Trojan.Encoder.44515

Technical Information

Malicious functions

To complicate detection of its presence in the operating system,

blocks execution of the following system utilities:

Windows Defender

Executes the following

'<SYSTEM32>\taskkill.exe' /F /IM MsMpEng.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM NisSrv.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM SecurityHealthService.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM avgnt.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM avguard.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM avgcsrvx.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM avgsvc.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM kavtray.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM avp.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM ekrn.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM egui.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM bdagent.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM vsserv.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM mcshield.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM shstat.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM avastui.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM avastsvc.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM aswidsagent.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM sophoshealth.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM savservice.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM tmbmsrv.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM pccntmon.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM wrsa.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM mbamservice.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM mbam.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM veeam.backup.service.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM veeamdeploymentsvc.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM BackupExecVSSProvider.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM BackupExecAgentBrowser.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM BackupExecJobEngine.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM AcronisCyberProtect.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM mms.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM synctime.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM sqlservr.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM mysqld.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM oracle.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM postgres.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM mongod.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM MSExchangeMailboxAssistants.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM MSExchangeTransport.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM outlook.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM thunderbird.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM procmon.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM procexp.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM tcpview.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM autoruns.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM wireshark.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM processhacker.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM ollydbg.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM x64dbg.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM ida.exe /T >nul 2>&1
'<SYSTEM32>\taskkill.exe' /F /IM ida64.exe /T >nul 2>&1

Launches a large number of processes

Patches code

in dll

gjaz.exe process, KERNEL32.dll module
gjaz.exe process, KERNELBASE.dll module

in NTDLL dll

gjaz.exe process, ntdll.dll module

Reads files which store third party applications passwords

%LOCALAPPDATA%\google\chrome\user data\default\login data
%LOCALAPPDATA%\google\chrome\user data\default\cookies
%LOCALAPPDATA%\google\chrome\user data\default\web data
%LOCALAPPDATA%\microsoft\edge\user data\default\login data
%LOCALAPPDATA%\microsoft\edge\user data\default\web data
%HOMEPATH%\desktop\1189.jpeg
%HOMEPATH%\desktop\2.jpeg
%HOMEPATH%\desktop\dial.bmp
%HOMEPATH%\desktop\dashborder_144.bmp
%HOMEPATH%\desktop\correct.avi
%HOMEPATH%\desktop\4f0bf7ff71f28.jpg
%HOMEPATH%\desktop\delete.avi
%HOMEPATH%\desktop\1189.jpg
%HOMEPATH%\desktop\applicantform_en.doc
%HOMEPATH%\desktop\13.jpeg
%HOMEPATH%\desktop\glidescope_review_rev_010.docx
%HOMEPATH%\desktop\iisstart.htm
%HOMEPATH%\desktop\64bit_notes.htm
%HOMEPATH%\desktop\adadsi.html
%HOMEPATH%\desktop\issi2013_template_for_posters.docx
%HOMEPATH%\desktop\508softwareandos.doc
%HOMEPATH%\desktop\coffee.bmp
%HOMEPATH%\desktop\ituneshelpunavailable.htm
%HOMEPATH%\desktop\advice_process.htm
%HOMEPATH%\desktop\archer.avi
%HOMEPATH%\desktop\ovp25012015.doc
%HOMEPATH%\desktop\pushkin.jpg
%HOMEPATH%\desktop\region-north-karelia.jpeg
%HOMEPATH%\desktop\split.avi
%HOMEPATH%\desktop\toolbar.bmp
%HOMEPATH%\desktop\trivial-merge.html
%HOMEPATH%\desktop\tileimage.bmp
%HOMEPATH%\desktop\holycrosschurchinstructions.docx
%HOMEPATH%\desktop\file_p_00000000_1371597592.docx
%HOMEPATH%\desktop\browse.htm
%HOMEPATH%\desktop\weeklysheet1215.doc
%APPDATA%\opera software\opera stable\login data

Searches for windows to

detect analytical utilities:

ClassName: 'RegmonClass', WindowName: ''
ClassName: 'FilemonClass', WindowName: ''
ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'

