Report #13925

(1)

Binary

DLL False

Size 5.35MB

trid 61.7% Win64 Executable

14.7% Win32 Dynamic Link Library 10.0% Win32 Executable

4.5% OS/2 Executable

4.4% Generic Win/DOS Executable

type PE

wordsize 64

Subsystem Windows CLI

Hashes

md5 bb0e954eea8d2c802488b2e01221752a

sha1 151af06362ab47e33112860b152c67e668e22582

crc32 0x460a025f

sha224 b51aed6f3c093b0e411a303bc1e2633db11cd32a39d3c0f40d3eb318 sha256 f57891fe23b8120e1371f1221ffb9f504b172f09f18bf2852f65e0ec500236bd

sha384 7e9b1c5bb707d2fced8abae8259311f6ee2b64b9214875beb4c989ffe8ebf9 495e77ea08255ad0a2305e3a69d7728a13

Creation Date: Aug. 3, 2022, 10:10 p.m.

Last Update: Aug. 3, 2022, 10:14 p.m.

File:

evader.exe Results:

(2)

YARA

Matches IP, ThreadControl__Context, CRC16_table, HasDebugData, CRC32_poly_Con stant, BASE64_table, HasRichSignature, RIPEMD160_Constants, CRC32_tabl e, network_dns, CRC32b_poly_Constant, IsPacked, Microsoft_Visual_Cpp_80 _DLL, antivm_vmware, contentis_base64, network_tcp_socket, Misc_Suspici ous_Strings, win_hook, win_mutex, keylogger, VirtualPC_Detection, maldoc_

find_kernel32_base_method_1, vmdetect, anti_dbg, antisb_threatExpert, wi n_files_operation, SHA512_Constants, network_tcp_listen, DebuggerHiding_

_Active, url, SHA1_Constants, android_meterpreter, win_registry, IsPE64, Is Console, network_dga, Advapi_Hash_API, MD5_Constants, System_Tools, Bi g_Numbers1

Suspicious True

Imports

GDI32.dll ExtCreatePen, MoveToEx, GetTextExtentPoint32W, GetTextMetricsW, LineTo, SetTextColor, DeleteDC, CreateDIBSection, CreateFontIndirectW, GetDevice Caps, SetBkColor, GetRgnBox, SetBkMode, SelectObject, SetRectRgn, Creat eCompatibleDC, CreateRectRgnIndirect, CombineRgn, CreateSolidBrush, Eq ualRgn, GetStockObject, CreatePatternBrush, CreateRectRgn, GetObjectW, GetTextExtentPointW, CreateCompatibleBitmap

WINMM.dll timeGetTime

ole32.dll CoInitialize, CoUninitialize, CoCreateInstance RPCRT4.dll UuidToStringW, RpcStringFreeW, UuidCreate SHELL32.dll SHGetSpecialFolderPathW, ShellAboutW UxTheme.dll IsThemeActive, BufferedPaintClear

ADVAPI32.dll RegEnumKeyExW, RegQueryValueExW, RegQueryInfoKeyW, RegDeleteKey W, RegSetValueExW, RegCloseKey, RegCreateKeyW, RegOpenKeyExW, Reg EnumValueW, RegGetValueW

(3)

OLEAUT32.dll BSTR_UserFree

Strings

List

MTA:SA Server %s - See http://mtasa.com/agent/

# https://curl.se/docs/http-cookies.html

http://updatesa.multitheftauto.com/sa/trouble/?v=_VERSION_&id=_ID_&tr=_TROUBLE_

ftp@example.com

# Your alt-svc cache. https://curl.se/docs/alt-svc.html

# Your HSTS cache. https://curl.se/docs/hsts.html

!http://crl.certum.pl/cscasha2.crl0q http://cscasha2.ocsp-certum.com04 (http://repository.certum.pl/cscasha2.cer0

C:\BuildAgent\work\675e5b8e8f135823\Build\Symbols\Client Network.pdb

c:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\x64\Release\Dropper.pdb Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0

