General Info

File name

gats.png

Full analysis
https://app.any.run/tasks/c8848081-fdc5-41ec-9639-ba75d7bb060a
Verdict
Malicious activity
Analysis date
1/10/2019, 17:38:35
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

trojan

lokibot

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5

f116adcd3cddfa5a4091adb96538fd2c

SHA1

325a33097ddbbb61c54a385a852841aaa7efe34b

SHA256

8240be1a0c6933c9f34458fa83dfacc4d11db26c306230829e49e91632787b90

SSDEEP

6144:oM0fJO8vOwriLcAbjE3wk8UJJI30as+EsBEynfrzn9CJM+RJ8yacO4/ed1HrS:D6XrccICwkHJh+xBEyCXxapd1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
on
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Detected artifacts of LokiBot
  • gats.png.exe (PID: 2956)
Application was injected by another process
  • windanr.exe (PID: 2188)
  • explorer.exe (PID: 2028)
  • dwm.exe (PID: 1968)
LOKIBOT was detected
  • gats.png.exe (PID: 2956)
Connects to CnC server
  • gats.png.exe (PID: 2956)
Runs injected code in another process
  • gats.png.exe (PID: 2956)
Actions looks like stealing of personal data
  • gats.png.exe (PID: 2956)
Executable content was dropped or overwritten
  • gats.png.exe (PID: 2956)
Creates files in the user directory
  • gats.png.exe (PID: 2956)
Application launched itself
  • gats.png.exe (PID: 3056)
Loads DLL from Mozilla Firefox
  • gats.png.exe (PID: 2956)
Dropped object may contain Bitcoin addresses
  • gats.png.exe (PID: 2956)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win64 Executable (generic) (61.6%)
.dll
|   Win32 Dynamic Link Library (generic) (14.6%)
.exe
|   Win32 Executable (generic) (10%)
.exe
|   Win16/32 Executable Delphi generic (4.6%)
.exe
|   Generic Win/DOS Executable (4.4%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
1977:04:05 21:38:19+01:00
PEType:
PE32
LinkerVersion:
8
CodeSize:
66048
InitializedDataSize:
320000
UninitializedDataSize:
null
EntryPoint:
0x6400a
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
13.3.14.4
ProductVersionNumber:
13.3.14.4
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
ojonuyiguxekisisatinuk
CompanyName:
Pall Corp
FileDescription:
Directory Listing handler
FileVersion:
13.3.14.4
InternalName:
12345.exe
LegalCopyright:
Copyright © 2018 Pall Corp
OriginalFileName:
12345.exe
ProductName:
Directory Listing handler
ProductVersion:
13.3.14.4
AssemblyVersion:
0.0.0.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
05-Apr-1977 20:38:19
Comments:
ojonuyiguxekisisatinuk
CompanyName:
Pall Corp
FileDescription:
Directory Listing handler
FileVersion:
13.3.14.4
InternalName:
12345.exe
LegalCopyright:
Copyright © 2018 Pall Corp
OriginalFilename:
12345.exe
ProductName:
Directory Listing handler
ProductVersion:
13.3.14.4
Assembly Version:
0.0.0.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000080
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
05-Apr-1977 20:38:19
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
\x04\x12]_\x1c8R\x07\xd0\xd6\x04 0x00002000 0x0004D6D0 0x0004D800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.99944
.text 0x00050000 0x0000FEB0 0x00010000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.64387
.rsrc 0x00060000 0x00000608 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 3.50348
.reloc 0x00062000 0x0000000C 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 0.0980042
0x00064000 0x00000010 0x00000200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 0.13873
Resources
1

Imports
    mscoree.dll

Exports

    No exports.

Screenshots

Processes

Total processes
31
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

+
start inject inject inject gats.png.exe no specs #LOKIBOT gats.png.exe dwm.exe explorer.exe windanr.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1968
CMD
"C:\Windows\system32\Dwm.exe"
Path
C:\Windows\System32\dwm.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Desktop Window Manager
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\dwm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dwmredir.dll
c:\windows\system32\dwmcore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d10_1.dll
c:\windows\system32\d3d10_1core.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\version.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
2028
CMD
C:\Windows\Explorer.EXE
Path
C:\Windows\explorer.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sndvolsso.dll
c:\windows\system32\hid.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\atl.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shacct.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\authui.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gameux.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\wer.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\version.dll
c:\windows\system32\msi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\psapi.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\es.dll
c:\windows\system32\prnfldr.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dxp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\syncreg.dll
c:\windows\ehome\ehsso.dll
c:\windows\system32\netshell.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\alttab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\pnidui.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wwanapi.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\qagent.dll
c:\windows\system32\srchadmin.dll
c:\windows\system32\sxs.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\synccenter.dll
c:\windows\system32\actioncenter.dll
c:\windows\system32\imapi2.dll
c:\windows\system32\hgcpl.dll
c:\windows\system32\provsvc.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\fxsst.dll
c:\windows\system32\fxsapi.dll
c:\windows\system32\fxsresm.dll
c:\windows\system32\wscinterop.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\wscui.cpl
c:\windows\system32\werconcpl.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wercplsupport.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\hcproviders.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\thumbcache.dll
c:\users\admin\appdata\local\temp\gats.png.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
2188
CMD
"windanr.exe"
Path
C:\Windows\system32\windanr.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\windanr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winanr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winsanr.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll

