6a6293438ad9ac50b0b6fda77cfb30d8d98b655ffe101029c9473e5da13c752e

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe
Size

10.4MB
MD5

49e571199198ed1a714a11c3e5d65933
SHA1

194a13c949651afd849b5e1966d346381bd6474e
SHA256

6a6293438ad9ac50b0b6fda77cfb30d8d98b655ffe101029c9473e5da13c752e
SHA512

f109df4b76bbb336194bb097a45804cdb19687d78baae6c42a84ce680fa7bb8ea8cac6acaf109336ab17520d831b259d1c1ea8445852c2419dd5665ee20f06b4
SSDEEP

196608:A8jml72uvzKp7Ah13Jvo5Inzk7R4BdWuqokiZOiaTutfciG5djc892oz+h1lZw6G:3jmEuvz87Ah7voX7+BdWuqokiZOiaTu+

Score

7^/10

defense_evasion

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe

Executes dropped EXE 4 IoCs

pid	Process
3248	DamAgent.exe
4648	DamAgent.exe
2076	svchost.exe
1568	DamAgent.exe

Impair Defenses: Safe Mode Boot 1 TTPs 2 IoCs

defense_evasion

Safe Mode Boot

T1562.009

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iNode DAM Agent\ = "Service"	DamAgent.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iNode DAM Agent	DamAgent.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	DamAgent.exe
File opened (read-only)	\??\F:	DamAgent.exe

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\system32\ChkRead.dll	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe
File created	C:\Windows\SysWOW64\DamAgent.exe	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe
File opened for modification	C:\Windows\SysWOW64\DamAgent.exe	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe
File created	C:\Windows\system32\DamAgent.exe	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe
File created	C:\Windows\SysWOW64\DamAgentTray.exe	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe
File created	C:\Windows\SysWOW64\hssvchost.exe	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe
File created	C:\Windows\SysWOW64\APIRead.exe	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe
File created	C:\Windows\SysWOW64\ChkRead.dll	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 9 IoCs

evasion

pid	Process
4676	taskkill.exe
1168	taskkill.exe
524	taskkill.exe
3348	taskkill.exe
4900	taskkill.exe
4368	taskkill.exe
1584	taskkill.exe
4388	taskkill.exe
4164	taskkill.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	DamAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	DamAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	DamAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	DamAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	DamAgent.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4648	DamAgent.exe
4648	DamAgent.exe
4648	DamAgent.exe
4648	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe
1568	DamAgent.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	3348	taskkill.exe
Token: SeDebugPrivilege	4900	taskkill.exe
Token: SeDebugPrivilege	4676	taskkill.exe
Token: SeDebugPrivilege	1168	taskkill.exe
Token: SeDebugPrivilege	4368	taskkill.exe
Token: SeDebugPrivilege	1584	taskkill.exe
Token: SeDebugPrivilege	524	taskkill.exe
Token: SeDebugPrivilege	4388	taskkill.exe
Token: SeDebugPrivilege	4164	taskkill.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 3348	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	80
PID 632 wrote to memory of 3348	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	80
PID 632 wrote to memory of 3348	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	80
PID 632 wrote to memory of 4900	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	82
PID 632 wrote to memory of 4900	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	82
PID 632 wrote to memory of 4900	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	82
PID 632 wrote to memory of 4676	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	84
PID 632 wrote to memory of 4676	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	84
PID 632 wrote to memory of 4676	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	84
PID 632 wrote to memory of 1168	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	86
PID 632 wrote to memory of 1168	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	86
PID 632 wrote to memory of 1168	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	86
PID 632 wrote to memory of 4368	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	88
PID 632 wrote to memory of 4368	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	88
PID 632 wrote to memory of 4368	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	88
PID 632 wrote to memory of 1584	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	90
PID 632 wrote to memory of 1584	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	90
PID 632 wrote to memory of 1584	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	90
PID 632 wrote to memory of 524	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	92
PID 632 wrote to memory of 524	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	92
PID 632 wrote to memory of 524	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	92
PID 632 wrote to memory of 4388	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	93
PID 632 wrote to memory of 4388	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	93
PID 632 wrote to memory of 4388	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	93
PID 632 wrote to memory of 4164	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	96
PID 632 wrote to memory of 4164	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	96
PID 632 wrote to memory of 4164	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	96
PID 632 wrote to memory of 3248	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	100
PID 632 wrote to memory of 3248	632	2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe	100
PID 4648 wrote to memory of 2076	4648	DamAgent.exe	103
PID 4648 wrote to memory of 2076	4648	DamAgent.exe	103
PID 4648 wrote to memory of 2076	4648	DamAgent.exe	103