C:\BuildAgent\work\675e5b8e8f135823\Client\net\raknet\CCryptRC4.hpp H.iR

C:\BuildAgent\work\675e5b8e8f135823\Shared\sdk\net\CNetHTTPDownloadManagerInterface.h https://www.certum.pl/CPS0

http://www.certum.pl/CPS0 http://www.certum.pl/CPS0 http://www.certum.pl/CPS0 http://www.certum.pl/CPS0 http://crl.certum.pl/ctnca2.crl0l http://crl.certum.pl/ctnca.crl0k http://crl.certum.pl/ctnca.crl0k

%http://repository.certum.pl/ctnca.cer09

&http://repository.certum.pl/ctnca2.cer09 )http://repository.certum.pl/ctsca2021.cer0@

"http://crl.certum.pl/ctsca2021.crl0o http://%s

http://subca.ocsp-certum.com02 http://subca.ocsp-certum.com05 http://subca.ocsp-certum.com01 http://subca.ocsp-certum.com01

C:\BuildAgent\work\675e5b8e8f135823\Shared\sdk\WString.hpp

C:\BuildAgent\work\675e5b8e8f135823\Shared\sdk\SharedUtil.Profiling.hpp C:\BuildAgent\work\675e5b8e8f135823\Shared\sdk\SharedUtil.Misc.hpp C:\BuildAgent\work\675e5b8e8f135823\Shared\sdk\SString.hpp

(4)

[HTTPDownload] %s Invalid file descriptors. [cfds:%d]

file://%s%s%s E.Be

5.Af y.LR jB.li 127.0.0.1 CRYPT32.dll security.dll proxy_sa.exe

CONNECT %s HTTP/%s

ERROR_HOTKEY_NOT_REGISTERED

ERROR_DS_SAM_NEED_BOOTKEY_PASSWORD HTTP/%1d.%1d%c%3d%c

ERROR_HOTKEY_ALREADY_REGISTERED V.JO

Q.Aq M.Jm A.CZ

HTTP/1.%d %d HTTP/%1[23] %d HTTP/%s

5.cz z.gq HTTP %3d

Unsupported proxy '%s', libcurl is built without the HTTPS-proxy support.

Establish HTTP proxy tunnel to %s:%d

SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handsha ke failed). More detail may be available in the Windows System event log.

report.log COMCTL32.dll MSVCR110.dll WS2_32.dll WININET.dll ,&combase.dll WINTRUST.dll data\surfaud.dat WINMM.dll WINMM.dll UxTheme.dll iphlpapi.dll dbghelp.dll pthread.dll core.dll

mta\core2.dmp netc.dll

ntdll.dll

(5)

Heuristics

IPs hasIPs: True

Allowed: 127.0.0.1, 1, localhost.

Suspicious: 2.5.4.8, 0, Unknown, 2.5.4.9, 0, Unknown, 2.5.4.6, 0, Unknown , 2.5.4.7, 0, Unknown, 2.5.4.4, 0, Unknown, 2.5.4.5, 0, Unknown, 2.5.4.3, 0, Unknown, 2.5.4.72, 0, Unknown, 1.2.0.4, 0, Unknown, 2.5.4.10, 0, Unknown , 2.5.4.11, 0, Unknown, 2.5.4.12, 0, Unknown, 2.5.4.13, 0, Unknown, 2.5.4.1 7, 0, Unknown, 1.3.14.3, 0, Unknown, 2.5.4.45, 0, Unknown, 101.3.4.2, 0, U nknown, 2.5.4.44, 0, Unknown, 2.5.4.65, 0, Unknown, 2.5.29.17, 0, Unknow n, 2.5.4.46, 0, Unknown, 2.5.29.18, 0, Unknown, 2.5.29.19, 0, Unknown, 2.5 .4.43, 0, Unknown, 2.5.4.42, 0, Unknown, 2.5.4.41, 0, Unknown

hasAllowed: True hasSuspicious: True

URLs Allowed: http://crl.microsoft.com/pki/crl/products/microsoftcodeverifroot.cr l0

hasURLs: True

Suspicious: http://crl.certum.pl/ctsca2021.crl0o, http://repository.certum.p l/cscasha2.cer0, http://repository.certum.pl/ctsca2021.cer0@, http://subca.o csp-certum.com05, file://%s%s%s, http://subca.ocsp-certum.com02, http://s ubca.ocsp-certum.com01, http://cscasha2.ocsp-certum.com04, http://, http:

//updatesa.multitheftauto.com/sa/trouble/?v=_version_&id=_id_&tr=_troubl e_, http://crl.certum.pl/cscasha2.crl0q, https://curl.se/docs/hsts.html, http://

www.certum.pl/cps0, http://mtasa.com/agent/, https://curl.se/docs/http-coo kies.html, file://, https://www.certum.pl/cps0, http://www.winimage.com/zlib dll, http://%s, http://repository.certum.pl/ctnca.cer09, http://crl.certum.pl/ct nca2.crl0l, https://curl.se/docs/alt-svc.html, http://repository.certum.pl/ctnc a2.cer09, https://, http://crl.certum.pl/ctnca.crl0k

Files Allowed: api-ms-win-core-synch-l1-2-0.dll, dbghelp.dll, mscoree.dll, kernel 32.dll, ADVAPI32.dll, RPCRT4.dll, pthread.dll, SHELL32.dll, USER32.dll, WINT RUST.dll, secur32.dll, UxTheme.dll, ntdll.dll, MSVCR110.dll, COMCTL32.dll, I PHLPAPI.DLL, ,&combase.dll, WINMM.dll, SHLWAPI.dll, security.dll, WS2_32.d ll, OLEAUT32.dll, WININET.dll, Normaliz.dll, ole32.dll, CRYPT32.dll, core.dll, n etc.dll, GDI32.dll

hasFiles: True

Suspicious: =J.So, %s.%s.tmp, report.log, E*6.Jar, data\surfaud.dat, TIMEC YC.DAT

(6)

Address: 5368709120 Suspicious: False Stack

Stack: 4096 Suspicious: False Headers

Headers: 1024 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 0

Suspicous: True

Sections Allowed: .text, .rdata, .data, .pdata, .rsrc, .reloc Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 6

Suspicious: False Image

Version: True Suspicious: 6 Linker

Version: 11.0 Suspicious: False Subsystem

Version: 6.0 Suspicious: False Suspicious: False

(7)

2_32.dll, oleaut32.dll, wininet.dll, normaliz.dll, ole32.dll, crypt32.dll, gdi32.d ll

hasLibs: True

Suspicious: pthread.dll, msvcr110.dll, iphlpapi.dll, ,&combase.dll, core.dll, netc.dll

Timestamp Past: False

Valid: True

Value: 2022-08-03 22:10:00 Future: False

Compilation Packed: False

Missing: False Packers

Compiled: True

Compilers: Microsoft Visual C++ 8.0 (DLL)

Obfuscation XOR: True

Fuzzing: True

PEDetector

Matches 12448

Suspicious True

Disassembly

hasTricks False

Tricks

AVclass

(8)

AVG result: Win64:BankerX-gen [Trj]

update: 20220804 version: 21.1.5827.0 detected: True

CMC update: 20220623

version: 2.10.2019.1 detected: False

MAX result: malware (ai score=88)

APEX result: Malicious

update: 20220801 version: 6.319 detected: True

Bkav update: 20220804

K7GW result: Trojan ( 0057208f1 )

update: 20220803 version: 12.29.43670 detected: True

ALYac result: Gen:Variant.Johnnie.276394

Avast result: Win64:BankerX-gen [Trj]

update: 20220804 version: 21.1.5827.0

(9)

Cynet result: Malicious (score: 100) update: 20220803

version: 4.0.0.27 detected: True

Cyren result: W64/Kryptik.BZP.gen!Eldorado

DrWeb result: Trojan.Encoder.30162

GData result: Gen:Variant.Johnnie.276394

update: 20220804

version: A:25.33665B:27.28316 detected: True

Panda update: 20220803

VBA32 update: 20220803

version: 5.0.0 detected: False

VIPRE result: Gen:Variant.Johnnie.276394

VirIT update: 20220803

version: 9.5.252 detected: False

(10)

Comodo update: 20220803 version: 34865 detected: False

Ikarus result: Trojan.Win32.Injector

Lionic update: 20220803

version: 7.5 detected: False

McAfee update: 20220804

Rising result: Backdoor.Remcos!8.B89E (TFE:dGZlOgWqGCmoSHuGoQ) update: 20220803

Sophos update: 20220803

Yandex update: 20220725

Zillya update: 20220803

Acronis update: 20220426

version: 1.2.0.108

(11)