PID
3056
CMD
"C:\Users\admin\AppData\Local\Temp\gats.png.exe"
Path
C:\Users\admin\AppData\Local\Temp\gats.png.exe
Indicators
No indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Pall Corp
Description
Directory Listing handler
Version
13.3.14.4
Modules
Image
c:\users\admin\appdata\local\temp\gats.png.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\bcrypt.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
2956
CMD
"C:\Users\admin\AppData\Local\Temp\gats.png.exe"
Path
C:\Users\admin\AppData\Local\Temp\gats.png.exe
Indicators
Parent process
gats.png.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Pall Corp
Description
Directory Listing handler
Version
13.3.14.4
Modules
Image
c:\users\admin\appdata\local\temp\gats.png.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\vaultcli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\browcli.dll

Registry activity

Total events
1470
Read events
36
Write events
1434
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
APPSTARTING
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
ARROW
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
CROSS
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
HAND
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
HELP
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
IBEAM
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
NO
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
SIZEALL
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
SIZENESW
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
SIZENS
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
SIZENWSE
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
SIZEWE
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
UPARROW
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
WAIT
%SystemRoot%\cursors\clearcur.cur
3056
gats.png.exe
write
HKEY_CURRENT_USER
-boot
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
2
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
GlobalUserOffline
0
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_0
98384074
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_0
4800
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_0
17001001
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_0
0
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_1
681144860
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_1
1768783559
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_1
1752043080
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_1
1768776801
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_2
2866767540
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_2
3537555743
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_2
3554255595
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_2
3537553602
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_3
3689326621
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_3
1011360571
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_3
1028343562
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_3
1011363107
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_4
541317966
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_4
2780137936
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_4
2763455405
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_4
2780139908
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_5
3037790508
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_5
253944416
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_5
237084620
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_5
253949413
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_6
2123842337
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_6
2022723182
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_6
2039689327
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_6
2022726214
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_7
2671013523
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_7
3791493135
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_7
3774796942
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_7
3791503015
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_8
3086213197
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_8
1265305283
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_8
1248348449
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_8
1265312520
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_9
1608807099
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_9
3034097515
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_9
3051089216
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_9
3034089321
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_10
1405913346
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_10
507897128
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_10
524714467
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_10
507898826
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_11
2752498659
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_11
2276673820
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_11
2259696130
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_11
2276675627
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_12
1652932051
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_12
4045450362
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_12
4028882597
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_12
4045452428
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_13
1768193131
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_13
1519258930
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_13
1535996612
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_13
1519261933
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_14
870390174
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_14
3288033470
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_14
3271038823
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_14
3288038734
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_15
666907376
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_15
761850220
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_15
745245574
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_15
761848239
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_16
1673488766
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_16
2530631039
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_16
2547330105
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_16
2530625040
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_17
1725114730
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_17
4437265
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_17
21020760
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_17
4434545
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_18
2176509526
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_18
1773207904
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_18
1756521723
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_18
1773211346
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_19
3383241547
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_19
3541985897
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_19
3525122330
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_19
3541988147
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_20
4167049181
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_20
1015794654
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_20
1032371645
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_20
1015797652
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_21
1987899081
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_21
2784568238
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_21
2767868380
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_21
2784574453
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_22
2541328867
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_22
258389438
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_22
241551999
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_22
258383958
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_23
2075722870
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_23
2027167506
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_23
2044161694
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_23
2027160759
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_24
1348385501
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_24
3795929873
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_24
3812754225
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_24
3795937560
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_25
3962024906
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_25
1269748814
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_25
1252894544
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_25
1269747065
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_26
2812023707
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_26
3038521117
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_26
3021954035
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_26
3038523866
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_27
944120202
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_27
512328598
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_27
529202194
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_27
512333371
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_28
2720980524
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_28
2281107387
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_28
2264240309
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_28
2281110172
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_29
771690308
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_29
4049895331
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_29
4033295572
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_29
4049886973
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_30
1319358366
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_30
1523703268
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_30
1540532599
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_30
1523696478
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_31
1279393226
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_31
3292478504
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_31
3309063574
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_31
3292473279
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_32
1957008984
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_32
766289198
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_32
749725193
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_32
766282784
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_33
1283629368
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_33
2535058461
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_33
2518325928
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_33
2535059585
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_34
3363392133
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_34
8866256
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_34
25444043
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_34
8869090
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_35
921979391
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_35
1777639752
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_35
1761071978
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_35
1777645891
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_36
396531924
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_36
3546430652
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_36
3529602957
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_36
3546422692
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_37
470014143
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_37
1020236065
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_37
1036838956
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_37
1020232197
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_38
3325415944
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_38
2789015090
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_38
2805959759
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_38
2789008998
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_39
902844607
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_39
262824905
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_39
245965038
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_39
262818503
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_40
1533974644
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_40
2031597980
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_40
2014627073
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_40
2031595304
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_41
3290454359
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_41
3800370857
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_41
3817240992
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_41
3800372105
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_42
1867795488
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_42
1274177808
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_42
1257315779
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_42
1274181610
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_43
815855349
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_43
3042953279
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_43
3025974882
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_43
3042958411
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_44
1707435538
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_44
516772857
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_44
533604997
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_44
516767916
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_45
3242648249
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_45
2285551347
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_45
2302267172
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_45
2285544717
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_46
3773255892
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_46
4054324565
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_46
4037763911
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_46
4054321518
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_47
864861717
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_47
1528135571
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_47
1511393254
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_47
1528131023
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_48
172483134
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_48
3296905678
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_48
3313612825
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_48
3296907824
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_49
3971935460
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_49
770714453
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_49
754146488
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_49
770717329
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_50
2698067599
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_50
2539488104
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_50
2522804443
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_50
2539494130
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_51
277947686
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_51
13296488
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_51
29988218
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_51
13303635
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_52
472494973
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_52
1782085830
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_52
1799031197
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_52
1782080436
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_53
855609519
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_53
3550862951
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_53
3534135868
