Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

BarTender ...al.zip

windows7-x64

8

BarTender ...al.zip

windows10-2004-x64

8

Resubmissions

05/10/2022, 19:46

221005-yhfc9sfdc4 1

04/10/2022, 14:21

221004-rpddxsbedj 8

04/10/2022, 14:14

221004-rj33dsbebr 8

04/10/2022, 09:53

221004-lwl2raagdr 1

04/10/2022, 07:58

221004-jt1q1sacc7 8

03/10/2022, 15:56

221003-tdlx2adgdr 8

Analysis

  • max time kernel
    1669s
  • max time network
    1737s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2022, 07:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BarTender Enterprise 2021 R5 11.2.166048 Multilingual.zip

  • Size

    766.3MB

  • MD5

    09ea7e2bef5722cdb9ee37a7dab48ff3

  • SHA1

    d4fb2231f80333b1b50e6f790d3b59eb3ff26374

  • SHA256

    280a84ca1f8ece3fc5af67010041af8c1a1bfa2e34e80961e60312800d37db2c

  • SHA512

    eb9d65e42bccf4b700eb51c3f2890ac80f2e61a04ff661cdc3c173ff85a1f8e7f9e1cf2de89fd3517ca0b106240791f60158a7af12a5395b49e5299b22d3bf38

  • SSDEEP

    12582912:whzb6xxr5Ni69eds1tauM0I7j0LFCLw0FEl1oZ+rPAkIYw+oKj7XkFgMKiLVVKYH:whzb639Ni6agtW7ZwU6+8roYwS7dN2jr

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 31 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\BarTender Enterprise 2021 R5 11.2.166048 Multilingual.zip"
    1⤵
      PID:1132
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3328
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\" -spe -an -ai#7zMap32700:164:7zEvent13440
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:4968
      • C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe
        "C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe"
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:4964
        • C:\Windows\SysWOW64\msiexec.exe
          "C:\Windows\system32\msiexec.exe" /i C:\ProgramData\Seagull\Installer\{99937B8D-3B72-49EF-AB3F-45A5EBEAAB75}\BEAAB75\BarTender.msi AI_SETUPEXEPATH="C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe" SETUPEXEDIR="C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1664637472 "
          2⤵
          • Enumerates connected drives
          • Suspicious use of FindShellTrayWindow
          PID:2040
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4500
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding 94E4B9373803DD1996AC57E3D249EBC0 C
          2⤵
          • Loads dropped DLL
          PID:3252
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding C6B678F935166FE8CCD49351DC89DF87 C
          2⤵
          • Loads dropped DLL
          PID:1992
        • C:\Windows\System32\MsiExec.exe
          C:\Windows\System32\MsiExec.exe -Embedding CF08B3848770FD3391446BC043DC9EA3 C
          2⤵
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2724
          • C:\Windows\system32\rundll32.exe
            rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI2260.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241641843 2 CustomActions!CustomActions.CustomActions.SilentInstallProperties
            3⤵
            • Loads dropped DLL
            PID:4216
          • C:\Windows\system32\rundll32.exe
            rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI7F3B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241664718 74 CustomActions!CustomActions.CustomActions.ForceUpgradeProperty
            3⤵
            • Loads dropped DLL
            PID:4300
          • C:\Windows\system32\rundll32.exe
            rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI965F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241669734 79 CustomActions!CustomActions.CustomActions.SetInstalledVersion
            3⤵
            • Loads dropped DLL
            PID:3124
          • C:\Windows\system32\rundll32.exe
            rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIBEB8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241681109 84 CustomActions!CustomActions.CustomActions.InstallOptions
            3⤵
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            PID:3220

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Seagull\Installer\{99937B8D-3B72-49EF-AB3F-45A5EBEAAB75}\BEAAB75\BarTender.msi
        Filesize

        194.7MB

        MD5

        cb89850ee9cf83015f30d1df61e97b2a

        SHA1

        7ebd4b6e0636cc209ed8bc4ac1c1195459dfbab4

        SHA256

        b8ac3b3c1a2c80ee17c6f8678d6777547477bb726ef7914fac14e2d7f331ba19

        SHA512

        144272199c96c4eab27a3ad18e1995806d6c439dc00222a7b92979bd5343b422663e6421f68720ffae68a91a8bf1a6f207f6f62126678ee6c83c259fdfc77e24

