Analysis
-
max time kernel
146s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15-12-2024 18:15
Behavioral task
behavioral1
Sample
fortnitecloud.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fortnitecloud.exe
Resource
win10v2004-20241007-en
General
-
Target
fortnitecloud.exe
-
Size
3.1MB
-
MD5
a39f29a2f774febb2c532577de2f407c
-
SHA1
bf97e76565ae9a78f33601c154e97ef9e2631430
-
SHA256
7ce9d2b8f4a344b07a8e3b9bf58ede5a2ba7a85bfa94d8b103179183fbb7c24f
-
SHA512
ca28aa66f392356e19d3fb43327ffb9cf1aae0777c8fcdc3530b02f50b50a0347a12db76f90717c51355f8c25de020a989b722c231a14f0995b7e149303a4fa0
-
SSDEEP
49152:KvYt62XlaSFNWPjljiFa2RoUYIy6jrcFGnoGdoXuTHHB72eh2NT:Kv062XlaSFNWPjljiFXRoUYIy6HcFKo
Malware Config
Extracted
quasar
1.4.1
fortnite cloud
roham:9999
34f9808a-f860-420a-9060-bdcca871577f
-
encryption_key
C98F5FD72C77D3C38A5C7ECBED91435EDD8177FE
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
fortnite updater cloud
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 6 IoCs
resource yara_rule behavioral1/memory/1972-1-0x00000000002E0000-0x0000000000604000-memory.dmp family_quasar behavioral1/files/0x0008000000016c9d-6.dat family_quasar behavioral1/memory/2332-9-0x00000000013C0000-0x00000000016E4000-memory.dmp family_quasar behavioral1/memory/1284-103-0x00000000000A0000-0x00000000003C4000-memory.dmp family_quasar behavioral1/memory/2664-115-0x0000000000030000-0x0000000000354000-memory.dmp family_quasar behavioral1/memory/612-126-0x0000000000A60000-0x0000000000D84000-memory.dmp family_quasar -
Executes dropped EXE 12 IoCs
pid Process 2332 Client.exe 2756 Client.exe 2472 Client.exe 372 Client.exe 2144 Client.exe 560 Client.exe 2004 Client.exe 2708 Client.exe 2588 Client.exe 1284 Client.exe 2664 Client.exe 612 Client.exe -
Drops file in System32 directory 14 IoCs
description ioc Process File opened for modification C:\Windows\system32\SubDir\Client.exe Client.exe File opened for modification C:\Windows\system32\SubDir\Client.exe Client.exe File opened for modification C:\Windows\system32\SubDir\Client.exe Client.exe File opened for modification C:\Windows\system32\SubDir\Client.exe Client.exe File opened for modification C:\Windows\system32\SubDir\Client.exe Client.exe File opened for modification C:\Windows\system32\SubDir\Client.exe fortnitecloud.exe File opened for modification C:\Windows\system32\SubDir\Client.exe Client.exe File opened for modification C:\Windows\system32\SubDir\Client.exe Client.exe File opened for modification C:\Windows\system32\SubDir\Client.exe Client.exe File opened for modification C:\Windows\system32\SubDir\Client.exe Client.exe File opened for modification C:\Windows\system32\SubDir\Client.exe Client.exe File opened for modification C:\Windows\system32\SubDir\Client.exe Client.exe File created C:\Windows\system32\SubDir\Client.exe fortnitecloud.exe File opened for modification C:\Windows\system32\SubDir\Client.exe Client.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 12 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 2620 PING.EXE 2088 PING.EXE 2212 PING.EXE 2064 PING.EXE 2696 PING.EXE 1848 PING.EXE 2976 PING.EXE 788 PING.EXE 1152 PING.EXE 1488 PING.EXE 1720 PING.EXE 900 PING.EXE -
Runs ping.exe 1 TTPs 12 IoCs
pid Process 1152 PING.EXE 2620 PING.EXE 900 PING.EXE 2064 PING.EXE 2696 PING.EXE 1848 PING.EXE 2088 PING.EXE 2976 PING.EXE 788 PING.EXE 1488 PING.EXE 1720 PING.EXE 2212 PING.EXE -
Scheduled Task/Job: Scheduled Task 1 TTPs 13 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 916 schtasks.exe 3036 schtasks.exe 1712 schtasks.exe 2100 schtasks.exe 2636 schtasks.exe 852 schtasks.exe 2864 schtasks.exe 1660 schtasks.exe 1980 schtasks.exe 2932 schtasks.exe 1536 schtasks.exe 2092 schtasks.exe 2328 schtasks.exe -
Suspicious use of AdjustPrivilegeToken 13 IoCs
