Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
05/10/2022, 19:46
221005-yhfc9sfdc4 104/10/2022, 14:21
221004-rpddxsbedj 804/10/2022, 14:14
221004-rj33dsbebr 804/10/2022, 09:53
221004-lwl2raagdr 104/10/2022, 07:58
221004-jt1q1sacc7 803/10/2022, 15:56
221003-tdlx2adgdr 8Analysis
-
max time kernel
1801s -
max time network
1761s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-es -
resource tags
-
submitted
04/10/2022, 14:14
General
-
Target
BarTender Enterprise 2021 R5 11.2.166048 Multilingual.zip
-
Size
766.3MB
-
MD5
09ea7e2bef5722cdb9ee37a7dab48ff3
-
SHA1
d4fb2231f80333b1b50e6f790d3b59eb3ff26374
-
SHA256
280a84ca1f8ece3fc5af67010041af8c1a1bfa2e34e80961e60312800d37db2c
-
SHA512
eb9d65e42bccf4b700eb51c3f2890ac80f2e61a04ff661cdc3c173ff85a1f8e7f9e1cf2de89fd3517ca0b106240791f60158a7af12a5395b49e5299b22d3bf38
-
SSDEEP
12582912:whzb6xxr5Ni69eds1tauM0I7j0LFCLw0FEl1oZ+rPAkIYw+oKj7XkFgMKiLVVKYH:whzb639Ni6agtW7ZwU6+8roYwS7dN2jr
Malware Config
Signatures
-
Executes dropped EXE 7 IoCs
-
Registers COM server for autorun 1 TTPs 42 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file 1 TTPs 2 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 9 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\BarTender Enterprise 2021 R5 11.2.166048 Multilingual.zip"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\" -spe -an -ai#7zMap23992:164:7zEvent75291⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe"C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i C:\ProgramData\Seagull\Installer\{99937B8D-3B72-49EF-AB3F-45A5EBEAAB75}\BEAAB75\BarTender.msi TRANSFORMS=:3082 AI_SETUPEXEPATH="C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe" SETUPEXEDIR="C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1664660019 "2⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 8CA6AC2303D1EFAD563EECE36D7A8B13 C2⤵
- Loads dropped DLL
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 00F8517C704F4195DCC0D852F51254A9 C2⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe"C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe" /groupsextract:103;111; /out:"C:\Users\Admin\AppData\Roaming\Seagull\BarTender\prerequisites" /callbackid:16643⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Seagull\BarTender\prerequisites\SQL Server Compact 4.0\SSCERuntime_x64-ENU.msi" /q /norestart3⤵
-
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Seagull\BarTender\prerequisites\SQL Server LocalDB 2014 SP3\SqlLocalDB_x64.msi" /qn /norestart IACCEPTSQLLOCALDBLICENSETERMS=YES3⤵
-
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 952C9D0D1847C7BCB2EE1E08A340925C C2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI8F1F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241078218 2 CustomActions!CustomActions.CustomActions.SilentInstallProperties3⤵
- Loads dropped DLL
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIE266.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241099453 74 CustomActions!CustomActions.CustomActions.ForceUpgradeProperty3⤵
- Loads dropped DLL
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIE882.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241101000 79 CustomActions!CustomActions.CustomActions.SetInstalledVersion3⤵
- Loads dropped DLL
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIFE8C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241106609 84 CustomActions!CustomActions.CustomActions.InstallOptions3⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIB761.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241153906 338 CustomActions!CustomActions.CustomActions.ExtractSQLExpress3⤵
- Loads dropped DLL
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIF739.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241171859 348 CustomActions!CustomActions.CustomActions.WindowsOptionalFeatures3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\dism.exe"C:\Windows\system32\dism.exe" /Online /Get-Features /Format:Table4⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\BF52994D-1AB2-4384-8FFE-077FF1B21897\dismhost.exeC:\Users\Admin\AppData\Local\Temp\BF52994D-1AB2-4384-8FFE-077FF1B21897\dismhost.exe {5D6C79A2-D1DF-4865-A894-5B6737523B14}5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