C:\Users\Admin\AppData\Local\Temp\2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-03_49e571199198ed1a714a11c3e5d65933_mafia.exe"
1⤵
- Checks computer location settings
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:632
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /F /IM "iNodeLvdun.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3348
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /F /IM "iNodeDlpAgent.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4900
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /F /IM "LdMainControl.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4676
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /F /IM "ldbusiness_32.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1168
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /F /IM "ldbusiness_64.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4368
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /F /IM "LdContentAware.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1584
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /F /IM "LdFileGate.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:524
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /F /IM "LdMsgInject.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4388
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /F /IM "LdMsgInject64.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4164
- C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\DamAgent.exe
  "C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\DamAgent.exe"
  2⤵
  - Executes dropped EXE
  PID:3248

C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\DamAgent.exe
"C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\DamAgent.exe" -startService
1⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4648
- C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\svchost.exe
  "C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\svchost.exe" Microsoft
  2⤵
  - Executes dropped EXE
  PID:2076

C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\DamAgent.exe
"C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\DamAgent.exe" -startService
1⤵
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Safe Mode Boot

T1562.009

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\DamAgent.exe

Filesize
4.2MB

MD5
51bce27c88390af97c74eeac69cb69cc

SHA1
73ca2768021b12c24c95aa9f10a31c48d5cc834a

SHA256
b968c44b661ef9adc5c5faf0f8e3e0323aed79324e4d3bd0da2454841d3b858b

SHA512
26423030aec17b1af3bd9934caf6f25826900d87b408213216a8e23ffd0313a13ad958efe68ecb01ca36e6d9efa2bfe80492700d998e50234454be2d3994e6b4

Download Submit
C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\ChkRead.dll

Filesize
160KB

MD5
da3e1ab8c89c16c8a8d6432d2012d229

SHA1
090f37c1325ca9de1be9c5ea05684e7b1709aa16

SHA256
46da116ed1057eaf3304970dc670d9bed4f5adcb29c7dbc55acd206e9687686a

SHA512
618accd27212eb559924898a8dd2f34ce52e12a1386d7580222f0650c5f606a7dda34f83590add69d9464924be9722b1f37c83fd6cbdbde808704fe3ef8c434d

Download Submit
C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\DamAgent.ini

Filesize
254B

MD5
bccb24ba72353f47145430f195b02d5e

SHA1
66e69f18189913c1a299302e6ce5058ff6a3b093

SHA256
4887a18e7038cae40e04e62f2c0ca3f609779a9eebcad27b6ffb193282e3601c

SHA512
b72fa3a6f677d87a2d95756067a6b8d93f5462b0d5a2b70f33d3af2c54041bcc4e0d2c9e174894f2b7824e162e4f5429b53975e7f4c78ab0f5f4111ef8a8ed19

Download Submit
C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\Log\DamAgent.2024070303.log

Filesize
974B

MD5
d2f93bf238ae48e943db13fd8ac589e8

SHA1
b6ec0a2f9253278a762dc378126bad28c81b8e43

SHA256
05c990e49cfe1444b2cd8ffc48d721a2aacfd3501fa5dfb22a0e51946ed8e294

SHA512
b91612a1240165b3046e66705f3833f0419a03f5fc6684c5aa1955635b5cd9db4dd5ee796391a162b2fa339c9c8e4416a3c0a622d5be48fd918b4d0e135bd672

Download Submit
C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\Log\DamAgent.2024070303.log

Filesize
1KB

MD5
a690a830a4c490d91ee7dc79c05220bd

SHA1
efed001ba260e709e93f4069a4028dafc3334ec0

SHA256
2b5fac35a70e6394824671258594b6a34e37fa07839cfd1a62982f8c453bddf0

SHA512
f47e10d2cacceda2215d9e80a00bd96db8ef838f68801617e077c36b997fe331245d53353b7bafed2dccea62be08cf190701e623d0b4cc4ff0608f1aee34138b

Download Submit
C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\Log\DamAgent.2024070303.log

Filesize
4KB

MD5
196453daa62db040ec9c2bcf4b58986d

SHA1
8380363d74a8c21f2fab692f45f1cbc558b33c02

SHA256
6f51aaa12da7d6c41f5061da19e391547d6495894823c47e235a05857723e0c5

SHA512
e949d8de89418e4abd0cf5c88ea7d133383c076ab2aa43060951dc18773c6f3ed68cddd9f05ce7b47951a21cdbb19fdab4b36ca2101cd368ce08daa59b7a7ecf

Download Submit
C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\Log\DamAgent.2024070303.log

Filesize
5KB

MD5
0bdf2ade635a6347d04b06df47f04baa

SHA1
d527983676b5be59bb88fd65776b6498a64874e1

SHA256
0fa8d0b37c7a60b6333fa3af3ba7c82832ab051d0ce67be8d75a54320a2cc55b

SHA512
a9c65045a5de9fb728acee3fb9d245f7243b3d88d36b317775fdad0f1944cbe30a4401998eb0a88533388c87a0f388ffeeeead77d5d35de5e6204a9b47142756