description pid Process Token: SeDebugPrivilege 1972 fortnitecloud.exe Token: SeDebugPrivilege 2332 Client.exe Token: SeDebugPrivilege 2756 Client.exe Token: SeDebugPrivilege 2472 Client.exe Token: SeDebugPrivilege 372 Client.exe Token: SeDebugPrivilege 2144 Client.exe Token: SeDebugPrivilege 560 Client.exe Token: SeDebugPrivilege 2004 Client.exe Token: SeDebugPrivilege 2708 Client.exe Token: SeDebugPrivilege 2588 Client.exe Token: SeDebugPrivilege 1284 Client.exe Token: SeDebugPrivilege 2664 Client.exe Token: SeDebugPrivilege 612 Client.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2332 Client.exe 2756 Client.exe 2472 Client.exe 372 Client.exe 2144 Client.exe 560 Client.exe 2004 Client.exe 2708 Client.exe 2588 Client.exe 1284 Client.exe 2664 Client.exe 612 Client.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1972 wrote to memory of 3036 1972 fortnitecloud.exe 30 PID 1972 wrote to memory of 3036 1972 fortnitecloud.exe 30 PID 1972 wrote to memory of 3036 1972 fortnitecloud.exe 30 PID 1972 wrote to memory of 2332 1972 fortnitecloud.exe 32 PID 1972 wrote to memory of 2332 1972 fortnitecloud.exe 32 PID 1972 wrote to memory of 2332 1972 fortnitecloud.exe 32 PID 2332 wrote to memory of 1712 2332 Client.exe 33 PID 2332 wrote to memory of 1712 2332 Client.exe 33 PID 2332 wrote to memory of 1712 2332 Client.exe 33 PID 2332 wrote to memory of 2776 2332 Client.exe 35 PID 2332 wrote to memory of 2776 2332 Client.exe 35 PID 2332 wrote to memory of 2776 2332 Client.exe 35 PID 2776 wrote to memory of 2720 2776 cmd.exe 37 PID 2776 wrote to memory of 2720 2776 cmd.exe 37 PID 2776 wrote to memory of 2720 2776 cmd.exe 37 PID 2776 wrote to memory of 2976 2776 cmd.exe 38 PID 2776 wrote to memory of 2976 2776 cmd.exe 38 PID 2776 wrote to memory of 2976 2776 cmd.exe 38 PID 2776 wrote to memory of 2756 2776 cmd.exe 40 PID 2776 wrote to memory of 2756 2776 cmd.exe 40 PID 2776 wrote to memory of 2756 2776 cmd.exe 40 PID 2756 wrote to memory of 1980 2756 Client.exe 41 PID 2756 wrote to memory of 1980 2756 Client.exe 41 PID 2756 wrote to memory of 1980 2756 Client.exe 41 PID 2756 wrote to memory of 2240 2756 Client.exe 43 PID 2756 wrote to memory of 2240 2756 Client.exe 43 PID 2756 wrote to memory of 2240 2756 Client.exe 43 PID 2240 wrote to memory of 316 2240 cmd.exe 45 PID 2240 wrote to memory of 316 2240 cmd.exe 45 PID 2240 wrote to memory of 316 2240 cmd.exe 45 PID 2240 wrote to memory of 788 2240 cmd.exe 46 PID 2240 wrote to memory of 788 2240 cmd.exe 46 PID 2240 wrote to memory of 788 2240 cmd.exe 46 PID 2240 wrote to memory of 2472 2240 cmd.exe 47 PID 2240 wrote to memory of 2472 2240 cmd.exe 47 PID 2240 wrote to memory of 2472 2240 cmd.exe 47 PID 2472 wrote to memory of 2100 2472 Client.exe 48 PID 2472 wrote to memory of 2100 2472 Client.exe 48 PID 2472 wrote to memory of 2100 2472 Client.exe 48 PID 2472 wrote to memory of 1088 2472 Client.exe 50 PID 2472 wrote to memory of 1088 2472 Client.exe 50 PID 2472 wrote to memory of 1088 2472 Client.exe 50 PID 1088 wrote to memory of 1412 1088 cmd.exe 52 PID 1088 wrote to memory of 1412 1088 cmd.exe 52 PID 1088 wrote to memory of 1412 1088 cmd.exe 52 PID 1088 wrote to memory of 1152 1088 cmd.exe 53 PID 1088 wrote to memory of 1152 1088 cmd.exe 53 PID 1088 wrote to memory of 1152 1088 cmd.exe 53 PID 1088 wrote to memory of 372 1088 cmd.exe 54 PID 1088 wrote to memory of 372 1088 cmd.exe 54 PID 1088 wrote to memory of 372 1088 cmd.exe 54 PID 372 wrote to memory of 2932 372 Client.exe 55 PID 372 wrote to memory of 2932 372 Client.exe 55 PID 372 wrote to memory of 2932 372 Client.exe 55 PID 372 wrote to memory of 2112 372 Client.exe 57 PID 372 wrote to memory of 2112 372 Client.exe 57 PID 372 wrote to memory of 2112 372 Client.exe 57 PID 2112 wrote to memory of 852 2112 cmd.exe 59 PID 2112 wrote to memory of 852 2112 cmd.exe 59 PID 2112 wrote to memory of 852 2112 cmd.exe 59 PID 2112 wrote to memory of 1488 2112 cmd.exe 60 PID 2112 wrote to memory of 1488 2112 cmd.exe 60 PID 2112 wrote to memory of 1488 2112 cmd.exe 60 PID 2112 wrote to memory of 2144 2112 cmd.exe 61 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\fortnitecloud.exe"C:\Users\Admin\AppData\Local\Temp\fortnitecloud.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1972 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "fortnite updater cloud" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f2⤵