Cylance update: 20220804 version: 2.3.1.101 detected: False

Elastic result: malicious (high confidence) update: 20220728

version: 4.0.41 detected: True

FireEye result: Generic.mg.bb0e954eea8d2c80

Sangfor update: 20220803

TACHYON update: 20220803

version: 2022-08-03.02 detected: False

Tencent result: Malware.Win32.Gencirc.10ce3e28 update: 20220804

ViRobot update: 20220803

Webroot update: 20220804

(12)

detected: True

F-Secure update: 20220803

Fortinet result: W32/Kryptik.HEUR!tr

Jiangmin result: Trojan.MSIL.qkml

Kingsoft update: 20220804

Paloalto update: 20220804

Symantec update: 20220803

Trapmine update: 20220707

AhnLab-V3 result: Trojan/Win32.AgentTesla.R350864 update: 20220804

(13)

detected: True

MaxSecure update: 20220801

Microsoft result: TrojanDropper:Win64/SodinokibiCrypt.SA!MTB update: 20220803

ZoneAlarm update: 20220803

Cybereason result: malicious.eea8d2

ESET-NOD32 result: a variant of Win64/Kryptik.CAA update: 20220803

version: 25700 detected: True

Gridinsoft result: Trojan.Win64.Kryptik.oa!s1 update: 20220804

TrendMicro update: 20220803

BitDefender result: Gen:Variant.Johnnie.276394 update: 20220803

version: 7.2

(14)

SentinelOne update: 20220330 version: 22.2.1.2 detected: False

Malwarebytes result: Malware.AI.1160498980 update: 20220804

CAT-QuickHeal update: 20220803

NANO-Antivirus update: 20220803

BitDefenderTheta update: 20220802

MicroWorld-eScan result: Gen:Variant.Johnnie.276394 update: 20220803

SUPERAntiSpyware update: 20220730

McAfee-GW-Edition update: 20220803 version: v2019.1.2+3728 detected: False

(15)

resource bb0e954eea8d2c802488b2e01221752a

permalink https://www.virustotal.com/gui/file/f57891fe23b8120e1371f1221ffb9f504b1 72f09f18bf2852f65e0ec500236bd/detection/f-f57891fe23b8120e1371f122 1ffb9f504b172f09f18bf2852f65e0ec500236bd-1659575410

positives 33

scan_date 2022-08-04 01:10:10

verbose_msg Scan finished, information embedded

response_code 1

File

Trace

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

are.exe C:\Monitor\proc.exe

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

(16)

45:43.325 e 76 are.exe C:\Monitor\proc.exe

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.325

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

(17)

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.340

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

(18)

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.356

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

(19)

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.372

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

(20)

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.387

Writ e

24 76

C:\malw

(21)

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

(22)

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.403

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.528

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.528

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.528

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.528

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.528

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.528

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.528

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.528

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.528

Writ e

24 76

C:\malw

(23)

3/8/2022 - 21:

45:43.528

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

(24)

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.543

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

(25)

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.559

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

(26)

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.575

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

(27)

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.590

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

(28)

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.606

Writ e

24 76

C:\malw

(29)

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.622

Writ e

24 76

C:\malw

(30)

3/8/2022 - 21:

45:43.700

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.700

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.700

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.700

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.700

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.700

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.700

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.700

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.700

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.700

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.700

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.700

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.700

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.715

Writ e

24 76

C:\malw

(31)

3/8/2022 - 21:

45:43.715

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.715

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.715

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.715

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.715

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.715

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.715

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.715

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.715

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.715

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.715

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.715

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

(32)

45:43.731 e 76 are.exe C:\Monitor\proc.exe

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.731

Writ e

24 76

C:\malw

(33)

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.747

Writ e

24 76

C:\malw

(34)

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

(35)

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.762

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

(36)

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.778

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

(37)

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.793

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

(38)

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.856

Writ e

24 76

C:\malw

(39)

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

(40)

3/8/2022 - 21:

45:43.872

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

(41)

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.887

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

(42)

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.903

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

(43)

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.918

Writ e

24 76

C:\malw

(44)

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

(45)

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.934

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

(46)

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:43.950

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

(47)

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.12

Writ e

24 76

C:\malw

3/8/2022 - 21:

45:44.28

Writ e

24 76

C:\malw