Modifies file system

Creates the following files

%ALLUSERSPROFILE%\mntemp
%HOMEPATH%\desktop\lockzer.txt
%LOCALAPPDATA%\google\chrome\user data\default\cache\data_0.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\cache\data_3.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\databases\databases.db.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\extension cookies.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\128.png.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\cache\data_1.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\cookies.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\48.png.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\current session.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\128.png.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\icon_128.png.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\cache\data_2.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\cache\index.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\128.png.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\32.png.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\favicons.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\128.png.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\google profile.ico.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\history.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\history-journal.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\login data.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\network action predictor.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\preferences.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\quotamanager.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\secure preferences.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\shortcuts.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\top sites.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\visited links.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\web data.lockzer
%LOCALAPPDATA%\google\chrome\user data\local state.lockzer
%LOCALAPPDATA%\google\chrome\user data\safe browsing cookies.lockzer
%LOCALAPPDATA%\google\chrome\user data\default\chromedwritefontcache.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\default\secure preferences.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\default\login data.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\local state.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\functional san data.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\grshadercache\gpucache\data_0.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\grshadercache\gpucache\data_1.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\shadercache\gpucache\data_0.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\functional data.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\grshadercache\gpucache\data_2.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\grshadercache\gpucache\index.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\grshadercache\gpucache\data_3.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\shadercache\gpucache\data_1.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\default\edge profile.ico.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\default\history.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\shadercache\gpucache\data_2.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\shadercache\gpucache\data_3.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\crashpadmetrics-active.pma.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\crashpadmetrics.pma.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\default\top sites.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\default\preferences.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\default\favicons.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\default\media history.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\default\web data.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\default\visited links.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\shadercache\gpucache\index.lockzer
%APPDATA%\microsoft\speech\files\userlexicons\sp_a1f1aaca9fa44a43bc64d69e97eab37e.dat
%LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-6977d539-11b0.pma.lockzer
%LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-66b96068-2f8.pma.lockzer
%LOCALAPPDATA%\opera software\opera stable\cache\data_0.lockzer
%LOCALAPPDATA%\opera software\opera stable\cache\data_2.lockzer
%LOCALAPPDATA%\opera software\opera stable\cache\data_3.lockzer
%LOCALAPPDATA%\opera software\opera stable\cache\data_1.lockzer
%LOCALAPPDATA%\opera software\opera stable\cache\index.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186237.f25f5a62-89ef-4fa6-bcd1-17fb20e245e0.event.jsonlz4.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cookies.sqlite.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186304.df151785-6317-4a9b-a34f-33db9e13ed66.first-shutdown.jsonlz4.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cookies.sqlite-shm.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\addonstartup.json.lz4.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186300.bf64c134-4580-4cec-a821-b1c0a18188bf.main.jsonlz4.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\datareporting\archived\2024-08\1723427186024.607ca866-e4d6-4cd9-8292-f41050b95703.new-profile.jsonlz4.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\content-prefs.sqlite.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\extension-preferences.json.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\favicons.sqlite-shm.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\prefs.js.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\permissions.sqlite.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\places.sqlite-shm.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\extensions.json.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\key4.db.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\607ca866-e4d6-4cd9-8292-f41050b95703.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cert9.db.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\bf64c134-4580-4cec-a821-b1c0a18188bf.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\formhistory.sqlite.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\f25f5a62-89ef-4fa6-bcd1-17fb20e245e0.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\sessionstore-backups\upgrade.jsonlz4-20210823123856.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\1e06f8ad978f3db5.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\saved-telemetry-pings\df151785-6317-4a9b-a34f-33db9e13ed66.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\da4c9310e207ac.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\f0293cbb63bd1108.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\d6fc52c303255c71.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\c9728106a3f7dd63.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\be1d01d9681d14d5.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\ad7b8894f3e04020.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\ac17e80ffc3c70cd.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\9803623ba1f8b478.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\88c347015146120f.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\67e7e0482fcb91.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\628a1d0072cbecd7.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\618402d7d4853303.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\4984dbbec049ae1a.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\5802f695ed438e48.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\1e01f83333bad4f4.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\shader-cache\5d3fadd6bef54fea.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\default\moz-extension+++dbda0cde-7d0a-4e53-a3f9-27dc54886ff6^usercontextid=4294967295\idb\3647222921wleabceoxlt-eengsairo.sql...
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\1657114595amcateirvtisty.sqlite.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\storage.sqlite.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\user.js.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\webappsstore.sqlite.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\webappsstore.sqlite-shm.lockzer
%APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\user.js.lockzer
%TEMP%\wallpaper_913125.jpg
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\favicons.sqlite.lockzer
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\places.sqlite.lockzer