- Scheduled Task/Job: Scheduled Task
PID:3036
-
-
C:\Windows\system32\SubDir\Client.exe"C:\Windows\system32\SubDir\Client.exe"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "fortnite updater cloud" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f3⤵
- Scheduled Task/Job: Scheduled Task
PID:1712
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\Nrhqa6lkzcuH.bat" "3⤵
- Suspicious use of WriteProcessMemory
PID:2776 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:2720
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost4⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2976
-
-
C:\Windows\system32\SubDir\Client.exe"C:\Windows\system32\SubDir\Client.exe"4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "fortnite updater cloud" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f5⤵
- Scheduled Task/Job: Scheduled Task
PID:1980
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\eqN1Hq99wvGe.bat" "5⤵
- Suspicious use of WriteProcessMemory
PID:2240 -
C:\Windows\system32\chcp.comchcp 650016⤵PID:316
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost6⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:788
-
-
C:\Windows\system32\SubDir\Client.exe"C:\Windows\system32\SubDir\Client.exe"6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "fortnite updater cloud" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f7⤵
- Scheduled Task/Job: Scheduled Task
PID:2100
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\Z69pAWSasGJq.bat" "7⤵
- Suspicious use of WriteProcessMemory
PID:1088 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:1412
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost8⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1152
-
-
C:\Windows\system32\SubDir\Client.exe"C:\Windows\system32\SubDir\Client.exe"8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:372 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "fortnite updater cloud" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f9⤵
- Scheduled Task/Job: Scheduled Task
PID:2932
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\BlP42kA53u0t.bat" "9⤵
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Windows\system32\chcp.comchcp 6500110⤵PID:852
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost10⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1488
-
-
C:\Windows\system32\SubDir\Client.exe"C:\Windows\system32\SubDir\Client.exe"10⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2144 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "fortnite updater cloud" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f11⤵
- Scheduled Task/Job: Scheduled Task
PID:1536
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\ooIjnMCBx937.bat" "11⤵PID:1380
-
C:\Windows\system32\chcp.comchcp 6500112⤵PID:2080
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost12⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1720
-
-
C:\Windows\system32\SubDir\Client.exe"C:\Windows\system32\SubDir\Client.exe"12⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:560 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "fortnite updater cloud" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f13⤵
- Scheduled Task/Job: Scheduled Task
PID:2092
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\bdblfnPSzFBi.bat" "13⤵PID:2968