        Download Submit

      • C:\ProgramData\Seagull\Installer\{99937B8D-3B72-49EF-AB3F-45A5EBEAAB75}\decoder.dll
        Filesize

        182KB

        MD5

        fc136d5c16573d1d1a64b0a62b586235

        SHA1

        8363d0d80fb25e4ace7b77efcfe119b7675913a1

        SHA256

        5a12236a02ba2984b62d7acfe5afb048e461fc4c76989d055ffe8965f212ebbf

        SHA512

        0ad82e28de1a65251eb536aef9739a76baaaa28a41dae78faacb82a9d1acd83d71816051dec16b7664e16a741706803d1fc0ad914bcdca4d28cb2ac2a05ff427

        Download Submit

      • C:\ProgramData\Seagull\Installer\{99937B8D-3B72-49EF-AB3F-45A5EBEAAB75}\decoder.dll
        Filesize

        182KB

        MD5

        fc136d5c16573d1d1a64b0a62b586235

        SHA1

        8363d0d80fb25e4ace7b77efcfe119b7675913a1

        SHA256

        5a12236a02ba2984b62d7acfe5afb048e461fc4c76989d055ffe8965f212ebbf

        SHA512

        0ad82e28de1a65251eb536aef9739a76baaaa28a41dae78faacb82a9d1acd83d71816051dec16b7664e16a741706803d1fc0ad914bcdca4d28cb2ac2a05ff427

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rundll32.exe.log
        Filesize

        651B

        MD5

        00bfeb783aeff425ce898d55718d506d

        SHA1

        aac7a973dc1f9ca7abc529c7ea37ad7eaf491b8f

        SHA256

        d06099ef43eb002055378b1b6d9853f9b1f891ada476932ba575d1f97065a580

        SHA512

        2209d5f4999cb36ebf26c6b8cb3195cc9fc0f0a103f4a28dd77b04605d7c6e79d47d806454c63b8d42bbe32864be7cdb56df3cccf71a6c27fe0b331d8304e1ff

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI1C06.tmp
        Filesize

        376KB

        MD5

        c39daeba173815516c180ca4361f7895

        SHA1

        db3ae54329834baa954569a35be5b947c86dc25e

        SHA256

        a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc

        SHA512

        e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI1C06.tmp
        Filesize

        376KB

        MD5

        c39daeba173815516c180ca4361f7895

        SHA1

        db3ae54329834baa954569a35be5b947c86dc25e

        SHA256

        a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc

        SHA512

        e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI2260.tmp
        Filesize

        780KB

        MD5

        5ef8fd841c7b39882d909df4b6806db9

        SHA1

        80cdb05c335fa083262dcccf1ee9930dbf60b139

        SHA256

        7f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4

        SHA512

        591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI2260.tmp
        Filesize

        780KB

        MD5

        5ef8fd841c7b39882d909df4b6806db9

        SHA1

        80cdb05c335fa083262dcccf1ee9930dbf60b139

        SHA256

        7f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4

        SHA512

        591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI2260.tmp
        Filesize

        780KB

        MD5

        5ef8fd841c7b39882d909df4b6806db9

        SHA1

        80cdb05c335fa083262dcccf1ee9930dbf60b139

        SHA256

        7f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4

        SHA512

        591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI2260.tmp-\CustomActions.dll
        Filesize

        54KB

        MD5

        9793eda103b3ce9cbff0f08e7353e104

        SHA1

        c9808ac631aafb99c1350709c904672ea4dc90f9

        SHA256

        ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa

        SHA512

        a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI2260.tmp-\CustomActions.dll
        Filesize

        54KB

        MD5

        9793eda103b3ce9cbff0f08e7353e104

        SHA1

        c9808ac631aafb99c1350709c904672ea4dc90f9

        SHA256

        ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa

        SHA512

        a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI2260.tmp-\Seagull.InstallWizard.dll
        Filesize

        372KB

        MD5

        3061145ea0c0c8378e3d7e678b54eb51

        SHA1

        432c8f861f196739291b642bb3249b5f08bd5db4

        SHA256

        7da0ced479531d54f6f4d4cb558b154e4585c1ac241815815dc6375887a9195d

        SHA512

        621527bdda9a9c3713c7a5428c1607379493ac22006bfdfe10ba42b177b8864b0435698f6133939672aa2858c6b3a0766445c7a16d5d1acd0aaa6b63f4be94ae