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_53
3550857237
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_54
1398409163
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_54
1024667831
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_54
1007699551
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_54
1024666742
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_55
4079149698
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_55
2793442885
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_55
2810444542
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_55
2793443543
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_56
1965996166
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_56
267250904
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_56
250519313
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_56
267253048
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_57
2388369191
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_57
2036026908
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_57
2019046320
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_57
2036029849
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_58
3313094575
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_58
3804799848
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_58
3821787091
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_58
3804806650
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_59
1590162566
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_59
1278622015
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_59
1295337586
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_59
1278616155
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_60
2700296450
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_60
3047395641
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_60
3030445205
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_60
3047392956
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_61
1354041806
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_61
521205862
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_61
504594740
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_61
521202461
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_62
2635334080
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_62
2289981086
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_62
2306680151
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_62
2289979262
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_63
2213277029
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_63
4058747591
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_63
4041791990
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_63
4058756063
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_64
2503497214
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_64
1532559435
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_64
1515876969
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_64
1532565568
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_65
1522774928
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_65
3301334457
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_65
3318027912
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_65
3301342369
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_66
3295364355
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_66
775156847
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_66
791710507
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_66
775151874
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_67
3048679182
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_67
2543935308
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_67
2527211338
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_67
2543928675
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_68
780006112
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_68
17741242
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_68
902125
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_68
17738180
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_69
1257685147
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_69
1786515998
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_69
1803510796
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_69
1786514981
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_70
1811070264
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_70
3555288372
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_70
3538557103
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_70
3555291782
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_71
427779803
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_71
1029108763
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_71
1012251854
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_71
1029101287
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_72
4079021556
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_72
2797870722
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_72
2814857569
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_72
2797878088
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_73
3657743378
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_73
271681182
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_73
288552320
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_73
271687593
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_74
1274345121
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_74
2040470517
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_74
2023517731
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_74
2040464394
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_75
84748245
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_75
3809244070
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_75
3792634434
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_75
3809241195
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_76
3362979445
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_76
1283053404
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_76
1299883749
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_76
1283050700
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_77
4292476563
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_77
3051825995
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_77
3034864388
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_77
3051827501
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_78
717151280
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_78
525633973
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_78
509083559
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_78
525637006
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_79
1576001105
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_79
2294408563
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_79
2311230406
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_79
2294413807
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_80
3020519918
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_80
4063185365
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_80
4079760505
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_80
4063190608
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_81
1893610207
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_81
1537004102
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_81
1520412824
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_81
1537000113
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_82
845464959
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_82
3305781632
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_82
3288943931
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_82
3305776914
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_83
3228067307
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_83
779590732
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_83
796189018
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_83
779586419
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_84
3638724874
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_84
2548365404
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_84
2531755517
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_84
2548363220
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_85
3099134607
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_85
22168039
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_85
5324316
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_85
22172725
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_86
1436448552
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_86
1790947091
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_86
1807536831
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_86
1790949526
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_87
2252828220
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_87
3559734935
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_87
3576592094
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_87
3559726327
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_88
2326220518
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_88
1033542186
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_88
1016720241
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_88
1033535832
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_89
2736434183
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_89
2802317698
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_89
2785316752
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_89
2802312633
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_90
937076644
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_90
276127342
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_90
292954163
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_90
276122138
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_91
285574690
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_91
2044861397
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_91
2028061778
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_91
2044898939
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_92
1388699925
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_92
3813673931
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_92
3797121269
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_92
3813675740
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_93
3421810819
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_93
1287482565
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_93
1304304916
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_93
1287485245
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_94
2542225668
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_94
3056258266
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_94
3072962999
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_94
3056262046
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_95
3228352624
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_95
530065131
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_95
513496534
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_95
530071551
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_96
3030674910
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_96
2298853537
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_96
2282147401
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_96
2298848352
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_97
4198490764
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_97
4067627087
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_97
4084228840
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_97
4067625153
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_98
766718186
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_98
1541435843
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_98
1524827915
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_98
1541434658
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_99
2415427120
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_99
3310208115
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_99
3293494186
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_99
3310211459
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_100
1510958030
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_100
784015773
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_100
800612301
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_100
784020964
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_101
1638778111
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_101
2552791276
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_101
2569793644
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_101
2552797765
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_102
3801642967
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_102
26601688
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_102
9868431
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_102
26607270
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_103
3098979001
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_103
1795390183
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_103
1778387246
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_103
1795384071
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_104
2151243319
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_104
3564168916
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_104
3581128001
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_104
3564160872
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_105
1014096503
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_105
1037973256
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_105
1021133280
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_105
1037970377
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_106
728062100
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_106
2806746728
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_106
2789800451
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_106
2806747178
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_107
98731478
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_107
280554624
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_107
297508514
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_107
280556683
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_108
3335784022
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_108
2049330317
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_108
2066035397
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_108
2049333484
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_109
2096329203
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_109
3818103567
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_109
3801143140
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_109
3818110285
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_110
4150713873
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_110
1291925657
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_110
1275218823
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_110
1291919790
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_111
3030439723
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_111
3060703125
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_111
3077434406
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_111
3060696591
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_112
1297060877
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_112
534507828
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_112
517505113
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_112
534506096
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_113
3232674133
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_113
2303285352
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_113
2286560504
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_113
2303282897
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_114
3788292462
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_114
4072057657
