General Info Watch the FULL Interactive Analysis at ANY.RUN!

File name

gats.png

Verdict
Malicious activity
Analysis date
1/10/2019, 17:38:35
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
lokibot
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5

f116adcd3cddfa5a4091adb96538fd2c

SHA1

325a33097ddbbb61c54a385a852841aaa7efe34b

SHA256

8240be1a0c6933c9f34458fa83dfacc4d11db26c306230829e49e91632787b90

SSDEEP

6144:oM0fJO8vOwriLcAbjE3wk8UJJI30as+EsBEynfrzn9CJM+RJ8yacO4/ed1HrS:D6XrccICwkHJh+xBEyCXxapd1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
on
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was injected by another process
  • dwm.exe (PID: 1968)
  • explorer.exe (PID: 2028)
  • windanr.exe (PID: 2188)
Detected artifacts of LokiBot
  • gats.png.exe (PID: 2956)
Connects to CnC server
  • gats.png.exe (PID: 2956)
LOKIBOT was detected
  • gats.png.exe (PID: 2956)
Runs injected code in another process
  • gats.png.exe (PID: 2956)
Actions looks like stealing of personal data
  • gats.png.exe (PID: 2956)
Application launched itself
  • gats.png.exe (PID: 3056)
Creates files in the user directory
  • gats.png.exe (PID: 2956)
Loads DLL from Mozilla Firefox
  • gats.png.exe (PID: 2956)
Executable content was dropped or overwritten
  • gats.png.exe (PID: 2956)
Dropped object may contain Bitcoin addresses
  • gats.png.exe (PID: 2956)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win64 Executable (generic) (61.6%)
.dll
|   Win32 Dynamic Link Library (generic) (14.6%)
.exe
|   Win32 Executable (generic) (10%)
.exe
|   Win16/32 Executable Delphi generic (4.6%)
.exe
|   Generic Win/DOS Executable (4.4%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
1977:04:05 21:38:19+01:00
PEType:
PE32
LinkerVersion:
8
CodeSize:
66048
InitializedDataSize:
320000
UninitializedDataSize:
null
EntryPoint:
0x6400a
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
13.3.14.4
ProductVersionNumber:
13.3.14.4
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
ojonuyiguxekisisatinuk
CompanyName:
Pall Corp
FileDescription:
Directory Listing handler
FileVersion:
13.3.14.4
InternalName:
12345.exe
LegalCopyright:
Copyright © 2018 Pall Corp
OriginalFileName:
12345.exe
ProductName:
Directory Listing handler
ProductVersion:
13.3.14.4
AssemblyVersion:
0.0.0.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
05-Apr-1977 20:38:19
Comments:
ojonuyiguxekisisatinuk
CompanyName:
Pall Corp
FileDescription:
Directory Listing handler
FileVersion:
13.3.14.4
InternalName:
12345.exe
LegalCopyright:
Copyright © 2018 Pall Corp
OriginalFilename:
12345.exe
ProductName:
Directory Listing handler
ProductVersion:
13.3.14.4
Assembly Version:
0.0.0.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000080
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
05-Apr-1977 20:38:19
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
\x04\x12]_\x1c8R\x07\xd0\xd6\x04 0x00002000 0x0004D6D0 0x0004D800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.99944
.text 0x00050000 0x0000FEB0 0x00010000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.64387
.rsrc 0x00060000 0x00000608 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 3.50348
.reloc 0x00062000 0x0000000C 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 0.0980042
0x00064000 0x00000010 0x00000200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 0.13873
Resources
1

Imports
    mscoree.dll

Exports

    No exports.