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI2260.tmp-\Seagull.InstallWizard.dll
        Filesize

        372KB

        MD5

        3061145ea0c0c8378e3d7e678b54eb51

        SHA1

        432c8f861f196739291b642bb3249b5f08bd5db4

        SHA256

        7da0ced479531d54f6f4d4cb558b154e4585c1ac241815815dc6375887a9195d

        SHA512

        621527bdda9a9c3713c7a5428c1607379493ac22006bfdfe10ba42b177b8864b0435698f6133939672aa2858c6b3a0766445c7a16d5d1acd0aaa6b63f4be94ae

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI5A88.tmp
        Filesize

        376KB

        MD5

        c39daeba173815516c180ca4361f7895

        SHA1

        db3ae54329834baa954569a35be5b947c86dc25e

        SHA256

        a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc

        SHA512

        e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI5A88.tmp
        Filesize

        376KB

        MD5

        c39daeba173815516c180ca4361f7895

        SHA1

        db3ae54329834baa954569a35be5b947c86dc25e

        SHA256

        a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc

        SHA512

        e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI5D19.tmp
        Filesize

        376KB

        MD5

        c39daeba173815516c180ca4361f7895

        SHA1

        db3ae54329834baa954569a35be5b947c86dc25e

        SHA256

        a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc

        SHA512

        e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI5D19.tmp
        Filesize

        376KB

        MD5

        c39daeba173815516c180ca4361f7895

        SHA1

        db3ae54329834baa954569a35be5b947c86dc25e

        SHA256

        a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc

        SHA512

        e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI5DC6.tmp
        Filesize

        376KB

        MD5

        c39daeba173815516c180ca4361f7895

        SHA1

        db3ae54329834baa954569a35be5b947c86dc25e

        SHA256

        a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc

        SHA512

        e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI5DC6.tmp
        Filesize

        376KB

        MD5

        c39daeba173815516c180ca4361f7895

        SHA1

        db3ae54329834baa954569a35be5b947c86dc25e

        SHA256

        a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc

        SHA512

        e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI65F5.tmp
        Filesize

        834KB

        MD5

        b0b2090c4200fb19e335598969a40f26

        SHA1

        e31d5533f85ef03dd8eb21723df14ff71586bb60

        SHA256

        e16ce1f8a1b24d03353502af35fa159ab9962b4ecce8f3bb9dd4b075552505cd

        SHA512

        177dad69d6773dab432a39a91f113949573caa3f3513e1e79361e9d74efe813746bd25a9101ec6436be7476cd77b663102d7ee138a01afbc902738e3ad75fce2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI65F5.tmp
        Filesize

        834KB

        MD5

        b0b2090c4200fb19e335598969a40f26

        SHA1

        e31d5533f85ef03dd8eb21723df14ff71586bb60

        SHA256

        e16ce1f8a1b24d03353502af35fa159ab9962b4ecce8f3bb9dd4b075552505cd

        SHA512

        177dad69d6773dab432a39a91f113949573caa3f3513e1e79361e9d74efe813746bd25a9101ec6436be7476cd77b663102d7ee138a01afbc902738e3ad75fce2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI6F9A.tmp
        Filesize

        525KB

        MD5

        1c62521f4ade74fe465aaf61049c3634

        SHA1

        758bd079f98c5f1153213a4c78ee25f89eb64fa6

        SHA256

        ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e

        SHA512

        4b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI6F9A.tmp
        Filesize

        525KB

        MD5

        1c62521f4ade74fe465aaf61049c3634

        SHA1

        758bd079f98c5f1153213a4c78ee25f89eb64fa6

        SHA256

        ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e

        SHA512

        4b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI7F3B.tmp
        Filesize

        780KB

        MD5

        5ef8fd841c7b39882d909df4b6806db9

        SHA1

        80cdb05c335fa083262dcccf1ee9930dbf60b139

        SHA256

        7f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4

        SHA512

        591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI7F3B.tmp
        Filesize

        780KB

        MD5

        5ef8fd841c7b39882d909df4b6806db9

        SHA1

        80cdb05c335fa083262dcccf1ee9930dbf60b139

        SHA256

        7f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4

        SHA512

        591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI7F3B.tmp
        Filesize

        780KB

        MD5

        5ef8fd841c7b39882d909df4b6806db9

        SHA1

        80cdb05c335fa083262dcccf1ee9930dbf60b139

        SHA256

        7f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4

        SHA512

        591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI7F3B.tmp-\CustomActions.dll
        Filesize

