- C:\Windows\System32\tzres.dll
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Program Files (x86)
- C:\Users\user\AppData\Local\Temp\wininet.dll
- C:\Windows\System32\wininet.dll
-
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7.exe
- C:\Users\user\AppData\Local\Temp
- C:\Users\user\AppData\Local
- C:\Users\user\AppData
- C:\Users\user
- C:\Users
- C:\
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202.exe
- C:\u
- C:\us
- C:\use
- C:\user
- C:\Users\
- C:\Users\u
- C:\Users\us
- C:\Users\use
- C:\Users\user\
- C:\Users\user\a
- C:\Users\user\ap
- C:\Users\user\app
- C:\Users\user\appd
- C:\Users\user\appda
- C:\Users\user\appdat
- C:\Users\user\AppData\
- C:\Users\user\AppData\l
- C:\Users\user\AppData\lo
- C:\Users\user\AppData\loc
- C:\Users\user\AppData\loca
- C:\Users\user\AppData\Local\
- C:\Users\user\AppData\Local\t
- C:\Users\user\AppData\Local\te
- C:\Users\user\AppData\Local\tem
- C:\Users\user\AppData\Local\Temp\
- C:\Users\user\AppData\Local\Temp\0
- C:\Users\user\AppData\Local\Temp\05
- C:\Users\user\AppData\Local\Temp\053
- C:\Users\user\AppData\Local\Temp\0537
- C:\Users\user\AppData\Local\Temp\0537f
- C:\Users\user\AppData\Local\Temp\0537f9
- C:\Users\user\AppData\Local\Temp\0537f97
- C:\Users\user\AppData\Local\Temp\0537f974
- C:\Users\user\AppData\Local\Temp\0537f9741
- C:\Users\user\AppData\Local\Temp\0537f9741e
- C:\Users\user\AppData\Local\Temp\0537f9741ea
- C:\Users\user\AppData\Local\Temp\0537f9741eae
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb1
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb18
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e9
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e967
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e9671
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719f
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f8
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f869
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f8691
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f869126
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f8691261
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_32
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_320
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202.ex
- C:\Program Files (x86)\Qwertyuio
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202a.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202a
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202a.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202a.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202b.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202b
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202b.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202b.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202c.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202c
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202c.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202c.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202d.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202d
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202d.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202d.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202e.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202e.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202e.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202f.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202f
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202f.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202f.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202g.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202g
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202g.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202g.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202h.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202h
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202h.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202h.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202i.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202i
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202i.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202i.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202j.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202j
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202j.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202j.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202k.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202k
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202k.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202k.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202l.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202l
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202l.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202l.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202m.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202m
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202m.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202m.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202n.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202n
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202n.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202n.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202o.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202o
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202o.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202o.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202p.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202p
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202p.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202p.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202q.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202q
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202q.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202q.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202r.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202r
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202r.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202r.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202s.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202s
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202s.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202s.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202t.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202t
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202t.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202t.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202u.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202u
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202u.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202u.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202v.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202v
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202v.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202v.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202w.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202w
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202w.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202w.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202x.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202x
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202x.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202x.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202y.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202y
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202y.e
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202y.ex
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202z.exe
- Show More 182
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
-
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Qwertyuio\Trickler\Deleting
- Show More 4
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202a.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202b.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202c.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202d.exe
-
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202e.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202f.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202g.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202h.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202i.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202j.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202k.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202l.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202m.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202n.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202o.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202p.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202q.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202r.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202s.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202t.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202u.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202v.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202w.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202x.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202y.exe
- Show More 21
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- advapi32.dll.SetNamedSecurityInfoA
- advapi32.dll.GetNamedSecurityInfoA
- ntmarta.dll.GetMartaExtensionInterface
-
- wininet.dll.InternetGetConnectedState
- wininet.dll.InternetErrorDlg
- wininet.dll.InternetAttemptConnect
- wininet.dll.InternetQueryOptionA
- wininet.dll.InternetOpenA
- wininet.dll.InternetConnectA
- wininet.dll.InternetCloseHandle
- wininet.dll.InternetReadFile
- wininet.dll.InternetOpenUrlA
- wininet.dll.InternetSetStatusCallback
- wininet.dll.InternetSetOptionA
- wininet.dll.InternetGetLastResponseInfoA
- wininet.dll.HttpOpenRequestA
- wininet.dll.HttpSendRequestA
- wininet.dll.HttpQueryInfoA
- wininet.dll.InternetCanonicalizeUrlA
- wininet.dll.InternetCombineUrlA
- wininet.dll.InternetCrackUrlA
- wininet.dll.HttpAddRequestHeadersA
- Show More 19
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
-
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
- HKEY_LOCAL_MACHINE\Software
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
- HKEY_LOCAL_MACHINE\software\QwertTest
- HKEY_LOCAL_MACHINE\software\QwertTest\Qwertyui
- HKEY_LOCAL_MACHINE\software\Qwertyuio\Trickler
- HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets
- HKEY_LOCAL_MACHINE\software\Qwertyuio
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Qwertyuio\Trickler\AppPath
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Qwertyuio\Trickler\OldTrickler
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Qwertyuio\Trickler\Deleting
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Qwertyuio\Trickler
- HKEY_LOCAL_MACHINE\software\Qwertyuio\Qwert\stat\GMT\Settings
- HKEY_LOCAL_MACHINE\software\Qwertyuio\CMEII
- HKEY_LOCAL_MACHINE\software\Qwertyuio\Date Manager
- Show More 25
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202a.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202b.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202c.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202d.exe
-
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202e.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202f.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202g.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202h.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202i.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202j.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202k.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202l.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202m.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202n.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202o.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202p.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202q.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202r.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202s.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202t.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202u.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202v.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202w.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202x.exe
- c:\users\user\appdata\local\temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202y.exe
- Show More 21
- C:\Windows\System32\tzres.dll
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202a.exe
-
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202b.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202c.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202d.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202e.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202f.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202g.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202h.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202i.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202j.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202k.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202l.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202m.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202n.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202o.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202p.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202q.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202r.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202s.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202t.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202u.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202v.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202w.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202x.exe
- C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202y.exe
- Show More 24
- HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler
- HKEY_LOCAL_MACHINE\software\Qwertyuio\Trickler
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Qwertyuio\Trickler\AppPath