRY",
"type": "ioc",
"description": null
},
{
"category": "resource name",
"ioc": "TYPELIB",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_unknown_resource_name"
},
{
"markcount": 1,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1268,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x74b87000"
},
"time": 1606074786.87425,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 1268,
"type": "call",
"cid": 10
}
],
"references": [],
"name": "allocates_rwx"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 662,
"time": 6.240962028503418,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 4434,
"time": 6.184223890304565,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 4762,
"time": 4.176455974578857,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 5090,
"time": 6.193910121917725,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 5418,
"time": 4.2009289264678955,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 5746,
"time": 3.061621904373169,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 6074,
"time": 4.742202043533325,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 14756,
"time": 4.242712020874023,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 18948,
"time": 6.273164987564087,
"dport": 1900,
"sport": 54258
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "04eefa29fa9bc202017006860f830a9fe3ee9d7106a508f8ebc687df1b7ad367",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "fe44e43c7ad664ce8c884da32da1f3a7a2c516de839478d0a4a6f485a3023988",
"irc": [],
"https_ex": []
}Screenshots
Hashes [?]
| Property | Value |
|---|---|
| MD5 | 4fe209780270f71320cd6bee864bb844 |
| SHA256 | 56f75424a17cd2591d0eb83088b66a4ae9796bd2d7ab31ccb87a1928599a6c28 |
What will you do with the file?
To help other users, please let us know what you will do with the file:
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.