        54KB

        MD5

        9793eda103b3ce9cbff0f08e7353e104

        SHA1

        c9808ac631aafb99c1350709c904672ea4dc90f9

        SHA256

        ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa

        SHA512

        a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI7F3B.tmp-\CustomActions.dll
        Filesize

        54KB

        MD5

        9793eda103b3ce9cbff0f08e7353e104

        SHA1

        c9808ac631aafb99c1350709c904672ea4dc90f9

        SHA256

        ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa

        SHA512

        a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI95A3.tmp
        Filesize

        376KB

        MD5

        c39daeba173815516c180ca4361f7895

        SHA1

        db3ae54329834baa954569a35be5b947c86dc25e

        SHA256

        a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc

        SHA512

        e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI95A3.tmp
        Filesize

        376KB

        MD5

        c39daeba173815516c180ca4361f7895

        SHA1

        db3ae54329834baa954569a35be5b947c86dc25e

        SHA256

        a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc

        SHA512

        e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI965F.tmp
        Filesize

        780KB

        MD5

        5ef8fd841c7b39882d909df4b6806db9

        SHA1

        80cdb05c335fa083262dcccf1ee9930dbf60b139

        SHA256

        7f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4

        SHA512

        591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI965F.tmp
        Filesize

        780KB

        MD5

        5ef8fd841c7b39882d909df4b6806db9

        SHA1

        80cdb05c335fa083262dcccf1ee9930dbf60b139

        SHA256

        7f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4

        SHA512

        591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI965F.tmp
        Filesize

        780KB

        MD5

        5ef8fd841c7b39882d909df4b6806db9

        SHA1

        80cdb05c335fa083262dcccf1ee9930dbf60b139

        SHA256

        7f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4

        SHA512

        591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI965F.tmp-\CustomActions.dll
        Filesize

        54KB

        MD5

        9793eda103b3ce9cbff0f08e7353e104

        SHA1

        c9808ac631aafb99c1350709c904672ea4dc90f9

        SHA256

        ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa

        SHA512

        a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI965F.tmp-\CustomActions.dll
        Filesize

        54KB

        MD5

        9793eda103b3ce9cbff0f08e7353e104

        SHA1

        c9808ac631aafb99c1350709c904672ea4dc90f9

        SHA256

        ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa

        SHA512

        a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSIBAAE.tmp
        Filesize

        376KB

        MD5

        c39daeba173815516c180ca4361f7895

        SHA1

        db3ae54329834baa954569a35be5b947c86dc25e

        SHA256

        a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc

        SHA512

        e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSIBAAE.tmp
        Filesize

        376KB

        MD5

        c39daeba173815516c180ca4361f7895

        SHA1

        db3ae54329834baa954569a35be5b947c86dc25e

        SHA256

        a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc

        SHA512

        e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSIBDAD.tmp
        Filesize

        834KB

        MD5

        b0b2090c4200fb19e335598969a40f26

        SHA1

        e31d5533f85ef03dd8eb21723df14ff71586bb60

        SHA256

        e16ce1f8a1b24d03353502af35fa159ab9962b4ecce8f3bb9dd4b075552505cd

        SHA512

        177dad69d6773dab432a39a91f113949573caa3f3513e1e79361e9d74efe813746bd25a9101ec6436be7476cd77b663102d7ee138a01afbc902738e3ad75fce2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSIBDAD.tmp
        Filesize

        834KB

        MD5

        b0b2090c4200fb19e335598969a40f26

        SHA1

        e31d5533f85ef03dd8eb21723df14ff71586bb60

        SHA256

        e16ce1f8a1b24d03353502af35fa159ab9962b4ecce8f3bb9dd4b075552505cd

        SHA512

        177dad69d6773dab432a39a91f113949573caa3f3513e1e79361e9d74efe813746bd25a9101ec6436be7476cd77b663102d7ee138a01afbc902738e3ad75fce2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSIBEB8.tmp
        Filesize

        780KB

        MD5

        5ef8fd841c7b39882d909df4b6806db9

        SHA1

        80cdb05c335fa083262dcccf1ee9930dbf60b139

        SHA256

        7f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4

        SHA512

        591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSIBEB8.tmp
        Filesize

