Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
08-05-2024 08:10
Static task
static1
Behavioral task
behavioral1
Sample
Tria.gay.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
Tria.gay.exe
Resource
win10-20240404-en
General
-
Target
Tria.gay.exe
-
Size
629KB
-
MD5
b3cea39c19b4c87e9a4e5400fa5c9c48
-
SHA1
d08516f598618d5d01f4ca0f536e1c946fe6bfec
-
SHA256
c41bbd9aeb765015231cb1b05de9ef13fba577877a226817cfad9bfeebe8fc5a
-
SHA512
322e324f2fe98ab272e92cb2663b16e20db7b61a1a170e2eb1c31b0ff9bf17d1c9a6e66819bd628d9611b6ed23be2e353b465f9bb7c9662252c5a49126c1dc6d
-
SSDEEP
12288:0CQjgAtAHM+vetZxF5EWry8AJGy0Aq2aQOyfHrJnU44:05ZWs+OZVEWry8AFu2aQvfHmR
Malware Config
Extracted
discordrat
-
discord_token
MTIzNDcyMDk2NjIzNjU3MzgwNg.GAgMA7.5Fr2VglBtzELzBN5jTv1isgkXurp9_3fiYShzU
-
server_id
1235156619520901140
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation Tria.gay.exe -
Executes dropped EXE 1 IoCs
pid Process 3928 Client-built.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 21 discord.com 26 discord.com 18 discord.com -
Drops file in System32 directory 2 IoCs
description ioc Process File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596294979047105" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 3928 Client-built.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3612 wrote to memory of 3928 3612 Tria.gay.exe 86 PID 3612 wrote to memory of 3928 3612 Tria.gay.exe 86 PID 4988 wrote to memory of 5100 4988 chrome.exe 101 PID 4988 wrote to memory of 5100 4988 chrome.exe 101 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 5048 4988 chrome.exe 103 PID 4988 wrote to memory of 2988 4988 chrome.exe 104 PID 4988 wrote to memory of 2988 4988 chrome.exe 104 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105 PID 4988 wrote to memory of 4344 4988 chrome.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\Tria.gay.exe"C:\Users\Admin\AppData\Local\Temp\Tria.gay.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3612 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Client-built.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Client-built.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3928
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2244
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa5888cc40,0x7ffa5888cc4c,0x7ffa5888cc582⤵PID:5100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2056,i,17785439572201653439,2177716296751833398,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2052 /prefetch:22⤵PID:5048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1952,i,17785439572201653439,2177716296751833398,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2368 /prefetch:32⤵PID:2988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2132,i,17785439572201653439,2177716296751833398,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2552 /prefetch:82⤵PID:4344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,17785439572201653439,2177716296751833398,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3148 /prefetch:12⤵PID:1220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,17785439572201653439,2177716296751833398,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,17785439572201653439,2177716296751833398,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4504 /prefetch:12⤵PID:3864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,17785439572201653439,2177716296751833398,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4764 /prefetch:82⤵PID:640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,17785439572201653439,2177716296751833398,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4948 /prefetch:82⤵PID:4320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,17785439572201653439,2177716296751833398,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5144 /prefetch:82⤵PID:4696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5168,i,17785439572201653439,2177716296751833398,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5084 /prefetch:82⤵PID:1852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5100,i,17785439572201653439,2177716296751833398,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5040 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1824
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:3808