-
-
-
C:\Windows\system32\dism.exe"C:\Windows\system32\dism.exe" /Online /Enable-Feature /FeatureName:MSMQ-Container /FeatureName:MSMQ-Server /All /NoRestart4⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5387B202-98CF-4958-9B4D-2D9D5BC6CE5E\dismhost.exeC:\Users\Admin\AppData\Local\Temp\5387B202-98CF-4958-9B4D-2D9D5BC6CE5E\dismhost.exe {1A0B55FF-B093-4232-9549-DEEA9D1A15B0}5⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
C:\Windows\Microsoft.Net\Framework64\v4.0.30319\ServiceModelReg.exe"C:\Windows\Microsoft.Net\Framework64\v4.0.30319\ServiceModelReg.exe" -r4⤵
-
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI4D3D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_242240828 1458 CustomActions!CustomActions.CustomActions.InstallSQLExpress3⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SQLEXPR_x64_ENU.exe"C:\Users\Admin\AppData\Local\Temp\SQLEXPR_x64_ENU.exe" /q /ACTION=Install /FEATURES=SQLEngine,FullText /INSTANCENAME=BarTender /SQLSYSADMINACCOUNTS="Builtin\Administrators" "NT AUTHORITY\SYSTEM" /SQLSVCACCOUNT="NT AUTHORITY\SYSTEM" /ADDCURRENTUSERASSQLADMIN /TCPENABLED=1 /IACCEPTSQLSERVERLICENSETERMS /HIDECONSOLE /SkipInstallerRunCheck /UpdateEnabled=0 /SKIPRULES=RebootRequiredCheck SetupCompatibilityCheck NoRebootPackage4⤵
- Executes dropped EXE
- Drops autorun.inf file
- Suspicious use of WriteProcessMemory
-
C:\5EA9411076914705A44E58C3064FE37C\SETUP.EXEC:\5EA9411076914705A44E58C3064FE37C\SETUP.EXE /q /ACTION=Install /FEATURES=SQLEngine,FullText /INSTANCENAME=BarTender /SQLSYSADMINACCOUNTS="Builtin\Administrators" "NT AUTHORITY\SYSTEM" /SQLSVCACCOUNT="NT AUTHORITY\SYSTEM" /ADDCURRENTUSERASSQLADMIN /TCPENABLED=1 /IACCEPTSQLSERVERLICENSETERMS /HIDECONSOLE /SkipInstallerRunCheck /UpdateEnabled=0 /SKIPRULES=RebootRequiredCheck SetupCompatibilityCheck NoRebootPackage5⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\caspol.exe-b6⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe-b6⤵
- Drops file in Windows directory
-
-
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 28CF76F0229EA39355567552C8A8058C2⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 24DDA5D51A8A74EF3FBA32B525CFE0F1 E Global\MSI00002⤵
- Drops file in Windows directory
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 6CCA8A090EC361B7629E1C24FE8639F32⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding F07A9DB1DED9FD369B13AEA46BFD031F E Global\MSI00002⤵
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵
-
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "0" "4808" "1468" "2060" "1904" "0" "0" "1452" "1340" "0" "0" "0" "0"1⤵
- Checks processor information in registry
- Enumerates system info in registry
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120KB
MD5a96297c0b3816788f2a8f930c6e9dcf4
SHA1307b132d720b1b03ecfb96afa1808fd367ed702b
SHA256fd9fd341073d906645eed1eff1eb53144af5109c73b26a8f9e56de7be82c81ed
SHA5127897427df575d4c22d2980aea40d37b891ed416b101b697b4b161b3ddb5005671c74e34722052d3cc7f9b3f742100db8065eb0a8259ab2ec6fb69282b852c84a
-
Filesize
120KB
MD5a96297c0b3816788f2a8f930c6e9dcf4
SHA1307b132d720b1b03ecfb96afa1808fd367ed702b
SHA256fd9fd341073d906645eed1eff1eb53144af5109c73b26a8f9e56de7be82c81ed
SHA5127897427df575d4c22d2980aea40d37b891ed416b101b697b4b161b3ddb5005671c74e34722052d3cc7f9b3f742100db8065eb0a8259ab2ec6fb69282b852c84a
-
Filesize
194.7MB
MD5cb89850ee9cf83015f30d1df61e97b2a
SHA17ebd4b6e0636cc209ed8bc4ac1c1195459dfbab4
SHA256b8ac3b3c1a2c80ee17c6f8678d6777547477bb726ef7914fac14e2d7f331ba19
SHA512144272199c96c4eab27a3ad18e1995806d6c439dc00222a7b92979bd5343b422663e6421f68720ffae68a91a8bf1a6f207f6f62126678ee6c83c259fdfc77e24
-
Filesize
182KB
MD5fc136d5c16573d1d1a64b0a62b586235
SHA18363d0d80fb25e4ace7b77efcfe119b7675913a1
SHA2565a12236a02ba2984b62d7acfe5afb048e461fc4c76989d055ffe8965f212ebbf
SHA5120ad82e28de1a65251eb536aef9739a76baaaa28a41dae78faacb82a9d1acd83d71816051dec16b7664e16a741706803d1fc0ad914bcdca4d28cb2ac2a05ff427
-
Filesize
182KB
MD5fc136d5c16573d1d1a64b0a62b586235
SHA18363d0d80fb25e4ace7b77efcfe119b7675913a1
SHA2565a12236a02ba2984b62d7acfe5afb048e461fc4c76989d055ffe8965f212ebbf