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_114
4088781083
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_114
4072059698
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_115
3312699430
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_115
1545865513
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_115
1562869178
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_115
1545869203
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_116
738770250
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_116
3314639380
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_116
3297907165
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_116
3314646004
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_117
1946845675
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_117
788462702
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_117
805145212
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_117
788455509
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_118
1944897149
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_118
2557239134
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_118
2574200479
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_118
2557232310
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_119
22607789
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_119
31044542
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_119
14336830
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_119
31041815
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_120
3921007315
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_120
1799821036
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_120
1782867793
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_120
1799818616
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_121
1435266502
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_121
3568594763
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_121
3585547248
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_121
3568595417
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_122
3660648580
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_122
1042399679
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_122
1059240979
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_122
1042404922
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_123
3780406705
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_123
2811178722
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_123
2794213554
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_123
2811181723
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_124
3779161397
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_124
284984007
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_124
301987029
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_124
284991228
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_125
2555651299
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_125
2053774166
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_125
2070505844
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_125
2053768029
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_126
1329052164
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_126
3822549144
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_126
3805547927
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_126
3822544830
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_127
2806285217
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_127
1296358298
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_127
1279764022
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_127
1296354335
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_128
192677155
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_128
3065129370
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_128
3081853609
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_128
3065131136
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_129
1116009167
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_129
538937503
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_129
555548360
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_129
538940641
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_130
1924606501
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_130
2307712112
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_130
2291110763
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_130
2307717442
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_131
2928359325
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_131
4076488243
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_131
4093196170
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_131
4076494243
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_132
2514652725
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_132
1550311390
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_132
1566877741
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_132
1550303748
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_133
756357612
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_133
3319083915
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_133
3302378572
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_133
3319080549
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_134
791963819
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_134
792892935
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_134
776069359
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_134
792890054
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_135
444489334
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_135
2561667509
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_135
2578220302
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_135
2561666855
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_136
2707081943
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_136
35484212
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_136
52312481
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_136
35476360
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_137
1684733527
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_137
1804250066
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_137
1787420096
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_137
1804253161
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_138
1828667888
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_138
3573026591
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_138
3590026851
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_138
3573029962
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_139
260062634
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_139
1046844259
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_139
1063709314
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_139
1046839467
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_140
1646046642
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_140
2815622849
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_140
2798751525
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_140
2815616268
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_141
3782873311
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_141
289428216
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_141
272835396
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_141
289425773
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_142
2539056507
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_142
2058205626
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_142
2075052007
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_142
2058202574
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_143
803937322
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_143
3826976607
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_143
3843586054
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_143
3826979375
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_144
3100480765
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_144
1300787066
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_144
1284185273
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_144
1300788880
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_145
3837143885
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_145
3069562487
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_145
3086397656
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_145
3069565681
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_146
1339938439
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_146
543371031
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_146
559961467
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_146
543375186
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_147
1736817667
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_147
2312143597
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_147
2295581082
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_147
2312151987
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_148
411354794
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_148
4080931887
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_148
4064109117
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_148
4080928788
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_149
2885789131
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_149
1554739569
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_149
1571292764
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_149
1554738293
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_150
3267935518
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_150
3323514257
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_150
3340483327
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_150
3323515094
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_151
4177254234
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_151
797319261
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_151
780492574
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_151
797324599
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_152
2998708050
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_152
2566095803
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_152
2582705073
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_152
2566101400
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_153
4081136967
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_153
39904695
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_153
56858576
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_153
39910905
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_154
3447030568
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_154
1808679729
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_154
1791821939
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_154
1808687706
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_155
2949703879
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_155
3577470704
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_155
3560483986
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_155
3577464507
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_156
1811934370
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_156
1051278398
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_156
1068122421
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_156
1051274012
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_157
2088518595
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_157
2820052637
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_157
2836784468
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_157
2820050813
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_158
3700523882
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_158
293851599
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_158
276863479
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_158
293860318
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_159
1067947137
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_159
2062631879
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_159
2079470102
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_159
2062637119
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_160
3090719006
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_160
3831406066
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_160
3848132233
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_160
3831413920
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_161
2750482111
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_161
1305229939
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_161
1288653608
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_161
1305223425
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_162
1102171356
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_162
3074005411
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_162
3057315659
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_162
3074000226
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_163
1683130493
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_163
547812029
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_163
564495338
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_163
547809731
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_164
3161718938
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_164
2316587110
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_164
2333549581
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_164
2316586532
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_165
2700580769
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_165
4085362244
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_165
4068661420
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_165
4085363333
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_166
2381307736
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_166
1559169575
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_166
1575779535
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_166
1559172838
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_167
2941267506
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_167
3327946247
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_167
3344896366
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_167
3327949639
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_168
735778582
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_168
801753062
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_168
785036673
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_168
801759144
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_169
1770125908
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_169
2570542743
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_169
2553556512
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_169
2570535945
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_170
240409251
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_170
44347977
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_170
61325891
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_170
44345450
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_171
4267528451
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_171
1813125049
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_171
1829856994
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_171
1813122251
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_172
3446095506
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_172
3581896908
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_172
3564903173
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_172
3581899052
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_173
1142000183
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_173
1055705526
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_173
1072676772
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_173
1055708557
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_174
1404137674
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_174
2824478836