        780KB

        MD5

        5ef8fd841c7b39882d909df4b6806db9

        SHA1

        80cdb05c335fa083262dcccf1ee9930dbf60b139

        SHA256

        7f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4

        SHA512

        591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSIBEB8.tmp
        Filesize

        780KB

        MD5

        5ef8fd841c7b39882d909df4b6806db9

        SHA1

        80cdb05c335fa083262dcccf1ee9930dbf60b139

        SHA256

        7f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4

        SHA512

        591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSIBEB8.tmp-\CustomActions.dll
        Filesize

        54KB

        MD5

        9793eda103b3ce9cbff0f08e7353e104

        SHA1

        c9808ac631aafb99c1350709c904672ea4dc90f9

        SHA256

        ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa

        SHA512

        a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSIBEB8.tmp-\CustomActions.dll
        Filesize

        54KB

        MD5

        9793eda103b3ce9cbff0f08e7353e104

        SHA1

        c9808ac631aafb99c1350709c904672ea4dc90f9

        SHA256

        ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa

        SHA512

        a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSIBEB8.tmp-\Seagull.InstallWizard.dll
        Filesize

        372KB

        MD5

        3061145ea0c0c8378e3d7e678b54eb51

        SHA1

        432c8f861f196739291b642bb3249b5f08bd5db4

        SHA256

        7da0ced479531d54f6f4d4cb558b154e4585c1ac241815815dc6375887a9195d

        SHA512

        621527bdda9a9c3713c7a5428c1607379493ac22006bfdfe10ba42b177b8864b0435698f6133939672aa2858c6b3a0766445c7a16d5d1acd0aaa6b63f4be94ae

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSIBEB8.tmp-\Seagull.InstallWizard.dll
        Filesize

        372KB

        MD5

        3061145ea0c0c8378e3d7e678b54eb51

        SHA1

        432c8f861f196739291b642bb3249b5f08bd5db4

        SHA256

        7da0ced479531d54f6f4d4cb558b154e4585c1ac241815815dc6375887a9195d

        SHA512

        621527bdda9a9c3713c7a5428c1607379493ac22006bfdfe10ba42b177b8864b0435698f6133939672aa2858c6b3a0766445c7a16d5d1acd0aaa6b63f4be94ae

        Download Submit

      • C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe
        Filesize

        763.6MB

        MD5

        143d94d5593d64dfd6f5ba8d15137413

        SHA1

        43af1f03e1dae86f0208369385fb0af8a487ffb9

        SHA256

        0c575035b464a7d2f62e71a164e82ad3cd4ef694aeb27fbeef1c27f86aa648ce

        SHA512

        1a9894c3ace38aff436211f80836b1153c9a04f095115f114bccd6db2c55b04dd207ca89f2c835005a2be6861bd68291113ecc66de75e9d1da995d46c2f7f455

        Download Submit

      • C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe
        Filesize

        763.6MB

        MD5

        143d94d5593d64dfd6f5ba8d15137413

        SHA1

        43af1f03e1dae86f0208369385fb0af8a487ffb9

        SHA256

        0c575035b464a7d2f62e71a164e82ad3cd4ef694aeb27fbeef1c27f86aa648ce

        SHA512

        1a9894c3ace38aff436211f80836b1153c9a04f095115f114bccd6db2c55b04dd207ca89f2c835005a2be6861bd68291113ecc66de75e9d1da995d46c2f7f455

        Download Submit

      • memory/3124-197-0x00007FFFDEBB0000-0x00007FFFDF671000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/3124-186-0x00007FFFDEBB0000-0x00007FFFDF671000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/3220-198-0x00007FFFDEBB0000-0x00007FFFDF671000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/3220-196-0x00007FFFDEBB0000-0x00007FFFDF671000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4216-158-0x00000166C4350000-0x00000166C43AE000-memory.dmp

        Filesize

        376KB

        Download

      • memory/4216-159-0x00007FFFDEBB0000-0x00007FFFDF671000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4216-155-0x00000166C2960000-0x00000166C2972000-memory.dmp

        Filesize

        72KB

        Download

      • memory/4216-152-0x00007FFFDEBB0000-0x00007FFFDF671000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4216-151-0x00000166C4290000-0x00000166C42BE000-memory.dmp

        Filesize

        184KB

        Download

      • memory/4300-177-0x00007FFFDEBB0000-0x00007FFFDF671000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4300-193-0x00007FFFDEBB0000-0x00007FFFDF671000-memory.dmp

        Filesize

        10.8MB

        Download