Screenshots

Processes

Total processes
31
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

+
start inject inject inject gats.png.exe no specs #LOKIBOT gats.png.exe dwm.exe explorer.exe windanr.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1968
CMD
"C:\Windows\system32\Dwm.exe"
Path
C:\Windows\System32\dwm.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Desktop Window Manager
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\dwm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dwmredir.dll
c:\windows\system32\dwmcore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d10_1.dll
c:\windows\system32\d3d10_1core.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\version.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
2028
CMD
C:\Windows\Explorer.EXE
Path
C:\Windows\explorer.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sndvolsso.dll
c:\windows\system32\hid.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\atl.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shacct.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\authui.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gameux.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\wer.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\version.dll
c:\windows\system32\msi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\psapi.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\es.dll
c:\windows\system32\prnfldr.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dxp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\syncreg.dll
c:\windows\ehome\ehsso.dll
c:\windows\system32\netshell.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\alttab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\pnidui.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wwanapi.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\qagent.dll
c:\windows\system32\srchadmin.dll
c:\windows\system32\sxs.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\synccenter.dll
c:\windows\system32\actioncenter.dll
c:\windows\system32\imapi2.dll
c:\windows\system32\hgcpl.dll
c:\windows\system32\provsvc.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\fxsst.dll
c:\windows\system32\fxsapi.dll
c:\windows\system32\fxsresm.dll
c:\windows\system32\wscinterop.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\wscui.cpl
c:\windows\system32\werconcpl.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wercplsupport.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\hcproviders.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\thumbcache.dll
c:\users\admin\appdata\local\temp\gats.png.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
2188
CMD
"windanr.exe"
Path
C:\Windows\system32\windanr.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\windanr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winanr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winsanr.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll

PID
3056
CMD
"C:\Users\admin\AppData\Local\Temp\gats.png.exe"
Path
C:\Users\admin\AppData\Local\Temp\gats.png.exe
Indicators
No indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Pall Corp
Description
Directory Listing handler
Version
13.3.14.4
Modules
Image
c:\users\admin\appdata\local\temp\gats.png.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\bcrypt.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
2956
CMD
"C:\Users\admin\AppData\Local\Temp\gats.png.exe"
Path
C:\Users\admin\AppData\Local\Temp\gats.png.exe
Indicators
Parent process
gats.png.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Pall Corp
Description
Directory Listing handler
Version
13.3.14.4
Modules
Image
c:\users\admin\appdata\local\temp\gats.png.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\vaultcli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\browcli.dll