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_174
2841203655
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_174
2824485358
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_175
2091120636
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_175
298290258
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_175
281343078
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_175
298294863
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_176
3558669816
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_176
2067078844
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_176
2050386073
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_176
2067071664
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_177
2781140142
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_177
3835851452
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_177
3852537144
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_177
3835848465
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_178
36996556
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_178
1309659749
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_178
1326227803
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_178
1309657970
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_179
3511119977
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_179
3078436950
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_179
3061728762
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_179
3078434771
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_180
865861130
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_180
552241830
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_180
568983069
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_180
552244276
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_181
1367838952
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_181
2321015761
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_181
2337575612
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_181
2321021077
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_182
244927178
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_182
4089790850
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_182
4073076447
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_182
4089797878
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_183
3798814510
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_183
1563613783
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_183
1546759038
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_183
1563607383
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_184
4115032582
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_184
3332389052
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_184
3349368721
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_184
3332384184
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_185
3881885735
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_185
806195593
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_185
823058480
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_185
806193689
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_186
3408079300
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_186
2574971579
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_186
2558100563
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_186
2574970490
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_187
3104907109
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_187
48778043
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_187
65747186
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_187
48779995
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_188
912024970
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_188
1817554098
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_188
1834409237
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_188
1817556796
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_189
3687445988
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_189
3586327633
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_189
3569381812
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_189
3586333597
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_190
3644724803
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_190
1060135961
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_190
1043535319
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_190
1060143102
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_191
100313569
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_191
2828925123
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_191
2845740662
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_191
2828919903
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_192
223678751
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_192
302732364
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_192
319300329
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_192
302729408
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_193
868505422
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_193
2071508409
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_193
2054932232
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_193
2071506209
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_194
2766626620
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_194
3840280071
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_194
3857021867
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_194
3840283010
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_195
1717877341
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_195
1314090885
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_195
1330651082
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_195
1314092515
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_196
343445754
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_196
3082863622
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_196
3066277997
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_196
3082869316
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_197
3323402779
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_197
556671588
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_197
539841676
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_197
556678821
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_198
2721989077
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_198
2325459069
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_198
2342045999
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_198
2325455622
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_199
865579985
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_199
4094240268
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_199
4111101262
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_199
4094232423
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_200
1470767341
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_200
1568043350
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_200
1551172065
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_200
1568041928
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_201
465583704
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_201
3336815696
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_201
3353393664
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_201
3336818729
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_202
752554292
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_202
810626410
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_202
827481763
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_202
810628234
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_203
3267154261
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_203
2579399888
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_203
2562585282
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_203
2579405035
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_204
2958987025
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_204
53208391
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_204
36214629
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_204
53214540
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_205
3125087333
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_205
1821997539
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_205
1838812036
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_205
1821991341
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_206
1780013579
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_206
3590771452
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_206
3607473191
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_206
3590768142
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_207
1443145898
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_207
1064582972
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_207
1048002630
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_207
1064577647
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_208
2956653991
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_208
2833356940
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_208
2850219257
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_208
2833354448
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_209
3310173071
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_209
307161362
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_209
323852568
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_209
307163953
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_210
3197241640
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_210
2075938418
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_210
2059353531
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_210
2075940754
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_211
4141645133
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_211
3844713590
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_211
3828011482
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_211
3844717555
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_212
265676778
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_212
1318518994
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_212
1335118461
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_212
1318527060
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_213
1601762817
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_213
3087311984
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_213
3104304796
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_213
3087303861
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_214
1213604264
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_214
561115382
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_214
544375615
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_214
561113366
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_215
854215077
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_215
2329892679
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_215
2346461022
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_215
2329890167
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_216
156171878
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_216
4098665207
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_216
4115651569
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_216
4098666968
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_217
3820957576
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_217
1572474669
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_217
1555659792
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_217
1572476473
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_218
3850222884
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_218
3341248343
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_218
3324252339
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_218
3341253274
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_219
3084064325
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_219
815057751
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_219
832025810
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_219
815062779
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_220
172590562
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_220
2583846174
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_220
2600544629
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_220
2583839580
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_221
2891676807
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_221
57653361
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_221
40684948
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_221
57649085
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_222
3875628131
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_222
1826428762
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_222
1843291703
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_222
1826425886
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_223
2849824837
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_223
3595202245
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_223
3611892310
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_223
3595202687
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_224
2007210846
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_224
1069009570
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_224
1052032713
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_224
1069012192
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_225
979592187
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_225
2837782992
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_225
2821084008
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_225
2837788993
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_226
1202107856
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_226
311591676
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_226
328333195
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_226
311598498
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_227
1199132605
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_227
2080381297
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_227
2097375274
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_227
2080375299
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_228
2621674669
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_228
3849155041
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_228
3832417357
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_228
3849152100
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_229
653918843
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_229
1322964744
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_229
1339662572
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_229
1322961605
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_230
699410414
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_230
3091739623
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_230
3108717839
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_230
3091738406
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_231
3264269629
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_231
565546822
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_231
548862382
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_231
565547911
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_232
2630462034
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_232
2334319497
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_232
2317458881
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_232
2334324712
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_233
1604942839
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_233
4103095362
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_233
4120065632
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_233
4103101513
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_234
2582886107
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_234
1576916726
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_234