%HOMEPATH%\desktop\dial.bmp.lockzer
%HOMEPATH%\desktop\calc.exe.lockzer
%HOMEPATH%\desktop\telegram.lnk.lockzer
%HOMEPATH%\desktop\dotnetfx45_full_setup.exe.lockzer
%HOMEPATH%\desktop\google chrome.lnk.lockzer
%HOMEPATH%\desktop\utorrent.exe.lockzer
%HOMEPATH%\desktop\winmine.exe.lockzer
%LOCALAPPDATA%\google\chrome\application\chrome.exe.lockzer
%APPDATA%\telegram desktop\telegram.exe.lockzer
%APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\microsoft edge.lnk.lockzer
%APPDATA%\microsoft\office\recent\templates.lnk.lockzer
%APPDATA%\microsoft\windows\libraries\documents.library-ms.lockzer
%APPDATA%\microsoft\windows\libraries\pictures.library-ms.lockzer
%APPDATA%\microsoft\internet explorer\quick launch\google chrome.lnk.lockzer
%APPDATA%\microsoft\windows\libraries\music.library-ms.lockzer
%APPDATA%\microsoft\windows\libraries\videos.library-ms.lockzer
%APPDATA%\microsoft\windows\sendto\fax recipient.lnk.lockzer
%APPDATA%\microsoft\office\mso1033.acl.lockzer
%APPDATA%\microsoft\windows\recent\automaticdestinations\5f7b5f1e01b83767.automaticdestinations-ms.lockzer
%APPDATA%\microsoft\windows\recent\customdestinations\5cc8a0f642693576.customdestinations-ms.lockzer
%APPDATA%\microsoft\windows\sendto\bluetooth file transfer.lnk.lockzer
%APPDATA%\microsoft\windows\recent\automaticdestinations\6824f4a902c78fbd.automaticdestinations-ms.lockzer
%APPDATA%\microsoft\bibliography\style\gosttitle.xsl.lockzer
%APPDATA%\microsoft\windows\start menu\programs\accessibility\magnify.lnk.lockzer
%APPDATA%\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms.lockzer
%APPDATA%\microsoft\bibliography\style\apasixtheditionofficeonline.xsl.lockzer
%APPDATA%\microsoft\bibliography\style\iso690nmerical.xsl.lockzer
%APPDATA%\microsoft\windows\start menu\programs\accessibility\on-screen keyboard.lnk.lockzer
%APPDATA%\microsoft\windows\recent\customdestinations\6824f4a902c78fbd.customdestinations-ms.lockzer
%APPDATA%\microsoft\windows\start menu\programs\winrar\console rar manual.lnk.lockzer
%APPDATA%\microsoft\windows\start menu\programs\winrar\what is new in the latest version.lnk.lockzer
%APPDATA%\microsoft\windows\start menu\programs\winrar\winrar help.lnk.lockzer
%APPDATA%\microsoft\templates\normal.dotm.lockzer
%APPDATA%\microsoft\windows\start menu\programs\winrar\winrar.lnk.lockzer
%APPDATA%\microsoft\bibliography\style\mlaseventheditionofficeonline.xsl.lockzer
%APPDATA%\microsoft\windows\recent\automaticdestinations\f8f05350c84c9d76.automaticdestinations-ms.lockzer
%APPDATA%\microsoft\bibliography\style\harvardanglia2008officeonline.xsl.lockzer
%APPDATA%\microsoft\windows\recent\customdestinations\4ee0ff9da153c9a7.customdestinations-ms.lockzer
%APPDATA%\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms.lockzer
%APPDATA%\microsoft\bibliography\style\sist02.xsl.lockzer
%APPDATA%\microsoft\internet explorer\quick launch\microsoft edge.lnk.lockzer
%APPDATA%\microsoft\windows\start menu\programs\accessibility\narrator.lnk.lockzer
%APPDATA%\microsoft\windows\start menu\programs\accessories\internet explorer.lnk.lockzer
%APPDATA%\microsoft\windows\start menu\programs\telegram desktop\telegram.lnk.lockzer
%APPDATA%\microsoft\windows\start menu\programs\system tools\administrative tools.lnk.lockzer
%APPDATA%\microsoft\windows\start menu\programs\google chrome\google chrome.lnk.lockzer
%APPDATA%\opera software\opera stable\bookmarks.lockzer
%APPDATA%\opera software\opera stable\current session.lockzer
%APPDATA%\microsoft\windows\start menu\programs\system tools\command prompt.lnk.lockzer
%APPDATA%\microsoft\windows\start menu\programs\onedrive.lnk.lockzer
%APPDATA%\microsoft\bibliography\style\ieee2006officeonline.xsl.lockzer
%APPDATA%\opera software\opera stable\favicons.lockzer
%APPDATA%\microsoft\bibliography\style\iso690.xsl.lockzer
%APPDATA%\microsoft\windows\start menu\programs\telegram desktop\uninstall telegram.lnk.lockzer
%APPDATA%\opera software\opera stable\default_partner_content.json.lockzer
%APPDATA%\opera software\opera stable\history.lockzer
%APPDATA%\microsoft\bibliography\style\turabian.xsl.lockzer
%APPDATA%\microsoft\windows\start menu\programs\windows powershell\windows powershell (x86).lnk.lockzer
%APPDATA%\microsoft\bibliography\style\chicago.xsl.lockzer
%APPDATA%\opera software\opera stable\history-journal.lockzer
%APPDATA%\opera software\opera stable\transportsecurity.lockzer
%APPDATA%\opera software\opera stable\login data.lockzer
%APPDATA%\opera software\opera stable\local storage\chrome_startpage_0.localstorage.lockzer
%APPDATA%\opera software\opera stable\preferences.lockzer
%APPDATA%\opera software\opera stable\visited links.lockzer
%APPDATA%\telegram desktop\updater.exe.lockzer
%APPDATA%\opera software\opera stable\web data.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\abook.sqlite.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\addonstartup.json.lz4.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\1723427186027.740f65ac-6c92-4860-a433-5c4acb1df428.new-profile.jsonlz4.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\extensions.json.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\1723427186364.ea3bd3ee-1392-479f-ab3c-37fb050509c4.main.jsonlz4.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\enigmail.sqlite.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\datareporting\archived\2024-08\1723427186367.5fb935d8-7cd4-40ee-aeeb-ffd7037d7c83.first-shutdown.jsonlz4.lockzer
%APPDATA%\microsoft\bibliography\style\gb.xsl.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\blist.sqlite.lockzer
%APPDATA%\microsoft\bibliography\style\gostname.xsl.lockzer
%APPDATA%\microsoft\windows\start menu\programs\windows powershell\windows powershell.lnk.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\cookies.sqlite.lockzer
%APPDATA%\telegram desktop\unins000.exe.lockzer
%APPDATA%\microsoft\windows\themes\transcodedwallpaper.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\global-messages-db.sqlite.lockzer
%APPDATA%\microsoft\word\~wra0003.wbk.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\history.sqlite.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\openpgp.sqlite.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\permissions.sqlite.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\favicons.sqlite.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\formhistory.sqlite.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\places.sqlite.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\prefs.js.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\5fb935d8-7cd4-40ee-aeeb-ffd7037d7c83.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\740f65ac-6c92-4860-a433-5c4acb1df428.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\saved-telemetry-pings\ea3bd3ee-1392-479f-ab3c-37fb050509c4.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\search.json.mozlz4.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\storage.sqlite.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\webappsstore.sqlite.lockzer
%APPDATA%\thunderbird\profiles\gbmwccb6.default-release\xulstore.json.lockzer
%ProgramFiles(x86)%\microsoft\edge\application\msedge.exe.lockzer
%ProgramFiles%\internet explorer\iexplore.exe.lockzer
%ProgramFiles%\winrar\rar.txt.lockzer
%ProgramFiles%\winrar\whatsnew.txt.lockzer
%ProgramFiles%\winrar\winrar.chm.lockzer
%ProgramFiles%\winrar\winrar.exe.lockzer
%LOCALAPPDATA%\comms\unistoredb\store.jfm.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\pl.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\am.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\fr.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\pt-br.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\ar.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\pt-pt.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\gu.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\he.pak.lockzer
%LOCALAPPDATA%\microsoft\media player\sync playlists\en-us\00018047\01_music_auto_rated_at_5_stars.wpl.lockzer
%LOCALAPPDATA%\microsoft\media player\sync playlists\en-us\00018047\02_music_added_in_the_last_month.wpl.lockzer
%LOCALAPPDATA%\microsoft\tokenbroker\cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\bg.pak.lockzer
%LOCALAPPDATA%\microsoft\media player\sync playlists\en-us\00018047\03_music_rated_at_4_or_5_stars.wpl.lockzer
%LOCALAPPDATA%\microsoft\media player\sync playlists\en-us\00018047\04_music_played_in_the_last_month.wpl.lockzer
%LOCALAPPDATA%\microsoft\media player\sync playlists\en-us\00018047\07_tv_recorded_in_the_last_week.wpl.lockzer
%LOCALAPPDATA%\microsoft\windows\webcache\v01.chk.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\ro.pak.lockzer