Registry activity

Total events
1470
Read events
36
Write events
1434
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
APPSTARTING
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
ARROW
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
CROSS
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
HAND
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
HELP
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
IBEAM
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
NO
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
SIZEALL
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
SIZENESW
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
SIZENS
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
SIZENWSE
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
SIZEWE
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
UPARROW
%SystemRoot%\cursors\clearcur.cur
2188
windanr.exe
write
HKEY_CURRENT_USER\Control Panel\Cursors
WAIT
%SystemRoot%\cursors\clearcur.cur
3056
gats.png.exe
write
HKEY_CURRENT_USER
-boot
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
2
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
GlobalUserOffline
0
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_0
98384074
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_0
4800
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_0
17001001
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_0
0
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_1
681144860
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_1
1768783559
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_1
1752043080
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_1
1768776801
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_2
2866767540
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_2
3537555743
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_2
3554255595
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_2
3537553602
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_3
3689326621
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_3
1011360571
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_3
1028343562
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_3
1011363107
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_4
541317966
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_4
2780137936
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_4
2763455405
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_4
2780139908
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_5
3037790508
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_5
253944416
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_5
237084620
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_5
253949413
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_6
2123842337
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_6
2022723182
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_6
2039689327
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_6
2022726214
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_7
2671013523
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_7
3791493135
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_7
3774796942
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_7
3791503015
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_8
3086213197
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_8
1265305283
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_8
1248348449
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_8
1265312520
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_9
1608807099
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_9
3034097515
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_9
3051089216
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_9
3034089321
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_10
1405913346
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_10
507897128
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_10
524714467
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_10
507898826
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_11
2752498659
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_11
2276673820
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_11
2259696130
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_11
2276675627
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_12
1652932051
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_12
4045450362
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_12
4028882597
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_12
4045452428
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_13
1768193131
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_13
1519258930
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_13
1535996612
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_13
1519261933
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_14
870390174
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_14
3288033470
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_14
3271038823
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_14
3288038734
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_15
666907376
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_15
761850220
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_15
745245574
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_15
761848239
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_16
1673488766
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_16
2530631039
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_16
2547330105
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_16
2530625040
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_17
1725114730
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_17
4437265
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_17
21020760
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_17
4434545
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_18
2176509526
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_18
1773207904
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_18
1756521723
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_18
1773211346
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_19
3383241547
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_19
3541985897
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_19
3525122330
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_19
3541988147
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_20
4167049181
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_20
1015794654
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_20
1032371645
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_20
1015797652
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_21
1987899081
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_21
2784568238
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_21
2767868380
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_21
2784574453
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_22
2541328867
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_22
258389438
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_22
241551999
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_22
258383958
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_23
2075722870
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_23
2027167506
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_23
2044161694
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_23
2027160759
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_24
1348385501
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_24
3795929873
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_24
3812754225
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_24
3795937560
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_25
3962024906
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_25
1269748814
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_25
1252894544
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_25
1269747065
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_26
2812023707
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_26
3038521117
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_26
3021954035
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_26
3038523866
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_27
944120202
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_27
512328598
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_27
529202194
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_27
512333371
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_28
2720980524
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_28
2281107387
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_28
2264240309
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_28
2281110172
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_29
771690308
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_29
4049895331
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_29
4033295572
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_29
4049886973
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_30
1319358366
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_30
1523703268
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_30
1540532599
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_30
1523696478
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_31
1279393226
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_31
3292478504
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_31
3309063574
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_31
3292473279
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_32
1957008984
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_32
766289198
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_32
749725193
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_32
766282784
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_33
1283629368
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_33
2535058461
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_33
2518325928
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_33
2535059585
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_34
3363392133
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_34
8866256
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_34
25444043
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_34
8869090
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_35
921979391
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_35
1777639752
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_35
1761071978
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_35
1777645891
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_36
396531924
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_36
3546430652
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_36
3529602957
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_36
3546422692
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_37
470014143
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_37
1020236065
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_37
1036838956
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_37
1020232197
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_38
3325415944
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_38
2789015090
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_38
2805959759
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_38
2789008998
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_39
902844607
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_39
262824905
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_39
245965038
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_39
262818503
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_40
1533974644
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_40
2031597980
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_40
2014627073
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_40
2031595304
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_41
3290454359
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_41
3800370857
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_41
3817240992
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_41
3800372105
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_42
1867795488
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_42
1274177808
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_42
1257315779
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_42
1274181610
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_43
815855349
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_43
3042953279
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_43
3025974882
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_43
3042958411
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_44
1707435538
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_44
516772857
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_44
533604997
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_44
516767916
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_45
3242648249
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_45
2285551347
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_45
2302267172
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_45
2285544717
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_46
3773255892
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_46
4054324565
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_46
4037763911
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_46
4054321518
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_47
864861717
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_47
1528135571
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_47
1511393254
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_47
1528131023
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_48
172483134
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_48
3296905678
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_48
3313612825
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_48