1560193667
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_234
1576911018
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_235
1682637493
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_235
3345691278
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_235
3328724770
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_235
3345687819
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_236
1711582418
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_236
819499855
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_236
836494149
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_236
819497324
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_237
343254387
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_237
2588277320
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_237
2605090788
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_237
2588274125
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_238
3984759440
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_238
62080332
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_238
45103111
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_238
62083630
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_239
1855440090
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_239
1830856733
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_239
1814289574
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_239
1830860431
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_240
2748663608
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_240
3599631836
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_240
3616370905
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_240
3599637232
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_241
3775864559
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_241
1073439594
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_241
1056445816
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_241
1073446737
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_242
3640831244
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_242
2842214844
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_242
2825619867
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_242
2842223538
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_243
2550636207
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_243
316035096
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_243
332735034
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_243
316033043
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_244
3012502733
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_244
2084811474
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_244
2101397085
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_244
2084809844
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_245
4041165835
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_245
3853586031
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_245
3836902140
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_245
3853586645
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_246
2847718536
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_246
1327393271
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_246
1310531359
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_246
1327396150
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_247
164528429
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_247
3096170117
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_247
3112743870
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_247
3096172951
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_248
2826161713
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_248
569975235
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_248
553277393
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_248
569982456
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_249
3953684624
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_249
2338765453
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_249
2321926256
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_249
2338759257
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_250
1076636274
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_250
4107541960
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_250
4124535955
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_250
4107536058
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_251
2802333395
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_251
1581347600
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_251
1598161202
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_251
1581345563
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_252
1961167298
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_252
3350124188
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_252
3333268821
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_252
3350122364
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_253
3967540067
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_253
823928745
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_253
807361012
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_253
823931869
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_254
1621053824
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_254
2592706028
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_254
2609574423
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_254
2592708670
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_255
1566684449
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_255
66510942
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_255
49649334
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_255
66518175
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_256
2351399789
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_256
1835301098
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_256
1818692393
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_256
1835294976
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_257
734596575
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_257
3604078402
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_257
3620908872
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_257
3604071777
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_258
2581549950
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_258
1077873032
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_258
1094468587
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_258
1077881282
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_259
2211722128
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_259
2846659298
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_259
2830099466
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_259
2846658083
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_260
2177118014
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_260
320466338
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_260
303732909
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_260
320467588
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_261
315982014
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_261
2089254311
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_261
2105818316
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_261
2089244389
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_262
850885880
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_262
3858017475
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_262
3841446255
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_262
3858021190
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_263
362008601
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_263
1331825755
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_263
1315009934
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_263
1331830695
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_264
886819766
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_264
3100613810
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_264
3117215265
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_264
3100607496
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_265
2456276695
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_265
574420050
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_265
591364672
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_265
574417001
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_266
1335016963
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_266
2343202258
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_266
2326341347
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_266
2343193802
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_267
591500612
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_267
4111969209
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_267
4095007490
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_267
4111970603
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_268
3771773602
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_268
1585778469
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_268
1602650021
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_268
1585780108
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_269
2985178707
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_269
3354551179
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_269
3337688004
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_269
3354556909
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_270
3815337101
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_270
828360118
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_270
811381863
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_270
828366414
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_271
370340862
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_271
2597149757
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_271
2613979270
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_271
2597143215
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_272
3162176216
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_272
70958065
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_272
87674169
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_272
70952720
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_273
2650654671
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_273
1839730825
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_273
1823170904
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_273
1839729521
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_274
2579381530
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_274
3608507552
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_274
3591767547
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_274
3608506322
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_275
542999273
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_275
1082313391
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_275
1099021850
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_275
1082315827
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_276
1264271696
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_276
2851090136
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_276
2834518717
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_276
2851092628
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_277
2013064864
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_277
324894772
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_277
308213468
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_277
324902133
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_278
1079332072
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_278
2093686125
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_278
2110286719
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_278
2093678934
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_279
466355209
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_279
3862460812
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_279
3879407518
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_279
3862455735
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_280
2679656998
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_280
1336268102
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_280
1319542833
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_280
1336265240
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_281
4208525232
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_281
3105044988
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_281
3088073808
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_281
3105042041
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_282
1905708128
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_282
578848443
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_282
595851507
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_282
578851546
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_283
2018918021
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_283
2347622489
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_283
2330893586
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_283
2347628347
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_284
645501986
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_284
4116399965
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_284
4099420597
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_284
4116405148
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_285
905268532
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_285
1590208632
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_285
1607194068
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_285
1590214653
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_286
3338989696
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_286
3358994778
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_286
3375713911
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_286
3358991454
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_287
264596178
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_287
832804397
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_287
815850134
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_287
832800959
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_288
3145793675
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_288
2601579231
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_288
2584971017
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_288
2601577760
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_289
1947742971
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_289
75385640
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_289
92093352
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_289
75387265
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_290
1707715069
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_290
1844162162
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_290
1827200971
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_290
1844164066
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_291
2410567677
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_291
3612934449
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_291
3596251242
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_291
3612940867
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_292
3544452818
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_292
1086746086
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_292
1103434893
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_292
1086750372
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_293
2283623225
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_293
2855518713
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_293
2872084780
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_293
2855527173
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_294
3049202708
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_294
329344728
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_294