%LOCALAPPDATA%\microsoft\windows\winx\group2\3 - windows explorer.lnk.lockzer
%LOCALAPPDATA%\microsoft\windows\winx\group2\4 - control panel.lnk.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\834a70e2f0c1bc8b30fb855e9ac06b4a94f892d6.lockzer
%LOCALAPPDATA%\microsoft\windows\winx\group3\01a - windows powershell.lnk.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\89c9b59023c6004c5fca8e641b2bd533baa7f06e.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\0378bba2a12f7703e4238f6201dce8dbd46a867a.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\d6b0add0daea00708cbb4290b85cca0e0fa79061.lockzer
%LOCALAPPDATA%\microsoft\windows\webcache\v01res00001.jrs.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\89f2f7b5ac6c606ca6223b1c39fb4ed3a611b5c0.lockzer
%LOCALAPPDATA%\microsoft\windows\winx\group3\02 - command prompt.lnk.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\176fd636e39fb6227dde53e34880eda02e261be1.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\f7d0ce5f67bbf807647cadca3476fb65823ade6c.lockzer
%LOCALAPPDATA%\microsoft\windows\winx\group3\02a - windows powershell.lnk.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\192f64839342ebee36eec37666dd11a9e37297fd.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\8af5d98ea49bfc5f75dbbb8cbe9cadf11b63e0f4.lockzer
%LOCALAPPDATA%\microsoft\windows\winx\group3\04-1 - networkstatus.lnk.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\ff63a96cb0ee05c4e8600cafada617eba0bab35d.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\22914084a5d64db047ed122362f901e86268812e.lockzer
%LOCALAPPDATA%\microsoft\windows\winx\group3\05 - device manager.lnk.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\90e321ee94230dcdbdcd2ec0b77c695a4fc21f78.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\2962b788cebcb0f9f557237f89903b457eff4fdc.lockzer
%LOCALAPPDATA%\microsoft\windows\winx\group3\06 - systemabout.lnk.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\2cb84dd9abb4e1485d83397c59b193094e1abfc7.lockzer
%LOCALAPPDATA%\microsoft\windows\winx\group3\08 - powerandsleep.lnk.lockzer
%LOCALAPPDATA%\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\systemappdata\helium\user.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.photos_8wekyb3d8bbwe\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\microsoft\cryptneturlcache\content\57c8edb95df3f0ad4ee2dc2b8cfd4157.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_autogenerated_{b994e73c-a04f-5ddb-a2b2-b093ba9d8a78}.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_21[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.bingweather_8wekyb3d8bbwe\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\microsoft\cryptneturlcache\content\fb0d848f74f70bb2eaa93746d24d9749.lockzer
%LOCALAPPDATA%\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\systemappdata\helium\user.dat.log2.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\appcache[1].man.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\tokenbroker\cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres.lockzer
%LOCALAPPDATA%\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\systemappdata\helium\userclasses.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_10[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.549981c3f5f10_8wekyb3d8bbwe\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.microsoftedge_8wekyb3d8bbwe\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\appdata\indexed db\edbres00001.jrs.lockzer
%LOCALAPPDATA%\microsoft\windows\winx\group3\10 - appsandfeatures.lnk.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_autogenerated_{bb044bfd-25b7-2faa-22a8-6371a93e0456}.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windows_mediaplayer32.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_office_outlook_exe_16.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_autogenerated_{bd3f924e-55fb-a1ba-9de6-b50f9f2460ac}.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_msinfo32_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_people_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_autogenerated_{c1c6f8ac-40a3-0f5c-146f-65a9dc70bbb4}.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\ac\tokenbroker\cache\e71e1300703d5395820e448840a760f0dd25ad50.tbres.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_11[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_mspaint_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{6d809377-6af0-444b-8957-a3773f02200e}_windows nt_accessories_wordpad_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkksklync_corefiles__e[jg))gz@]wuy^5sa=v.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_autogenerated_{c804bba7-fa5f-cbf7-8b55-2096e5f972cb}.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_22[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_steam_steam_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windows_photos_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskonenotefiles_cvfb13ea!_]fwd8+f)le.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_12[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_screensketch_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_23[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_narrator_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{6d809377-6af0-444b-8957-a3773f02200e}_winrar_rar_txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}_odbcad32_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_skydrive_desktop.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_13[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskosmadminux_6gwy9+-=2=_rw2htvkpt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windows_remotedesktop.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}_windowspowershell_v1_0_powershell_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{6d809377-6af0-444b-8957-a3773f02200e}_winrar_whatsnew_txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_14[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windows_sechealthui_cw5n1h2txyewy!sechealthui.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskosmclientux_dk}lwy1$y8y(jfk(!d}t.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_notepad_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windows_shell_rundialog.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_skypeapp_kzf8qxf38zg5c!app.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_odbcad32_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{6d809377-6af0-444b-8957-a3773f02200e}_winrar_winrar_chm.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_xboxapp_8wekyb3d8bbwe!microsoft_xboxapp.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskpptfiles_x5hwz+5wj@!e-!bm4-,g.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_osk_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windowsalarms_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_printmanagement_msc.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windowscalculator_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windowscamera_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\microsoft\gamedvr\knowngamelist.bin.lockzer
%LOCALAPPDATA%\microsoft\media player\sync playlists\en-us\00018047\09_music_played_the_most.wpl.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_calendar.lockzer
%LOCALAPPDATA%\microsoft\internet explorer\brndlog.txt.lockzer
%LOCALAPPDATA%\microsoft\media player\sync playlists\en-us\00018047\10_all_music.wpl.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail.lockzer
%LOCALAPPDATA%\microsoft\internet explorer\cachestorage\edb.chk.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windowsfeedbackhub_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\microsoft\media player\sync playlists\en-us\00018047\12_all_video.wpl.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\bn.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windowsmaps_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\microsoft\windows\1033\structuredqueryschema.bin.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windowssoundrecorder_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windowsstore_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\ru.pak.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\9648808b6c63cd1aad97a7b68f84f35c95682143.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\97d99666d820694fe8e1184bc341fd3ff5c3b6d2.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\9deeff51b75006e683d382d3fcad88123cbc6a3c.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\9e24f2fbe436912f5fe46520277cc7d886375eb3.lockzer