3296907824
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_49
3971935460
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_49
770714453
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_49
754146488
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_49
770717329
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_50
2698067599
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_50
2539488104
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_50
2522804443
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_50
2539494130
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_51
277947686
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_51
13296488
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_51
29988218
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_51
13303635
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_52
472494973
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_52
1782085830
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_52
1799031197
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_52
1782080436
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_53
855609519
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_53
3550862951
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_53
3534135868
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_53
3550857237
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_54
1398409163
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_54
1024667831
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_54
1007699551
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_54
1024666742
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_55
4079149698
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_55
2793442885
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_55
2810444542
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_55
2793443543
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_56
1965996166
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_56
267250904
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_56
250519313
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_56
267253048
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_57
2388369191
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_57
2036026908
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_57
2019046320
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_57
2036029849
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_58
3313094575
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_58
3804799848
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_58
3821787091
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_58
3804806650
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_59
1590162566
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_59
1278622015
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_59
1295337586
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_59
1278616155
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_60
2700296450
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_60
3047395641
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_60
3030445205
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_60
3047392956
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_61
1354041806
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_61
521205862
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_61
504594740
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_61
521202461
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_62
2635334080
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_62
2289981086
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_62
2306680151
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_62
2289979262
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_63
2213277029
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_63
4058747591
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_63
4041791990
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_63
4058756063
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_64
2503497214
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_64
1532559435
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_64
1515876969
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_64
1532565568
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_65
1522774928
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_65
3301334457
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_65
3318027912
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_65
3301342369
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_66
3295364355
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_66
775156847
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_66
791710507
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_66
775151874
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_67
3048679182
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_67
2543935308
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_67
2527211338
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_67
2543928675
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_68
780006112
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_68
17741242
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_68
902125
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_68
17738180
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_69
1257685147
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_69
1786515998
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_69
1803510796
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_69
1786514981
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_70
1811070264
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_70
3555288372
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_70
3538557103
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_70
3555291782
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_71
427779803
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_71
1029108763
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_71
1012251854
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_71
1029101287
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_72
4079021556
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_72
2797870722
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_72
2814857569
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_72
2797878088
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_73
3657743378
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_73
271681182
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_73
288552320
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_73
271687593
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_74
1274345121
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_74
2040470517
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_74
2023517731
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_74
2040464394
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_75
84748245
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_75
3809244070
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_75
3792634434
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_75
3809241195
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_76
3362979445
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_76
1283053404
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_76
1299883749
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_76
1283050700
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_77
4292476563
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_77
3051825995
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_77
3034864388
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_77
3051827501
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_78
717151280
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_78
525633973
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_78
509083559
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_78
525637006
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_79
1576001105
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_79
2294408563
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_79
2311230406
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_79
2294413807
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_80
3020519918
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_80
4063185365
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_80
4079760505
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_80
4063190608
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_81
1893610207
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_81
1537004102
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_81
1520412824
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_81
1537000113
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_82
845464959
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_82
3305781632
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_82
3288943931
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_82
3305776914
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_83
3228067307
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_83
779590732
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_83
796189018
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_83
779586419
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_84
3638724874
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_84
2548365404
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_84
2531755517
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_84
2548363220
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_85
3099134607
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_85
22168039
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_85
5324316
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_85
22172725
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_86
1436448552
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_86
1790947091
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_86
1807536831
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_86
1790949526
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_87
2252828220
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_87
3559734935
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_87
3576592094
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_87
3559726327
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_88
2326220518
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_88
1033542186
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_88
1016720241
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_88
1033535832
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_89
2736434183
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_89
2802317698
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_89
2785316752
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_89
2802312633
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_90
937076644
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_90
276127342
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_90
292954163
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_90
276122138
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_91
285574690
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_91
2044861397
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_91
2028061778
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_91
2044898939
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_92
1388699925
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_92
3813673931
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_92
3797121269
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_92
3813675740
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_93
3421810819
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_93
1287482565
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_93
1304304916
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_93
1287485245
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_94
2542225668
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_94
3056258266
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_94
3072962999
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_94
3056262046
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_95
3228352624
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_95
530065131
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_95
513496534
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_95
530071551
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_96
3030674910
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_96
2298853537
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_96
2282147401
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_96
2298848352
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_97
4198490764
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_97
4067627087
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_97
4084228840
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_97
4067625153
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_98
766718186
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_98
1541435843
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_98
1524827915
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_98
1541434658
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_99
2415427120
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_99
3310208115
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_99
3293494186
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_99
3310211459
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_100
1510958030
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_100
784015773
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_100
800612301
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_100
784020964
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_101
1638778111
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_101
2552791276
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_101
2569793644
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_101