312618319
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_294
329336678
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_295
2229830558
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_295
2098077289
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_295
2081276398
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_295
2098113479
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_296
1125337234
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_296
3866888648
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_296
3883891201
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_296
3866890280
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_297
3905272631
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_297
1340698436
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_297
1323966112
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_297
1340699785
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_298
139316542
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_298
3109473046
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_298
3092624067
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_298
3109476586
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_299
183483534
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_299
583279830
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_299
600266594
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_299
583286091
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_300
3844781176
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_300
2352067699
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_300
2368916357
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_300
2352062892
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_301
1085687076
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_301
4120842673
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_301
4103892004
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_301
4120839693
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_302
496775380
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_302
1594652245
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_302
1578041415
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_302
1594649198
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_303
3910216866
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_303
3363434117
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_303
3380258022
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_303
3363425999
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_304
1870723982
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_304
837233569
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_304
820271385
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_304
837235504
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_305
2831207358
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_305
2606022303
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_305
2589457848
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_305
2606012305
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_306
2929707844
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_306
79817900
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_306
96637403
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_306
79821810
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_307
1354018797
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_307
1848605107
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_307
1865157242
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_307
1848598611
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_308
3651930890
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_308
3617378662
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_308
3600789149
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_308
3617375412
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_309
3582438524
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_309
1091189907
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_309
1074348860
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_309
1091184917
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_310
1180942664
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_310
2859976324
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_310
2876565343
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_310
2859961718
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_311
2301940609
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_311
333768118
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_311
317168638
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_311
333771223
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_312
724966278
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_312
2102555634
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_312
2085698577
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_312
2102548024
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_313
3438312743
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_313
3871318905
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_313
3887911088
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_313
3871324825
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_314
1472877380
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_314
1345128831
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_314
1361999059
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_314
1345134330
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_315
112210791
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_315
3113918887
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_315
3097094514
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_315
3113911131
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_316
2460495362
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_316
587722809
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_316
570723733
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_316
587720636
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_317
2617154209
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_317
2356541875
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_317
2373330484
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_317
2356497437
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_318
3204709824
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_318
4125266168
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_318
4108442199
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_318
4125274238
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_319
3767623521
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_319
1599082289
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_319
1582530294
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_319
1599083743
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_320
1293136126
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_320
3367857861
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_320
3384677225
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_320
3367860544
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_321
940142452
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_321
841667138
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_321
858371976
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_321
841670049
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_322
1534100668
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_322
2610452848
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_322
2593859627
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_322
2610446850
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_323
1026144892
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_323
84262387
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_323
67554378
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_323
84256355
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_324
1306772602
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_324
1853035475
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_324
1869635821
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_324
1853033156
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_325
2132118100
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_325
3621813084
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_325
3605202188
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_325
3621809957
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_326
402137167
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_326
1095616815
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_326
1078901167
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_326
1095619462
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_327
3131013465
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_327
2864394035
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_327
2880986574
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_327
2864396263
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_328
248339190
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_328
338198665
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_328
355202657
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_328
338205768
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_329
1019501921
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_329
2106989640
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_329
2090166912
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_329
2106982569
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_330
2550544560
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_330
3875763064
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_330
3858763555
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_330
3875759370
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_331
4292246709
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_331
1349570575
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_331
1366532930
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_331
1349568875
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_332
1624374533
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_332
3118347719
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_332
3101509605
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_332
3118345676
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_333
3208928147
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_333
592152575
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_333
575207428
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_333
592155181
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_334
3268683591
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_334
2360930158
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_334
2377882791
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_334
2360931982
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_335
553714773
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_335
4129703470
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_335
4146409670
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_335
4129708783
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_336
1949996165
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_336
1603511498
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_336
1586550137
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_336
1603518288
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_337
4262851448
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_337
3372299316
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_337
3355593112
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_337
3372295089
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_338
1684750764
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_338
846107626
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_338
862839355
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_338
846104594
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_339
1665015482
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_339
2614883920
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_339
2597881434
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_339
2614881395
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_340
204496740
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_340
88676382
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_340
71973629
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_340
88690900
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_341
62375046
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_341
1857465469
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_341
1874190108
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_341
1857467701
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_342
1664995368
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_342
3626239319
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_342
3643241407
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_342
3626244502
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_343
493139785
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_343
1100046796
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_343
1083316190
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_343
1100054007
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_344
3099937432
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_344
2868835805
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_344
2885519473
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_344
2868830808
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_345
2181703107
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_345
342643829
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_345
359607440
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_345
342640313
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_346
381503297
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_346
2111422057
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_346
2094711091
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_346
2111417114
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_347
2973061825
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_347
3880195081
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_347
3863242066
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_347
3880193915
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_348
1734879234
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_348
1353999778
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_348
1370954229
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_348
1354003420
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_349
3942146442
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_349
3122788751
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_349
3139613204
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_349
3122780221
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl\-227342143
1768776801
5500
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl\-227342143
-757413694
0
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl\-227342143
1011363107
0
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl\-227342143
-1514827388
30
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl\-227342143
253949413
59
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl\-227342143
2022726214
0200687474703A2F2F62736C776F666463646666642F312E67696600687474703A2F2F6E6E763166646673336767642F77702D636F6E74656E74
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl\-227342143
-503464281
9A1B8CB5E1B309F887FA0DC4F0D0279BF94F32E41FCA304EB7789BA2AEF853CCDDBB000F33BE774A6B8EA8AE6B93B597D8E6E50609E38889702ED56F2B5CF6D0535A2D078407F11BC2E092F8D4E575873953B4FB97CCC5EE41056E1DFDA8BFCE787B3D7C6FBE1416EF568D1717E97477A37388B219DB7D243298E5927DC85EBB858988394F805456887270D6D10FF889DA07B5CE518CA614B19E4FD6FA911C42D3F073CF6DF830B753DC76E747BD2AE82377D4022C595EBDCA07E50994D4E256C019E6C2AAC5373640CFC6064D5D10312C8F06696997683533A6D7DFC33DBA218FBB6F1A4A076C4EC722B0E822F13470C69BB370C13A7DEDF53D5862E1382CAA
2956
gats.png.exe
write
HKEY_CURRENT_USER\������В����������ќ��В����Л���В����я��
F63AAA
%APPDATA%\F63AAA\A71D80.exe

