What is DropboxExt64.40.0.dll?
DropboxExt64.40.0.dll is part of Dropbox and developed by Dropbox, Inc. according to the DropboxExt64.40.0.dll version information.
DropboxExt64.40.0.dll's description is "Dropbox Shell Extension"
DropboxExt64.40.0.dll is digitally signed by Dropbox, Inc.
DropboxExt64.40.0.dll is usually located in the 'C:\Program Files (x86)\Dropbox\Client\' folder.
Some of the anti-virus scanners at VirusTotal detected DropboxExt64.40.0.dll.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on DropboxExt64.40.0.dll:
| Property | Value |
|---|---|
| Product name | Dropbox |
| Company name | Dropbox, Inc. |
| File description | Dropbox Shell Extension |
| Internal name | DropboxShellExt |
| Original filename | DropboxShellExt.dll |
| Legal copyright | (c) Dropbox, Inc. All rights reserved |
| Product version | 1.0.0.1 |
| File version | 1.0.40.0 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | Dropbox |
| Company name | Dropbox, Inc. |
| File description | Dropbox Shell Extension |
| Internal name | DropboxShellExt |
| Original filename | DropboxShellExt.dll |
| Legal copyright | (c) Dropbox, Inc. All rights reserved |
| Product version | 1.0.0.1 |
| File version | 1.0.40.0 |
Digital signatures [?]
DropboxExt64.40.0.dll has a valid digital signature.
| Property | Value |
|---|---|
| Signer name | Dropbox, Inc |
| Certificate issuer name | DigiCert SHA2 Assured ID Code Signing CA |
| Certificate serial number | 08557a49a29ffd9253ca5ac8780f2c95 |
VirusTotal report
1 of the 72 anti-virus programs at VirusTotal detected the DropboxExt64.40.0.dll file. That's a 1% detection rate.
| Scanner | Detection Name |
|---|---|
| APEX | Malicious |
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt07\\(Default)",
"HKEY_CURRENT_USER\\Directory\\shellex\\CopyHookHandlers\\DropboxCopyHook\\(Default)",
"HKEY_CURRENT_USER\\Directory\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt02\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt09\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt04\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt01\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt05\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\*\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\lnkfile\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt03\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt10\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt08\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt06\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\(Default)"
],
"dll_loaded": [
"kernel32",
"kernel32.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\b877790e1c41bcfb153c135bee8bc7dbc7a5d43ecaba1544b7dfdcedfb0d1cae.bin.dll"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\b877790e1c41bcfb153c135bee8bc7dbc7a5d43ecaba1544b7dfdcedfb0d1cae.bin.dll",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Directory\\Background\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\dllfile\\AutoRegister",
"HKEY_CURRENT_USER\\Directory\\shellex\\CopyHookHandlers",
"HKEY_CURRENT_USER\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\lnkfile",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CLASSES_ROOT\\dllfile",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\*\\shellex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt05",
"HKEY_CURRENT_USER\\Directory",
"HKEY_CURRENT_USER\\*\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Directory\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows",
"HKEY_CURRENT_USER\\Directory\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex",
"HKEY_CURRENT_USER\\CLSID",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\Programmable",
"HKEY_CURRENT_USER\\Software\\Classes",
"HKEY_CURRENT_USER\\Directory\\Background",
"HKEY_CURRENT_USER\\lnkfile\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Software",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\Programmable",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt01",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt02",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt03",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt04",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt06",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt07",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt08",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt09",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\lnkfile\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved",
"HKEY_CURRENT_USER\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\InprocServer32",
"HKEY_CURRENT_USER\\*",
"HKEY_CURRENT_USER\\*\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\Directory\\shellex\\CopyHookHandlers\\DropboxCopyHook",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt10",
"HKEY_CURRENT_USER\\Directory\\shellex",
"HKEY_CLASSES_ROOT\\.dll",
"HKEY_CURRENT_USER\\lnkfile\\shellex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt10"
],
"command_line": [
" C:\\Users\\cuck\\AppData\\Local\\Temp\\b877790e1c41bcfb153c135bee8bc7dbc7a5d43ecaba1544b7dfdcedfb0d1cae.bin.dll"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\b877790e1c41bcfb153c135bee8bc7dbc7a5d43ecaba1544b7dfdcedfb0d1cae.bin.dll"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dll\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
]
}Generic
[
{
"process_path": "C:\\Windows\\SysWOW64\\regsvr32.exe",
"process_name": "regsvr32.exe",
"pid": 2420,
"summary": {
"dll_loaded": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\b877790e1c41bcfb153c135bee8bc7dbc7a5d43ecaba1544b7dfdcedfb0d1cae.bin.dll"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\b877790e1c41bcfb153c135bee8bc7dbc7a5d43ecaba1544b7dfdcedfb0d1cae.bin.dll"
],
"command_line": [
" C:\\Users\\cuck\\AppData\\Local\\Temp\\b877790e1c41bcfb153c135bee8bc7dbc7a5d43ecaba1544b7dfdcedfb0d1cae.bin.dll"
],
"regkey_opened": [
"HKEY_CLASSES_ROOT\\.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\dllfile\\AutoRegister",
"HKEY_CLASSES_ROOT\\dllfile"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\b877790e1c41bcfb153c135bee8bc7dbc7a5d43ecaba1544b7dfdcedfb0d1cae.bin.dll"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dll\\(Default)"
]
},
"first_seen": 1593777186.703125,
"ppid": 1268
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1593777186.328125,
"ppid": 376
},
{
"process_path": "C:\\Windows\\System32\\regsvr32.exe",
"process_name": "regsvr32.exe",
"pid": 2588,
"summary": {
"file_opened": [