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD57ed9242bdae4b0ea6c1b89ecc176d6e9
SHA1d17fdded1d96087167d2d8622847669a5b99c6c3
SHA2561cb7287bf8e697ef560a2292c43c792ef17b5fff25e1d900c10dbfdc2d303733
SHA5120f49fc4681560f473002fb9156dd4c368503c0c8ee1b0f33c5e64993ea0242912ecc30fd2da16d9ae328bf49eba026f6faa6f5841c7bb2a441e9d6921671b1e7
-
Filesize
9KB
MD5bac1cf5bca5666d1dce454dcbed3cff7
SHA17c6438687b2dc0286f66d29c58628104d0ea4a64
SHA2567db824b737e54b07ff909c8516244e9e6b107dc49a1a3fb4cb5f58c540f312eb
SHA512544a04fe4a048ad030ee57513be48fb9e22172bdf8391ca66e25d225d0d6e48e22673a26f70cb800e95d92bd27ca041d8e4aaf475a2e258e99a566f58c5c0aa4
-
Filesize
9KB
MD5d7cff7ac4f7f07011cd556cb7ca2675b
SHA167a2defbb559c44cce4d3f6ffbb83b90a314aa0c
SHA25638c75fd78506ecf589002b8292ac559b8f94c682a23152015027b3c531c2ea55
SHA512540543a08b2021c8d69be11925d5502b74277bfc7407206dd68d376573d6e25913062efdd90d6461a7e5d471cec151c5ab39d546f3e7dba92d1762382b5f50ad
-
Filesize
9KB
MD51eabc167d8294b7aa294a953dc33110d
SHA1c47d7eb2a0696fdaec7a944e3d908d554c49b978
SHA256b4ba47ac6b8ae67db2bd6a40a93dc3c4f1a005d4e207f2b87d93b7e227727f2f
SHA512668705e7ce873a5c5e7608fc19e9987149b5d7c5c5866381f456d2ebc91fd0e827b9dd74bf42fcf9c59f35c3e7502de97baf66a95302f0d44733a8d4aca93422
-
Filesize
9KB
MD504d0abcc782739fb0c56e89cbaf0c703
SHA13f488f0a62254b14cc9069924fb4bde9b9ebc1b4
SHA2568389f294b25aa6fa0e3f99ccf9328976b14de6a456b0a23c0f96b31bcb83ae66
SHA512d280a11cbd3ea1a35ef5ed8091bc2174bb0dfb9a2bcf460c28051a043a6fbef9d2b5efe895b2fbd3777090bfad4a3a71ac94cc15ad0dfed26e1a50ea2728590e
-
Filesize
9KB
MD518e1e4f01a51d0f4c5fc76400122291e
SHA1e9b673443a5c84d000082abbadc5fbc271ffc1d1
SHA256cfb9569484971038321f26bddb04523fa39d944d7ee8ed8f6eae434463d75934
SHA5124e55438ba12864103df059cae6d9975902edb6d82b2196a232071d8e5e97eacc09a9dafb5d899b76369045cb5ac2a2086219e8f725ab6e23590101b778f2e6ef
-
Filesize
9KB
MD5d7a1e7d5f22095cc1a116ba0b786f945
SHA1a0466525f35f8e4a5eacb0a82e5b4afb1c53656b
SHA2569b9d15c9cd988a922f09c29f2a223cc6da39f4aef13f3e13b5462030169e8359
SHA512fee81cfd3a869e88c597f2b11bacf5d00654baed7d5e03fe6dd31caa0be6f05be7f862ea3912032a4e728bd3b196e1cd5d4b8fd8218ede04d06f40c07ab81664
-
Filesize
9KB
MD5ffefdf9f2a2a83e24d154decbdb78a52
SHA140066604fb21e42549830b4ce35920b0238c43d8
SHA2560aa8ae81eefd84f12c11f263b492da3ff26238f6fdfbf6944230c628d638c6dd
SHA5123dab1ccd5bda6d6a7922887ae3f4b469c780711c4b8e2bd8989a5af4590c96ef47b13b2d81925f905226b88806f172e5dd2dc93744d2a0d0d0d0813d77626906
-
Filesize
9KB
MD5bbab7f88066206cfd6aa225c96010218
SHA19dfb4094e740fb0437337d05bc15bc829661503a
SHA2564e6e1cb17ead48399100217f55ca34c6debe2f3ccc5b5145add37026d04f3a94
SHA51205722b6c99e62d651e5483bcc46d7677a926dd5b6519b69d3997597acf516704b6b407c414489b0d3913b82a5558c1a208c6222876e24bee30e016691e5fe5a3
-
Filesize
9KB
MD54d03df3d6b1ee23420d55434d6b7bf47
SHA18125f24e51b75f787ea1ac412d6667028386edd5
SHA2564a45fad0645b99ea5ab56ad87cf4d1fcb2bfa5e79ecfb0916b41039c51616655
SHA5121ab8cf603e07bd91d1a3419781e3a9190db460b68cacecf618b1be17e073bb917a675af76f0ecb983735e97a3aa6180b9a56742def811a9f495657be96d7be28
-
Filesize
15KB
MD5c9b4f407242cbe7eec05929b8b42b214
SHA121647fefa9abccc4b81d4507b2ec2f07e8fe30a5
SHA2566f195919ab169bb1c6e7a2f56b53c741afcc3dac93a837e6aea3834df20c7f33
SHA512e0b388aa7dd5cf54002e72d065317e5cf64e8af3fa86526fd62b145033b061f955f3f60123a6a2ec0bdebd51c3fb20e740f08f677c2e91282054b801f5b5fa77
-
Filesize
152KB
MD5c1d48c186fe22cb6e6bdc7c15f1c34c6
SHA1845f300ab8c71156f7aa2ac68552849e30dceda4
SHA256cb97323f5ef8227acbff1eb6047cf14440435cab4e8cdba84b08364832e02875
SHA512dd193641ecc71c8499f142ab3ffca0cf6acea0511893872871728f30631be066508ac4f3e9562139ca6ba0aa74e22201616a74b504c23ec5df98af0d50dba1fb
-
Filesize
152KB
MD590c8f362fc49441e242d2ccabb55f4f8
SHA14c9dbfac5e02ffdc3740cc048c47b90d2275539a
SHA256e5ba17978bf160349c8583a8f349b5cb7436c1cce6979b78413fd8b48941c4b0
SHA512d4acb6cf0093ac950e597f57d6e4df87f2d623ab4cd7290193d18903ffc18fe57ae894c8316edc0a8ea161e165861ac6c8c88a2a8a177333c0735068dd641f40
-
Filesize
78KB
MD50cccb44d8b9efe2baa53f809f54923f6
SHA157f8d3877af9853fc9f880e05a045274dd7c7c3d
SHA2567fbdcb4fc89ad23c70c9b17e5e633e4b4688beaa7081b7e530f156608246aee9
SHA5120aef03daf778f7b0b5cc1a077fb0b7a37972220e816ce577968f564aa192e226658aced1865a5917d623d28ec53b3c92f893940fec726268f2cdb4b991227f32