-
C:\Windows\system32\chcp.comchcp 6500114⤵PID:2512
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost14⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2064
-
-
C:\Windows\system32\SubDir\Client.exe"C:\Windows\system32\SubDir\Client.exe"14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2004 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "fortnite updater cloud" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f15⤵
- Scheduled Task/Job: Scheduled Task
PID:2328
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\sy4CJpa3hJMf.bat" "15⤵PID:2676
-
C:\Windows\system32\chcp.comchcp 6500116⤵PID:2780
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost16⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2696
-
-
C:\Windows\system32\SubDir\Client.exe"C:\Windows\system32\SubDir\Client.exe"16⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2708 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "fortnite updater cloud" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f17⤵
- Scheduled Task/Job: Scheduled Task
PID:2864
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\1I1I0GkvZvZ8.bat" "17⤵PID:2584
-
C:\Windows\system32\chcp.comchcp 6500118⤵PID:3052
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost18⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2620
-
-
C:\Windows\system32\SubDir\Client.exe"C:\Windows\system32\SubDir\Client.exe"18⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2588 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "fortnite updater cloud" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f19⤵
- Scheduled Task/Job: Scheduled Task
PID:2636
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\8neeIOvmDzql.bat" "19⤵PID:1820
-
C:\Windows\system32\chcp.comchcp 6500120⤵PID:1444
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost20⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1848
-
-
C:\Windows\system32\SubDir\Client.exe"C:\Windows\system32\SubDir\Client.exe"20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1284 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "fortnite updater cloud" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f21⤵
- Scheduled Task/Job: Scheduled Task
PID:1660
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\3FyyCxpia2R9.bat" "21⤵PID:2248
-
C:\Windows\system32\chcp.comchcp 6500122⤵PID:2608
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost22⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2088
-
-
C:\Windows\system32\SubDir\Client.exe"C:\Windows\system32\SubDir\Client.exe"22⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2664 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "fortnite updater cloud" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f23⤵
- Scheduled Task/Job: Scheduled Task
PID:852
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\7v2IN1iZ2COI.bat" "23⤵PID:1096
-
C:\Windows\system32\chcp.comchcp 6500124⤵PID:2900
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost24⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:900
-
-
C:\Windows\system32\SubDir\Client.exe"C:\Windows\system32\SubDir\Client.exe"24⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:612 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "fortnite updater cloud" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f25⤵
- Scheduled Task/Job: Scheduled Task
PID:916
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\PAvVJxTelva9.bat" "25⤵PID:2340
-
C:\Windows\system32\chcp.comchcp 6500126⤵PID:2072
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost26⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2212
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
196B
MD5c35254492e5e630c39e9ce44e391cd23
SHA1c06153cf210d09ca3a55510d57eb890930203f01