%LOCALAPPDATA%\microsoft\windows\webcache\v01res00002.jrs.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\35082c01c397d803bb2c7c6f619e7df4b1e728da.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\38ff788a718c79ddc3d1e23eaa975517d9ba3bb0.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\39a3cb6b48053e1c5c33cf497e62ce93bfbe8160.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\39d80535a21e286b3c662765c5f09aceb927e77d.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\535362d505e47b0f250e84b8972968e16ef0b9b4.lockzer
%LOCALAPPDATA%\packages\microsoft.skypeapp_kzf8qxf38zg5c\localstate\diagoutputdir\skypeapp0.txt.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\54e0ba3f96a1c83fa5c93e20aefb40ca46674abf.lockzer
%LOCALAPPDATA%\packages\microsoft.skypeapp_kzf8qxf38zg5c\localstate\dtlskey.der.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\606b8f565718b076f7f0a603dea9a9b455a0a2be.lockzer
%LOCALAPPDATA%\packages\microsoft.skypeapp_kzf8qxf38zg5c\localstate\slimcore-aria-cache.data.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\656880559790fe4b926371cc3c026d9b3c516a2f.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\7943793ad6ef12ca229a1df7a721b44c210bbc82.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\82c47fa9f5f29d08908329a836215460fd85b37b.lockzer
%LOCALAPPDATA%\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\systemappdata\helium\userclasses.dat.log2.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133679008721437407.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678986116913057.txt.lockzer
%TEMP%\content\2252-2320-powershell.exe-12-51-31-960.dump.lockzer
%LOCALAPPDATA%\packages\windows.immersivecontrolpanel_cw5n1h2txyewy\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678986733179726.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.xboxapp_8wekyb3d8bbwe\settings\settings.dat.log1.lockzer
%TEMP%\content\2252-2320-powershell.exe-12-51-32-101.dump.lockzer
%TEMP%\content\1340-4232-powershell.exe-13-09-48-655.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\input_{64c6d362-453e-4f77-ac86-adaf4fc0bc55}\appsglobals.txt.lockzer
%TEMP%\content\2252-2320-powershell.exe-12-51-32-335.dump.lockzer
%TEMP%\content\3992-584-powershell.exe-13-10-27-432.dump.lockzer
%TEMP%\content\2548-3384-powershell.exe-13-09-40-806.dump.lockzer
%TEMP%\content\1340-4232-powershell.exe-13-09-48-729.dump.lockzer
%LOCALAPPDATA%\packages\microsoftwindows.client.cbs_cw5n1h2txyewy\settings\settings.dat.log1.lockzer
%TEMP%\content\2548-3384-powershell.exe-13-09-40-891.dump.lockzer
%TEMP%\content\1340-4232-powershell.exe-13-09-48-864.dump.lockzer
%TEMP%\content\1440-3684-powershell.exe-12-51-08-866.dump.lockzer
%TEMP%\content\5132-4432-powershell.exe-12-58-46-668.dump.lockzer
%LOCALAPPDATA%\packages\microsoftwindows.client.cbs_cw5n1h2txyewy\settings\settings.dat.log2.lockzer
%TEMP%\content\5132-4432-powershell.exe-12-58-46-784.dump.lockzer
%TEMP%\content\5132-4432-powershell.exe-12-58-47-007.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_24[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.bioenrollment_cw5n1h2txyewy\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}_windowspowershell_v1_0_powershell_ise_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\settings\settings.dat.log2.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_25[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{f38bf404-1d43-42f2-9305-67de0b28fc23}_regedit_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskpubprimary_p_kgq{7@%ajw%ma)u_&_.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_15[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{6d809377-6af0-444b-8957-a3773f02200e}_winrar_winrar_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_xboxgamingoverlay_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\apps_{57061e4e-1e16-4c61-b18c-11c132e74233}\0.0.filtertrie.intermediate.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_psr_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkksksetlanguagefiles_.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_yourphone_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_quickassist_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_16[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\apps_{57061e4e-1e16-4c61-b18c-11c132e74233}\apps.ft.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskwordfiles_%qyb3i=kw_h[gnv'^a,_.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_zunemusic_8wekyb3d8bbwe!microsoft_zunemusic.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_17[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_recoverydrive_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskwxpfiles_.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_services_msc.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_zunevideo_8wekyb3d8bbwe!microsoft_zunevideo.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_charmap_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_snippingtool_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_18[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\msedge.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_adobe_acrobat reader dc_reader_acrord32_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_wfs_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\operasoftware_operawebbrowser_1723426318.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_cleanmgr_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_wf_msc.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_microsoft office_office16_dcf_databasecompare_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_cmd_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\appdata\indexed db\edbres00002.jrs.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\windows_immersivecontrolpanel_cw5n1h2txyewy!microsoft_windows_immersivecontrolpanel.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_comexp_msc.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_microsoft office_office16_dcf_spreadsheetcompare_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskaccessfiles_n8f'ro}vg@{g8gc8rf-7.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_dfrgui_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskdcfdatabasecompare_w6f_&aw%l9xv1qaxc_[x.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\chrome_200_percent.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskdcfspreadsheetcompare_pnd-oez!q=wt&bhvvafh.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\ca.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windows_administrativetools.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windows_computer.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\a463ab67f04ca93850eef869c404c62674ab387d.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windows_controlpanel.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\sk.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_windows_explorer.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\a816a4917a437c2c50a1e80ffb8dcc9e921bf4f6.lockzer
%LOCALAPPDATA%\microsoft\windows\caches\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000024.db.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\a84443506d9551b8beb7bf9d3344d9f6008d7661.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\b6f3ce4c2ae7120330ba1b1d0708da88f53ffcdb.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\cs.pak.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\ba59279cc6cfd1073638f657233f1d59e22b0b47.lockzer
%LOCALAPPDATA%\microsoft\windows\winx\group1\1 - desktop.lnk.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\sl.pak.lockzer
%LOCALAPPDATA%\microsoft\windows\winx\group2\1 - run.lnk.lockzer
%LOCALAPPDATA%\packages\microsoft.skypeapp_kzf8qxf38zg5c\localstate\slimcore-aria-cache.data-shm.lockzer
%LOCALAPPDATA%\packages\microsoft.aad.brokerplugin_cw5n1h2txyewy\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\microsoft\windows\winx\group2\2 - search.lnk.lockzer
%LOCALAPPDATA%\packages\microsoft.skypeapp_kzf8qxf38zg5c\localstate\slimcore-aria-cache.data-wal.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\mediadb.v1.sqlite.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\startupcache\scriptcache-child-current.bin.lockzer
%LOCALAPPDATA%\packages\microsoft.skypeapp_kzf8qxf38zg5c\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\mediadb.v1.sqlite-shm.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\settingscache.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678987880972005.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy\tempstate\tilecache_100_3_pngencoded_data.bin.lockzer
%TEMP%\content\2548-3384-powershell.exe-13-09-41-038.dump.lockzer