2552797765
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_102
3801642967
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_102
26601688
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_102
9868431
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_102
26607270
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_103
3098979001
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_103
1795390183
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_103
1778387246
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_103
1795384071
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_104
2151243319
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_104
3564168916
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_104
3581128001
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_104
3564160872
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_105
1014096503
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_105
1037973256
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_105
1021133280
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_105
1037970377
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_106
728062100
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_106
2806746728
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_106
2789800451
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_106
2806747178
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_107
98731478
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_107
280554624
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_107
297508514
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_107
280556683
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_108
3335784022
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_108
2049330317
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_108
2066035397
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_108
2049333484
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_109
2096329203
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_109
3818103567
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_109
3801143140
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_109
3818110285
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_110
4150713873
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_110
1291925657
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_110
1275218823
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_110
1291919790
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_111
3030439723
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_111
3060703125
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_111
3077434406
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_111
3060696591
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_112
1297060877
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_112
534507828
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_112
517505113
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_112
534506096
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_113
3232674133
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_113
2303285352
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_113
2286560504
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_113
2303282897
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_114
3788292462
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_114
4072057657
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_114
4088781083
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_114
4072059698
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_115
3312699430
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_115
1545865513
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_115
1562869178
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_115
1545869203
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_116
738770250
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_116
3314639380
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_116
3297907165
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_116
3314646004
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_117
1946845675
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_117
788462702
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_117
805145212
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_117
788455509
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_118
1944897149
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_118
2557239134
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_118
2574200479
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_118
2557232310
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_119
22607789
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_119
31044542
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_119
14336830
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_119
31041815
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_120
3921007315
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_120
1799821036
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_120
1782867793
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_120
1799818616
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_121
1435266502
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_121
3568594763
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_121
3585547248
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_121
3568595417
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_122
3660648580
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_122
1042399679
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_122
1059240979
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_122
1042404922
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_123
3780406705
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_123
2811178722
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_123
2794213554
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_123
2811181723
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_124
3779161397
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_124
284984007
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_124
301987029
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_124
284991228
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_125
2555651299
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_125
2053774166
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_125
2070505844
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_125
2053768029
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_126
1329052164
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_126
3822549144
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_126
3805547927
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_126
3822544830
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_127
2806285217
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_127
1296358298
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_127
1279764022
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_127
1296354335
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_128
192677155
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_128
3065129370
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_128
3081853609
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_128
3065131136
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_129
1116009167
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_129
538937503
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_129
555548360
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_129
538940641
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_130
1924606501
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_130
2307712112
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_130
2291110763
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_130
2307717442
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_131
2928359325
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_131
4076488243
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_131
4093196170
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_131
4076494243
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_132
2514652725
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_132
1550311390
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_132
1566877741
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_132
1550303748
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_133
756357612
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_133
3319083915
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_133
3302378572
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_133
3319080549
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_134
791963819
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_134
792892935
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_134
776069359
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_134
792890054
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_135
444489334
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_135
2561667509
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_135
2578220302
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_135
2561666855
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_136
2707081943
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_136
35484212
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_136
52312481
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_136
35476360
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_137
1684733527
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_137
1804250066
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_137
1787420096
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_137
1804253161
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_138
1828667888
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_138
3573026591
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_138
3590026851
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_138
3573029962
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_139
260062634
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_139
1046844259
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_139
1063709314
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_139
1046839467
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_140
1646046642
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_140
2815622849
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_140
2798751525
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_140
2815616268
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_141
3782873311
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_141
289428216
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_141
272835396
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_141
289425773
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_142
2539056507
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_142
2058205626
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_142
2075052007
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_142
2058202574
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_143
803937322
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_143
3826976607
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_143
3843586054
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_143
3826979375
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_144
3100480765
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_144
1300787066
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_144
1284185273
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_144
1300788880
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_145
3837143885
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_145
3069562487
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_145
3086397656
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_145
3069565681
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_146
1339938439
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_146
543371031
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_146
559961467
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_146
543375186
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_147
1736817667
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_147
2312143597
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_147
2295581082
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_147
2312151987
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_148
411354794
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_148
4080931887
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_148
4064109117
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_148
4080928788
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_149
2885789131
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_149
1554739569
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_149
1571292764
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_149
1554738293
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_150
3267935518
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_150
3323514257
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_150
3340483327
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_150
3323515094
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_151
4177254234
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_151
797319261
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_151
780492574
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_151
797324599
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_152
2998708050
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_152
2566095803
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_152
2582705073
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_152
2566101400
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_153
4081136967
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_153
39904695
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_153
56858576
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_153
39910905
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_154