Files activity

Executable files
1
Suspicious files
0
Text files
1
Unknown types
2

Dropped files

PID
Process
Filename
Type
2956
gats.png.exe
C:\Users\admin\AppData\Roaming\F63AAA\A71D80.exe
executable
MD5: f116adcd3cddfa5a4091adb96538fd2c
SHA256: 8240be1a0c6933c9f34458fa83dfacc4d11db26c306230829e49e91632787b90
2956
gats.png.exe
C:\Users\admin\AppData\Local\Temp\waihth.exe
––
MD5:  ––
SHA256:  ––
2956
gats.png.exe
C:\Users\admin\AppData\Roaming\F63AAA\A71D80.lck
––
MD5:  ––
SHA256:  ––
2956
gats.png.exe
C:\Users\admin\AppData\Roaming\F63AAA\A71D80.hdb
text
MD5: 5302b1b5ec232d44e2d9507fb847fc49
SHA256: 20b58a25872b1e3f7d47dae0c090acf229c49b6e33939934513499cc37bb2684
2956
gats.png.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
dbf
MD5: 18b8cfc0185c50383aac0a4f30a9dac8
SHA256: 913e8ced6a447fe791954d382aba52d490513c5d2f689b391866c7e561f89a03
2956
gats.png.exe
C:\Users\admin\AppData\Local\Temp\wgdhoe.exe
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
6
TCP/UDP connections
6
DNS requests
1
Threats
31

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2956 gats.png.exe POST –– 185.126.200.167:80 http://myparthenon.com/minas/dura/minas.php IR
binary
––
––
malicious
2956 gats.png.exe POST –– 185.126.200.167:80 http://myparthenon.com/minas/dura/minas.php IR
binary
––
––
malicious
2956 gats.png.exe POST –– 185.126.200.167:80 http://myparthenon.com/minas/dura/minas.php IR
binary
––
––
malicious
2956 gats.png.exe POST –– 185.126.200.167:80 http://myparthenon.com/minas/dura/minas.php IR
binary
––
––
malicious
2956 gats.png.exe POST –– 185.126.200.167:80 http://myparthenon.com/minas/dura/minas.php IR
binary
––
––
malicious
2956 gats.png.exe POST –– 185.126.200.167:80 http://myparthenon.com/minas/dura/minas.php IR
binary
––
––
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2956 gats.png.exe 185.126.200.167:80 Tebyan-e-Noor Cultural-Artistic Institute IR suspicious

DNS requests

Domain IP Reputation
myparthenon.com 185.126.200.167
malicious

Threats

PID Process Class Message
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot User-Agent (Charon/Inferno)
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Checkin
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2
2956 gats.png.exe A Network Trojan was detected MALWARE [PTsecurity] Loki Bot Check-in M2
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot User-Agent (Charon/Inferno)
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Checkin
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2
2956 gats.png.exe A Network Trojan was detected MALWARE [PTsecurity] Loki Bot Check-in M2
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot User-Agent (Charon/Inferno)
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Checkin
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Request for C2 Commands Detected M1
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Request for C2 Commands Detected M2
2956 gats.png.exe A Network Trojan was detected MALWARE [PTsecurity] Loki Bot Check-in M2
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot User-Agent (Charon/Inferno)
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Checkin
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Fake 404 Response
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Request for C2 Commands Detected M1
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Request for C2 Commands Detected M2
2956 gats.png.exe A Network Trojan was detected MALWARE [PTsecurity] Loki Bot Check-in M2
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot User-Agent (Charon/Inferno)
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Checkin
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Request for C2 Commands Detected M1
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Request for C2 Commands Detected M2
2956 gats.png.exe A Network Trojan was detected MALWARE [PTsecurity] Loki Bot Check-in M2
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot User-Agent (Charon/Inferno)
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Checkin
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Request for C2 Commands Detected M1
2956 gats.png.exe A Network Trojan was detected ET TROJAN LokiBot Request for C2 Commands Detected M2
2956 gats.png.exe A Network Trojan was detected MALWARE [PTsecurity] Loki Bot Check-in M2

Debug output strings

No debug info.