%TEMP%\content\3992-584-powershell.exe-13-10-25-036.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678989939868207.txt.lockzer
%TEMP%\content\3992-584-powershell.exe-13-10-25-315.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_autogenerated_{d9ac705f-2d61-6969-a9c9-b8ec52f7b9c9}.lockzer
%TEMP%\content\3992-584-powershell.exe-13-10-25-404.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy\tempstate\tilecache_100_3_pngencoded_header.bin.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\input_{64c6d362-453e-4f77-ac86-adaf4fc0bc55}\appssynonyms.txt.lockzer
%TEMP%\content\3992-584-powershell.exe-13-10-25-553.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678992605195845.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_autogenerated_{daa168de-4306-c8bc-8c11-b596240bdded}.lockzer
%TEMP%\content\3992-584-powershell.exe-13-10-25-659.dump.lockzer
%TEMP%\content\5132-4432-powershell.exe-12-58-47-286.dump.lockzer
%TEMP%\content\5132-4432-powershell.exe-12-58-48-159.dump.lockzer
%TEMP%\content\5320-2284-powershell.exe-13-10-25-360.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_bingweather_8wekyb3d8bbwe!app.lockzer
%TEMP%\content\5320-2284-powershell.exe-13-10-25-436.dump.lockzer
%TEMP%\content\5320-2284-powershell.exe-13-10-25-574.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.xboxidentityprovider_8wekyb3d8bbwe\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_19[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_gethelp_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\packages\microsoftwindows.undockeddevkit_cw5n1h2txyewy\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_getstarted_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_internetexplorer_default.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_windowspowershell_v1_0_powershell_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_20[1].txt.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\startupcache\scriptcache-child.bin.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\sr.pak.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\be13857faf251cca8c4ae07311778b6623ef86dc.lockzer
%LOCALAPPDATA%\microsoft\windows\notifications\wpndatabase.db-shm.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\sv.pak.lockzer
%LOCALAPPDATA%\microsoft\windows\notifications\wpndatabase.db-wal.lockzer
%LOCALAPPDATA%\microsoft\internet explorer\cachestorage\edbres00001.jrs.lockzer
%TEMP%\content\5320-2284-powershell.exe-13-10-25-669.dump.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\c240554ac07403cdfb5eab709d9c0ad576560153.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\cda62003b1b987a64f1fac75d1484dbff94f08fb.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\default_apps\docs.crx.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cache2\entries\d395239c6c600503c9cef2d913be946b55976a23.lockzer
%LOCALAPPDATA%\packages\microsoft.desktopappinstaller_8wekyb3d8bbwe\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\microsoft\windows\explorer\explorerstartuplog.etl.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\default_apps\drive.crx.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\hi.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_microsoft3dviewer_8wekyb3d8bbwe!microsoft_microsoft3dviewer.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_iscsicpl_exe.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\default_apps\external_extensions.json.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_windowspowershell_v1_0_powershell_ise_exe.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\sw.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\default_apps\gmail.crx.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{6d809377-6af0-444b-8957-a3773f02200e}_common files_microsoft shared_ink_mip_exe.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\default_apps\search.crx.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\hr.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\default_apps\youtube.crx.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{6d809377-6af0-444b-8957-a3773f02200e}_java_jre1_8_0_77_bin_javacpl_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_microsoft office_office16_excel_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_microsoftofficehub_8wekyb3d8bbwe!microsoft_microsoftofficehub.lockzer
%TEMP%\content\1440-3684-powershell.exe-12-51-08-976.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_magnify_exe.lockzer
%TEMP%\content\3992-584-powershell.exe-13-10-27-322.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_microsoftsolitairecollection_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_microsoft office_office16_lync_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_mdsched_exe.lockzer
%TEMP%\content\1440-3684-powershell.exe-12-51-09-210.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_microsoftstickynotes_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_microsoft office_office16_msaccess_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkkskexcelfiles__%8gickcv9oi`kw$=[u[.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}_msconfig_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_mixedreality_portal_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_microsoft office_office16_msoev_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\zn=bv5!!!!!!!!!mkksklync_corefiles_pwruq7^c^ap,f'm!t7ym.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_mspaint_8wekyb3d8bbwe!microsoft_mspaint.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_microsoft office_office16_msotd_exe.lockzer
%TEMP%\content\5320-2284-powershell.exe-13-10-25-821.dump.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\da.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\nacl64.exe.lockzer
%TEMP%\content\5320-2284-powershell.exe-13-10-26-200.dump.lockzer
%LOCALAPPDATA%\microsoft\windows\powershell\startupprofiledata-noninteractive.lockzer
%TEMP%\content\5320-2284-powershell.exe-13-10-26-336.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.windowsalarms_8wekyb3d8bbwe\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_26[1].txt.lockzer
%TEMP%\content\5776-5936-powershell.exe-12-58-39-958.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\input_{64c6d362-453e-4f77-ac86-adaf4fc0bc55}\settingsconversions.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\input_{64c6d362-453e-4f77-ac86-adaf4fc0bc55}\settingsglobals.txt.lockzer
%LOCALAPPDATA%\microsoft\internet explorer\cachestorage\edbres00002.jrs.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_27[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\input_{64c6d362-453e-4f77-ac86-adaf4fc0bc55}\settingssynonyms.txt.lockzer
%LOCALAPPDATA%\microsoft\windows\usrclass.dat{ffd6d954-5846-11ef-bc95-08002786c62e}.tm.blf.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678993617257337.txt.lockzer
%TEMP%\content\5776-5936-powershell.exe-12-58-40-260.dump.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.shellexperiencehost_cw5n1h2txyewy\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_office_onenote_8wekyb3d8bbwe!microsoft_onenoteim.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\de.pak.lockzer
%TEMP%\content\5776-5936-powershell.exe-12-58-40-647.dump.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\hu.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\apps_{57061e4e-1e16-4c61-b18c-11c132e74233}\apps.index.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\apps_{e1d25c92-9e2f-468f-b31e-8ea94f6c0fac}\0.0.filtertrie.intermediate.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\apps_{e1d25c92-9e2f-468f-b31e-8ea94f6c0fac}\apps.ft.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678994176510543.txt.lockzer
%LOCALAPPDATA%\microsoft\windows\explorer\explorerstartuplog_runonce.etl.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678994514315348.txt.lockzer
%LOCALAPPDATA%\microsoft\internet explorer\domainsuggestions\en-us.1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_28[1].txt.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\id.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_29[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windowscamera_8wekyb3d8bbwe\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678997188779717.txt.lockzer