3447030568
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_154
1808679729
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_154
1791821939
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_154
1808687706
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_155
2949703879
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_155
3577470704
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_155
3560483986
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_155
3577464507
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_156
1811934370
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_156
1051278398
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_156
1068122421
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_156
1051274012
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_157
2088518595
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_157
2820052637
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_157
2836784468
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_157
2820050813
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_158
3700523882
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_158
293851599
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_158
276863479
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_158
293860318
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_159
1067947137
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_159
2062631879
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_159
2079470102
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_159
2062637119
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_160
3090719006
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_160
3831406066
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_160
3848132233
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_160
3831413920
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_161
2750482111
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_161
1305229939
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_161
1288653608
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_161
1305223425
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_162
1102171356
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_162
3074005411
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_162
3057315659
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_162
3074000226
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_163
1683130493
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_163
547812029
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_163
564495338
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_163
547809731
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_164
3161718938
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_164
2316587110
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_164
2333549581
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_164
2316586532
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_165
2700580769
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_165
4085362244
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_165
4068661420
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_165
4085363333
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_166
2381307736
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_166
1559169575
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_166
1575779535
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_166
1559172838
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_167
2941267506
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_167
3327946247
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_167
3344896366
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_167
3327949639
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_168
735778582
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_168
801753062
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_168
785036673
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_168
801759144
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_169
1770125908
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_169
2570542743
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_169
2553556512
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_169
2570535945
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_170
240409251
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_170
44347977
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_170
61325891
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_170
44345450
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_171
4267528451
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_171
1813125049
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_171
1829856994
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_171
1813122251
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_172
3446095506
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_172
3581896908
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_172
3564903173
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_172
3581899052
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_173
1142000183
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_173
1055705526
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_173
1072676772
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_173
1055708557
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_174
1404137674
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_174
2824478836
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_174
2841203655
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_174
2824485358
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_175
2091120636
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_175
298290258
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_175
281343078
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_175
298294863
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_176
3558669816
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_176
2067078844
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_176
2050386073
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_176
2067071664
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_177
2781140142
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_177
3835851452
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_177
3852537144
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_177
3835848465
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_178
36996556
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_178
1309659749
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_178
1326227803
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_178
1309657970
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_179
3511119977
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_179
3078436950
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_179
3061728762
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_179
3078434771
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_180
865861130
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_180
552241830
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_180
568983069
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_180
552244276
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_181
1367838952
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_181
2321015761
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_181
2337575612
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_181
2321021077
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_182
244927178
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_182
4089790850
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_182
4073076447
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_182
4089797878
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_183
3798814510
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_183
1563613783
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_183
1546759038
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_183
1563607383
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_184
4115032582
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_184
3332389052
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_184
3349368721
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_184
3332384184
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_185
3881885735
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_185
806195593
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_185
823058480
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_185
806193689
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_186
3408079300
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_186
2574971579
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_186
2558100563
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_186
2574970490
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_187
3104907109
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_187
48778043
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_187
65747186
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_187
48779995
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_188
912024970
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_188
1817554098
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_188
1834409237
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_188
1817556796
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_189
3687445988
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_189
3586327633
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_189
3569381812
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_189
3586333597
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_190
3644724803
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_190
1060135961
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_190
1043535319
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_190
1060143102
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_191
100313569
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_191
2828925123
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_191
2845740662
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_191
2828919903
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_192
223678751
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_192
302732364
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_192
319300329
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_192
302729408
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_193
868505422
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_193
2071508409
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_193
2054932232
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_193
2071506209
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_194
2766626620
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_194
3840280071
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_194
3857021867
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_194
3840283010
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_195
1717877341
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_195
1314090885
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_195
1330651082
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_195
1314092515
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_196
343445754
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_196
3082863622
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_196
3066277997
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_196
3082869316
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_197
3323402779
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_197
556671588
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_197
539841676
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_197
556678821
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_198
2721989077
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_198
2325459069
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_198
2342045999
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_198
2325455622
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_199
865579985
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_199
4094240268
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_199
4111101262
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_199
4094232423
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_200
1470767341
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_200
1568043350
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_200
1551172065
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_200
1568041928
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_201
465583704
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_201
3336815696
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_201
3353393664
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_201
3336818729
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_202
752554292
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_202
810626410
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_202
827481763
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_202
810628234
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_203
3267154261
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_203
2579399888
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_203
2562585282
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_203
2579405035
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_204
2958987025
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_204
53208391
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_204
36214629
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_204
53214540
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_205
3125087333
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a2_205
1821997539
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a3_205
1838812036
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a4_205
1821991341
2956
gats.png.exe
write
HKEY_CURRENT_USER\Software\Tvidl
a1_206
1780013579
2956
gats.png.exe