Analysis
-
max time kernel
167s -
max time network
177s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
11-10-2022 06:32
Static task
static1
Behavioral task
behavioral1
Sample
d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe
Resource
win7-20220812-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe
-
Size
1.8MB
-
MD5
069170f61d9638c87dab750877065a4a
-
SHA1
21b592ca0ce2e353640893b039eb84dfc7d55d14
-
SHA256
d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5
-
SHA512
bb9c4965c5b67b2f1c6190de6daad373bc4cdc7b4c596d50547408447ba9553904ec4e9c49038ef2ffafc80dffcd43462a67d7097ed4bdcce60356da6e73d218
-
SSDEEP
24576:EnA1KgRYWHEvtd8LHhFJpxjMnA1KgRYWHEvtd8LHhFJpxjJ:D1K5ve1K5v
Score
10/10
Malware Config
Signatures
-
LockFile
LockFile is a new ransomware that emerged in July 2021 with ProxyShell vulnerabilties.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\he-IL\View3d\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\Internet Explorer\en-US\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sk-SK\View3d\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nb-no\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ko-kr\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.47\ResiliencyLinks\VisualElements\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_f14\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxBlockMap.xml d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sk-sk\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.47\Installer\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\en-us\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\it-IT\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\data\en-us\1.jpg d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\ja-JP\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\th-TH\View3d\3DViewerProductDescription-universal.xml d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\hr-hr\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sl-si\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\5.jpg d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sv-SE\View3d\3DViewerProductDescription-universal.xml d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MotionController_Pair.jpg d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\x86\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\eu-es\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ru-ru\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ko-kr\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\Windows Defender\de-DE\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ja-jp\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrome.7z d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.SmartGlass.Controls\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pl-pl\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ca-es\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\Fonts\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BPFYNFHUWPHNSDE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u08hwRO9h74aYk9.exe,0" d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BPFYNFHUWPHNSDE\shell d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BPFYNFHUWPHNSDE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\u08hwRO9h74aYk9.exe" d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.LOCKFILE d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BPFYNFHUWPHNSDE d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BPFYNFHUWPHNSDE\DefaultIcon d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BPFYNFHUWPHNSDE\shell\open\command d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BPFYNFHUWPHNSDE\shell\open d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.LOCKFILE\ = "BPFYNFHUWPHNSDE" d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BPFYNFHUWPHNSDE\ = "CRYPTED!" d742fc3fe56d39a8245264e3b17480de278b720fd8024c8401886331fbdbcad5.exe