%LOCALAPPDATA%\microsoft\windows\usrclass.dat{ffd6d954-5846-11ef-bc95-08002786c62e}.tmcontainer00000000000000000001.regtrans-ms.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_2[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\localstate\hxcommalwaysonlog.etl.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678998364928099.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\settings_{b8923a2c-9ca7-4024-b14f-30794afe5664}\0.0.filtertrie.intermediate.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_3[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_4[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\settings_{b8923a2c-9ca7-4024-b14f-30794afe5664}\settings.ft.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\mediadb.v1.sqlite-wal.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\el.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\delegate_execute.exe.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\it.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\ta.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\en-gb.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678998646131207.txt.lockzer
%LOCALAPPDATA%\microsoft\windows\usrclass.dat{ffd6d954-5846-11ef-bc95-08002786c62e}.tmcontainer00000000000000000002.regtrans-ms.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_5[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678999296595607.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678999588120541.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_6[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_7[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_8[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosapptracing_startedinbgmode.etl.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\ac\appcache\dfgt9a84\1\c__windows_systemapps_microsoft.windows.search_cw5n1h2txyewy_cache_desktop_9[1].txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_microsoft office_office16_mspub_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_microsoft office_office16_ocpubmgr_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_microsoft office_office16_onenote_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_microsoft office_office16_powerpnt_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}_microsoft office_office16_winword_exe.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\te.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\ja.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\appdata\cachestorage\cachestorage.jfm.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\appdata\indexed db\edb.chk.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\en-us.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133679000033359704.txt.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\es-419.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133679000600569277.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133679000729483910.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\appdata\indexed db\indexeddb.jfm.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\308046b0af4a39cb.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\34tl`i`z5(n32&(jf{)!readerprogramfiles_fwdk6qbnd93&(s^fji40.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\th.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\kn.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\es.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133679004887860863.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133679006410337295.txt.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\apps_{e1d25c92-9e2f-468f-b31e-8ea94f6c0fac}\apps.index.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\chrome_75p34jt5mtmxb4uorldk27pj4u.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\c__users_user_appdata_roaming_telegram desktop_telegram_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\c__users_user_appdata_roaming_telegram desktop_unins000_exe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\d78bf5dd33499ec2.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\tr.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\settings_{b8923a2c-9ca7-4024-b14f-30794afe5664}\settings.index.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\ko.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\settings_{c962daa5-3c13-4c53-b573-e2ac874a52a3}\0.0.filtertrie.intermediate.txt.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\et.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\lt.pak.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\startupcache\scriptcache-current.bin.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\uk.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\lv.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\http___java_com_.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\settings_{c962daa5-3c13-4c53-b573-e2ac874a52a3}\settings.ft.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\http___java_com_help.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\http___support_steampowered_com_.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_549981c3f5f10_8wekyb3d8bbwe!app.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\startupcache\scriptcache.bin.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\nacl_irt_x86_32.nexe.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_autogenerated_{8aa47365-b2b3-1961-69eb-f866e376b12f}.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_autogenerated_{8abd94fb-e7d6-84a6-a997-c918edde0ae5}.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\appiconcache\100\microsoft_autogenerated_{923dd477-5846-686b-a659-0fccd73851a8}.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\input_{64c6d362-453e-4f77-ac86-adaf4fc0bc55}\appsconversions.txt.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\fa.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\vi.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\fi.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\ml.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\fil.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\zh-cn.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\zh-tw.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\mr.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\constraintindex\settings_{c962daa5-3c13-4c53-b573-e2ac874a52a3}\settings.index.lockzer
%LOCALAPPDATA%\packages\microsoft.windows.search_cw5n1h2txyewy\localstate\devicesearchcache\appcache133678985908530147.txt.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\ms.pak.lockzer
%LOCALAPPDATA%\packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\localstate\hxstore.hxd.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\nb.pak.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\startupcache\startupcache.8.little.lockzer
%LOCALAPPDATA%\packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\locales\nl.pak.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\startupcache\urlcache-current.bin.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\startupcache\urlcache.bin.lockzer
%LOCALAPPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\startupcache\webext.sc.lz4.lockzer
%LOCALAPPDATA%\packages\microsoft.windowsstore_8wekyb3d8bbwe\settings\settings.dat.log1.lockzer
%LOCALAPPDATA%\comms\unistoredb\store.vol.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\nacl_irt_x86_64.nexe.lockzer
%LOCALAPPDATA%\comms\unistoredb\uss.jcp.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\natives_blob.bin.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\pepperflash\manifest.json.lockzer
%LOCALAPPDATA%\comms\unistoredb\uss.jtx.lockzer
%LOCALAPPDATA%\thunderbird\profiles\gbmwccb6.default-release\startupcache\startupcache.8.little.lockzer
%LOCALAPPDATA%\thunderbird\profiles\gbmwccb6.default-release\startupcache\webext.sc.lz4.lockzer
<SYSTEM32>\compmgmt.msc.lockzer
<SYSTEM32>\diskmgmt.msc.lockzer
%LOCALAPPDATA%\comms\unistoredb\ussres00001.jrs.lockzer
%LOCALAPPDATA%\comms\unistoredb\ussres00002.jrs.lockzer
%LOCALAPPDATA%\comms\unistoredb\usstmp.jtx.lockzer
%LOCALAPPDATA%\connecteddevicesplatform\cdpglobalsettings.cdp.lockzer
%LOCALAPPDATA%\connecteddevicesplatform\l.user\activitiescache.db-shm.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\chrome_100_percent.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\resources.pak.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\snapshot_blob.bin.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\installer\chrome.7z.lockzer
%LOCALAPPDATA%\google\chrome\application\47.0.2526.106\installer\setup.exe.lockzer
%LOCALAPPDATA%\microsoft\windows\caches\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000002.db.lockzer
%HOMEPATH%\ntuser.dat{53b39e88-18c4-11ea-a811-000d3aa4692b}.tm.blf.lockzer
%HOMEPATH%\ntuser.dat{53b39e88-18c4-11ea-a811-000d3aa4692b}.tmcontainer00000000000000000001.regtrans-ms.lockzer
%HOMEPATH%\ntuser.dat{53b39e88-18c4-11ea-a811-000d3aa4692b}.tmcontainer00000000000000000002.regtrans-ms.lockzer
%LOCALAPPDATA%low\oracle\java\jre1.8.0_77_x64\jre1.8.0_77.msi.lockzer