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Directory\\Background\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\dllfile\\AutoRegister",
"HKEY_CURRENT_USER\\Directory\\shellex\\CopyHookHandlers",
"HKEY_CURRENT_USER\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\lnkfile",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CLASSES_ROOT\\dllfile",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\*\\shellex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt05",
"HKEY_CURRENT_USER\\Directory",
"HKEY_CURRENT_USER\\*\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Directory\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows",
"HKEY_CURRENT_USER\\Directory\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex",
"HKEY_CURRENT_USER\\CLSID",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\Programmable",
"HKEY_CURRENT_USER\\Software\\Classes",
"HKEY_CURRENT_USER\\Directory\\Background",
"HKEY_CURRENT_USER\\lnkfile\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\Software",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\Programmable",
"HKEY_CURRENT_USER\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\Programmable",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt01",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt02",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt03",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt04",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt06",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt07",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt08",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt09",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\lnkfile\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved",
"HKEY_CURRENT_USER\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\InprocServer32",
"HKEY_CURRENT_USER\\*",
"HKEY_CURRENT_USER\\*\\shellex\\ContextMenuHandlers",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex\\ContextMenuHandlers\\DropboxExt",
"HKEY_CURRENT_USER\\Directory\\shellex\\CopyHookHandlers\\DropboxCopyHook",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt10",
"HKEY_CURRENT_USER\\Directory\\shellex",
"HKEY_CLASSES_ROOT\\.dll",
"HKEY_CURRENT_USER\\lnkfile\\shellex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt10"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dll\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
],
"dll_loaded": [
"kernel32",
"kernel32.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\b877790e1c41bcfb153c135bee8bc7dbc7a5d43ecaba1544b7dfdcedfb0d1cae.bin.dll"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt07\\(Default)",
"HKEY_CURRENT_USER\\Directory\\shellex\\CopyHookHandlers\\DropboxCopyHook\\(Default)",
"HKEY_CURRENT_USER\\Directory\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt02\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt09\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt04\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt01\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt05\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\*\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\lnkfile\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt03\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt10\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}",
"HKEY_CURRENT_USER\\Directory\\Background\\shellex\\ContextMenuHandlers\\DropboxExt\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt08\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\ DropboxExt06\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\CLSID\\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\CLSID\\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\\(Default)"
]
},
"first_seen": 1593777186.90625,
"ppid": 2420
}
]Signatures
[
{
"markcount": 1,
"families": [],
"description": "This executable has a PDB path",
"severity": 1,
"marks": [
{
"category": "pdb_path",
"ioc": "DropboxShellExt.pdb",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_pdb"
},
{
"markcount": 2,
"families": [],
"description": "The file contains an unknown PE resource name possibly indicative of a packer",
"severity": 1,
"marks": [
{
"category": "resource name",
"ioc": "REGISTRY",
"type": "ioc",
"description": null
},
{
"category": "resource name",
"ioc": "TYPELIB",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_unknown_resource_name"
},
{
"markcount": 3,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2588,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007fef0b0a000"
},
"time": 1593776757.534519,
"tid": 2500,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2588,
"type": "call",
"cid": 16
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2588,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feff8fd000"
},
"time": 1593776757.534519,
"tid": 2500,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2588,
"type": "call",
"cid": 18
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2588,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007fefca66000"
},
"time": 1593776757.534519,
"tid": 2500,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2588,
"type": "call",
"cid": 20
}
],
"references": [],
"name": "allocates_rwx"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 662,
"time": 6.191467046737671,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 5694,
"time": 6.138859987258911,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 6022,
"time": 4.1311609745025635,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 6350,
"time": 6.149503946304321,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 6678,
"time": 4.635512113571167,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7006,
"time": 3.0183370113372803,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 7334,
"time": 4.647066116333008,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 20274,
"time": 4.152436017990112,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 28658,
"time": 6.256127119064331,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "91be5abd43476c4f9440c7483eeae8f50cc1efe309a4271b1c5ff1ed5a20e345",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "29fea0887365f4cfef920ee8400ab60873cb9fd895ed5e2a989cfb0aebefbd5b",
"irc": [],
"https_ex": []
}Screenshots
Hashes [?]
| Property | Value |
|---|---|
| MD5 | f53ef7b99810062300f7405f74e8a729 |
| SHA256 | b877790e1c41bcfb153c135bee8bc7dbc7a5d43ecaba1544b7dfdcedfb0d1cae |
What will you do with the file?
To help other users, please let us know what you will do with the file:
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.