Download Submit
C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\Resources\en-us\DamAgent.res

Filesize
8KB

MD5
53764fbb2e08446067dec9d277e1d48e

SHA1
a049a8aa99f16e2edc2ad6c831f76c047e4a757f

SHA256
8da246d0f9954f431e3388b2e6269673845f9d90e07fb765caa2ccf61e64d323

SHA512
0ba1a8bce68b3d63d90c467127b69953e6e17964ccb7429b259f2379ee7296ee3f1d5212bc9d38438775e06b40ee4e8216c15d24744cfb221e44100c58ed3ad8

Download Submit
C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\languages.ini

Filesize
146B

MD5
77664e46feb0fd755d1b043181ab1398

SHA1
95557cb1d242b17ace6c2f6d9c992fdfa498ba65

SHA256
9ebb2584dc92a51f2c4e1dc6f6d144313a709f4f732e4a135c5d1600fb391ae4

SHA512
7ba9fa62bde439a5565dcebd0224b794f35181e2f7bcda6ba7c6fa7c45f6eb5ec30710e41b61534eab954a6d5bdccecc32ee8e649483ced77b4a46cd66f0ffa5

Download Submit
C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\log\DamAgent.2024070303.log

Filesize
2KB

MD5
024914d9f1168ba754f2e60cdaa88554

SHA1
f1d97372373ee8684c20bdffb82a42a2adaea5d0

SHA256
6b244cf043ec368ddcc1ff44161f210c2d9c0098ef69e92b003311502b4f7532

SHA512
7c665397a79d9dc6b095dd61c058460f7007378ed0a8d8f378660047db3695e9d0ac9e2b02315c02df10978321b366a79154ae1d24e309e8fef8ab991d5ea7f9

Download Submit
C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\log\DamAgent.2024070303.log

Filesize
3KB

MD5
5cff6f7b91946eb73f1f0c1fb0681a1b

SHA1
5e7364507a97a9d57d5dc1a41ecc838321edcbe5

SHA256
f6eb8a641e877eab7c7d9176ba1f3997d303c5168c5fa1e203c21ef9cde99a55

SHA512
7ac7b438a58a1c60e935e5c996b57558e8a3796da32b333947b341990c6f0d87e79eee3994fae71810163a36b3fabae4df03e2756438e338d31120e9d4f6cc8a

Download Submit
C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\log\DamAgent.2024070303.log

Filesize
4KB

MD5
af05f03140f4d4643bf908dcbf51f450

SHA1
5742d4f94056033fcab098278a77647320eab1e2

SHA256
9b89c731f1d81c63cef1dd0b1f0ad96590653e3f9a640ea3f5ac1e0218df8d52

SHA512
3e447308fac9e82f66771897b3a6d898995073682fbef5dc8af9d5929f54c640fb8b0efa17c539148c37413d01376680bbfaaca785690545413043678cfcc599

Download Submit
C:\iNode DAM Agent\E31D0CF876BE8745B09B3FF64306D1B6\svchost.exe

Filesize
146KB

MD5
57c687c26a3e77c9b6ba4d4a011d50a7

SHA1
943b327984f0e3a8aea3e320a1f173e2592ca335

SHA256
43cd48e45a87573b863188ce20c256aec0fa3bf69cc0ea34ab612b8373e3a36d

SHA512
1b00b8c18b9c3eed2207f2a93c25e66e9169003112e9169dffdd718677be043a2b98fcb3d4a98802fcaf2c3597032b930918ff9f595bd11608fef52daa6be8b5

Download Submit
C:\iNodeLog\stp_UtlFile2024070303.log

Filesize
3KB

MD5
0d077abc8ec26d911b84c937106f60f6

SHA1
c1b2b8f038b74789734da80b89c4810f725b4a2c

SHA256
94c74e382dc79cbe080f85203221ef013e09f0a44244c1d22e0b9ea8e4ad887f

SHA512
f2f2ec996c81100c3cd56893375366a103ea0200898e4bbea9624ad93f39ab44e9082e0a7a18bb95a714e3dcb7e88e525db0783569f65330a4e9c6f2433de1f8

Download Submit
C:\iNodeLog\stp_UtlFile2024070303.log

Filesize
4KB

MD5
3f8068c232b3762ae14c900395a1cefb

SHA1
b9832e6d443ec9a10874295ff1585abad525a12f

SHA256
eb67855422b7958854ff25862d9e6f598e93b9f8b844f7c1ba9155f9072feb33

SHA512
09051f59b70f26fc7552d1a7e70ed11f787c534d1d43cba7e36cb52b465efd3d9230195838fa96d50d166048d574448aff0d08bebccf861fda72675f58408a90

Download Submit