SHA2561c2db7741905cf3fafe8911f33c4fdca78c0a30a262cb64b192e2e87a571b4f2
SHA51204fb6f37abb9e11bffd3ea1baffac0f2619fb0d95f9210ca99a4fcec3e810353775d31c014ccd62e1d90811eca838449e54e0c091b22710798eed3fae60a9121
-
Filesize
196B
MD52722f99c0dc787811bc2d307f7084a59
SHA18a8290ae29c88bdc6155165b95524b696866e792
SHA256598d6c73d30042c78e19ebbb4591f52d112f68133a4178990265a3d9b5f42070
SHA512183141df5afa99fe185453b6670330ae1a42bb454a8924e7ca85019f4fabed4e4d6e923f3db0261c5c46819d260c9b5cc1289439a072c8cfe5e9b7f49a0a2766
-
Filesize
196B
MD5c13c5b73d12095b0d0c1bab2cd40e72a
SHA16d292802a23c2a6262cccce70b9cb8b1ec498d7f
SHA25619834ad943d09a4bada3c2b8849e0a90ff63a5d937bb4f0d2bfe0379a1ec5f09
SHA512c1410aad16da27d8051bde86c1b3d0a982e8b45f13ddb80fa4191ab14dfbd24090b3ec37e577850fc58dc59ae0beaf40efa2adab4bd382e5ef13e068d3226bf8
-
Filesize
196B
MD5b89ae06f3f4972fd206bba0f2f2f8942
SHA141e004740c6d73aaa8a8e0e3efb401153a933190
SHA25676570a3a45400ab9efe59aa2fac0eeec03e6d30b7066c75469defd1b674960e3
SHA5121661f9fca0f1451584b126cea0bd3604bbda167de130835380d829d245c6d9d94af49bef6cba92bdeb3be5974447b0690bfe8cbec49b09f8e9cae8dac1d1043b
-
Filesize
196B
MD5326b88c49e09a796ab084be5ace07068
SHA10bb994dcc40a9f774c16226260b44abaf0076a8a
SHA256000ba12466765b61481ec7d3bded431cec21cd23c3d3983950a62578dd3c677c
SHA512bde0f6947b15a408d6446d44c5c39918ceb6134b410e29e7ea8eacfacc90f6603b80bc765150df610923af2d003c82f36ae6c1ba3f348320ea5e82c1b822abc2
-
Filesize
196B
MD50590f6296a717272343966974cf59bd3
SHA1c73e3c17073c1d08468f54627df3afe3c3bda31e
SHA256c099d5ed433fe9a691ca1ac256eb7f2210e0fe94ec2525bdc6b559bc0d881afc
SHA51258683ffed88ef3881846479a2a16fd963e094b0da9a8bf4bfb781eb8b38969c8d81782f1441e568440fc21cabbdc0716c8c69e10e132a00e2a8c33a37017a4c2
-
Filesize
196B
MD5e1754a39bdaa66f91a431a733bf52feb
SHA1fa22ea36959e08bb3149d081f890f477e1fe06b1
SHA25656f75d23724785305f939cf0dc5a53159bb886a4be153256859a23066a9b991d
SHA512b4d88d3f04f6db2e78b8e4fc3c4e9404ed4a47d05bc8e182c807d5cc1cf3ea25d0f40035af4f1219ca9dc6f6c2e777786718ddd96d332f8852bc6367a3e866e0
-
Filesize
196B
MD5a4fbbce01552a9b39f327f303ab51873
SHA1ba75f6da7339d7436cc2acca3f1c42a246dc023b
SHA256fedd8e47099b123bc0a08d110d38240feb714ea3fbc0a72abefe1143e64ae201
SHA512b427a09f9f09230ec76e082829046868086ac59f572f3ff6fe6596e74cb2d2a3759ed28117a22e9dcb0179684664922f9346bce188c4f337497c0277241b7c12
-
Filesize
196B
MD53b50024daf65d801af087476a9a15794
SHA1dbeb60596c6642ddde045cf78cbfa4249207857a
SHA256dfcccf8ce9a3b3588d5149dc3d15f0a500c86f53bdd2cd62c218790194c5215f
SHA51217ae44b7d3d9f947d78b96036c2439bb928fe4bc3614e0fb40393524b4989f58fcad27b6f8a6ab08c8fca7ce2aa9c0822a2b52601bacad36ebe9c1bc9bcb764e
-
Filesize
196B
MD5d39b0487e2dbf469da8609b66312e310
SHA1920cc593cbae5a814a2d5c89531a9a6efbd0b633
SHA25687565732cca084c6ee004e15012c2d5aac879b045fe9854151997cf5c09be021
SHA51296374d8c2ed4ec58adf8bfb19a831fdfe58387fc2357fca0daf9ffcc380055d892d630ffc4762973e9826f51e66a5caf50790866e8a33bab6fdac60356f37163
-
Filesize
196B
MD54cf869aab5d44f5dcaedb3a501a9653e
SHA1d8cc6b117b9443cea9c9961b4a66d4b8fb6b7848
SHA25678010e10129e3abb269759adb9b33ef4c9dfcec1895fc6c633646fa5c4d8789f
SHA51200cbbc4221880457f32a14a3db47476c45be235da80a5d8a92142f6d73a1f22f26f5ef25fabcb849f450f9de9cbca0e6d19ccdd38aa3e78210186c08e704cc85
-
Filesize
196B
MD5a0af04012727da1657f15ed05978a919
SHA146e9e2c77a7f38953c704eda58669afd88a0cada
SHA2561d674226cb72e05cdacfec9234284a83554b65cd664d4b023b4fc25d7c4782eb
SHA51274e5652b1b5b227bbe63fc5dc6d07bfc849f71507ca1d640a33c6b50e6e2e465067c1b7453ec2d62d5895b369baa194916cafb3d0bbd36ca24b8556ce8f2e00b
-
Filesize
3.1MB
MD5a39f29a2f774febb2c532577de2f407c
SHA1bf97e76565ae9a78f33601c154e97ef9e2631430
SHA2567ce9d2b8f4a344b07a8e3b9bf58ede5a2ba7a85bfa94d8b103179183fbb7c24f
SHA512ca28aa66f392356e19d3fb43327ffb9cf1aae0777c8fcdc3530b02f50b50a0347a12db76f90717c51355f8c25de020a989b722c231a14f0995b7e149303a4fa0