Deletes following files that it created itself

%TEMP%\content\1340-4232-powershell.exe-13-09-48-655.dump
%TEMP%\content\2548-3384-powershell.exe-13-09-40-806.dump
%TEMP%\content\1340-4232-powershell.exe-13-09-48-729.dump
%TEMP%\content\2548-3384-powershell.exe-13-09-40-891.dump
%TEMP%\content\1340-4232-powershell.exe-13-09-48-864.dump
%TEMP%\content\3992-584-powershell.exe-13-10-27-432.dump
%LOCALAPPDATA%\microsoft\windows\caches\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000024.db.lockzer
%TEMP%\content\2548-3384-powershell.exe-13-09-41-038.dump
%TEMP%\content\3992-584-powershell.exe-13-10-25-036.dump
%TEMP%\content\3992-584-powershell.exe-13-10-25-315.dump
%TEMP%\content\3992-584-powershell.exe-13-10-25-404.dump
%TEMP%\content\3992-584-powershell.exe-13-10-25-553.dump
%TEMP%\content\3992-584-powershell.exe-13-10-25-659.dump
%TEMP%\content\5320-2284-powershell.exe-13-10-25-360.dump
%TEMP%\content\5320-2284-powershell.exe-13-10-25-436.dump
%TEMP%\content\5320-2284-powershell.exe-13-10-25-574.dump
%TEMP%\content\5320-2284-powershell.exe-13-10-25-669.dump
%TEMP%\content\5320-2284-powershell.exe-13-10-25-821.dump
%TEMP%\content\3992-584-powershell.exe-13-10-27-322.dump
%TEMP%\content\5320-2284-powershell.exe-13-10-26-200.dump
%TEMP%\content\5320-2284-powershell.exe-13-10-26-336.dump
%TEMP%\wallpaper_913125.jpg

Modifies the following files

%APPDATA%\microsoft\windows\themes\transcodedwallpaper

Changes user data files extensions (Trojan.Encoder).

Network activity

Connects to

'di##ord.com':443
'el#########rostata-4606ea.netlify.app':443

TCP

HTTP GET requests

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6d##############

Other

'di##ord.com':443
'el#########rostata-4606ea.netlify.app':443

UDP

DNS ASK di##ord.com
DNS ASK el#########rostata-4606ea.netlify.app

Miscellaneous

Searches for the following windows

ClassName: 'Registry Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
ClassName: '18467-41' WindowName: ''

Executes the following

'<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -Command "Add-Type -AssemblyName System.Speech; $speak = New-Object System.Speech.Synthesis.SpeechSynthesizer; $speak.Rate = 0; $speak.Volume = 100; $speak.Speak('Attention!...
'<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -ExecutionPolicy Bypass -Command "$date = Get-Date '2015-07-29 00:00:00'; $file = Get-Item '<Full path to file>' -Force; $file.CreationTime = $date; $file.LastWriteTime = $d...
'<SYSTEM32>\taskkill.exe' /F /IM MsMpEng.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM NisSrv.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM SecurityHealthService.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM avgnt.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM avguard.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM avgcsrvx.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM avgsvc.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM kavtray.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM avp.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM ekrn.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM egui.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM bdagent.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM vsserv.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM mcshield.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM shstat.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM avastui.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM avastsvc.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM aswidsagent.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM sophoshealth.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM savservice.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM tmbmsrv.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM pccntmon.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM wrsa.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM mbamservice.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM mbam.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM veeam.backup.service.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM veeamdeploymentsvc.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM BackupExecVSSProvider.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM BackupExecAgentBrowser.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM BackupExecJobEngine.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM AcronisCyberProtect.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM mms.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM synctime.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM sqlservr.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM mysqld.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM oracle.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM postgres.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM mongod.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM MSExchangeMailboxAssistants.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM MSExchangeTransport.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM outlook.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM thunderbird.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM procmon.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM procexp.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM tcpview.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM autoruns.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM wireshark.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM processhacker.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM ollydbg.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM x64dbg.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM ida.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\taskkill.exe' /F /IM ida64.exe /T >nul 2>&1' (with hidden window)
'<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -Command "Add-Type -AssemblyName System.Speech; $speak = New-Object System.Speech.Synthesis.SpeechSynthesizer; $speak.Rate = 0; $speak.Volume = 100; $speak.Speak('Attention!...' (with hidden window)
'<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -ExecutionPolicy Bypass -Command "$date = Get-Date '2015-07-29 00:00:00'; $file = Get-Item '<Full path to file>' -Force; $file.CreationTime = $date; $file.LastWriteTime = $d...' (with hidden window)

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement

Free trial