SHA5120ad82e28de1a65251eb536aef9739a76baaaa28a41dae78faacb82a9d1acd83d71816051dec16b7664e16a741706803d1fc0ad914bcdca4d28cb2ac2a05ff427
-
Filesize
651B
MD500bfeb783aeff425ce898d55718d506d
SHA1aac7a973dc1f9ca7abc529c7ea37ad7eaf491b8f
SHA256d06099ef43eb002055378b1b6d9853f9b1f891ada476932ba575d1f97065a580
SHA5122209d5f4999cb36ebf26c6b8cb3195cc9fc0f0a103f4a28dd77b04605d7c6e79d47d806454c63b8d42bbe32864be7cdb56df3cccf71a6c27fe0b331d8304e1ff
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
834KB
MD5b0b2090c4200fb19e335598969a40f26
SHA1e31d5533f85ef03dd8eb21723df14ff71586bb60
SHA256e16ce1f8a1b24d03353502af35fa159ab9962b4ecce8f3bb9dd4b075552505cd
SHA512177dad69d6773dab432a39a91f113949573caa3f3513e1e79361e9d74efe813746bd25a9101ec6436be7476cd77b663102d7ee138a01afbc902738e3ad75fce2
-
Filesize
834KB
MD5b0b2090c4200fb19e335598969a40f26
SHA1e31d5533f85ef03dd8eb21723df14ff71586bb60
SHA256e16ce1f8a1b24d03353502af35fa159ab9962b4ecce8f3bb9dd4b075552505cd
SHA512177dad69d6773dab432a39a91f113949573caa3f3513e1e79361e9d74efe813746bd25a9101ec6436be7476cd77b663102d7ee138a01afbc902738e3ad75fce2
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
372KB
MD53061145ea0c0c8378e3d7e678b54eb51
SHA1432c8f861f196739291b642bb3249b5f08bd5db4
SHA2567da0ced479531d54f6f4d4cb558b154e4585c1ac241815815dc6375887a9195d
SHA512621527bdda9a9c3713c7a5428c1607379493ac22006bfdfe10ba42b177b8864b0435698f6133939672aa2858c6b3a0766445c7a16d5d1acd0aaa6b63f4be94ae
-
Filesize
372KB
MD53061145ea0c0c8378e3d7e678b54eb51
SHA1432c8f861f196739291b642bb3249b5f08bd5db4
SHA2567da0ced479531d54f6f4d4cb558b154e4585c1ac241815815dc6375887a9195d
SHA512621527bdda9a9c3713c7a5428c1607379493ac22006bfdfe10ba42b177b8864b0435698f6133939672aa2858c6b3a0766445c7a16d5d1acd0aaa6b63f4be94ae
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
525KB
MD51c62521f4ade74fe465aaf61049c3634
SHA1758bd079f98c5f1153213a4c78ee25f89eb64fa6
SHA256ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e
SHA5124b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd
-
Filesize
525KB
MD51c62521f4ade74fe465aaf61049c3634
SHA1758bd079f98c5f1153213a4c78ee25f89eb64fa6
SHA256ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e
SHA5124b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd
-
Filesize
525KB
MD51c62521f4ade74fe465aaf61049c3634
SHA1758bd079f98c5f1153213a4c78ee25f89eb64fa6
SHA256ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e
SHA5124b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd
-
Filesize
525KB
MD51c62521f4ade74fe465aaf61049c3634
SHA1758bd079f98c5f1153213a4c78ee25f89eb64fa6
SHA256ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e
SHA5124b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
834KB
MD5b0b2090c4200fb19e335598969a40f26
SHA1e31d5533f85ef03dd8eb21723df14ff71586bb60
SHA256e16ce1f8a1b24d03353502af35fa159ab9962b4ecce8f3bb9dd4b075552505cd
SHA512177dad69d6773dab432a39a91f113949573caa3f3513e1e79361e9d74efe813746bd25a9101ec6436be7476cd77b663102d7ee138a01afbc902738e3ad75fce2
-
Filesize
834KB
MD5b0b2090c4200fb19e335598969a40f26
SHA1e31d5533f85ef03dd8eb21723df14ff71586bb60
SHA256e16ce1f8a1b24d03353502af35fa159ab9962b4ecce8f3bb9dd4b075552505cd
SHA512177dad69d6773dab432a39a91f113949573caa3f3513e1e79361e9d74efe813746bd25a9101ec6436be7476cd77b663102d7ee138a01afbc902738e3ad75fce2
-
Filesize
525KB
MD51c62521f4ade74fe465aaf61049c3634
SHA1758bd079f98c5f1153213a4c78ee25f89eb64fa6
SHA256ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e
SHA5124b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd
-
Filesize
525KB
MD51c62521f4ade74fe465aaf61049c3634
SHA1758bd079f98c5f1153213a4c78ee25f89eb64fa6
SHA256ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e
SHA5124b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
372KB
MD53061145ea0c0c8378e3d7e678b54eb51
SHA1432c8f861f196739291b642bb3249b5f08bd5db4
SHA2567da0ced479531d54f6f4d4cb558b154e4585c1ac241815815dc6375887a9195d
SHA512621527bdda9a9c3713c7a5428c1607379493ac22006bfdfe10ba42b177b8864b0435698f6133939672aa2858c6b3a0766445c7a16d5d1acd0aaa6b63f4be94ae
-
Filesize
372KB
MD53061145ea0c0c8378e3d7e678b54eb51
SHA1432c8f861f196739291b642bb3249b5f08bd5db4
SHA2567da0ced479531d54f6f4d4cb558b154e4585c1ac241815815dc6375887a9195d
SHA512621527bdda9a9c3713c7a5428c1607379493ac22006bfdfe10ba42b177b8864b0435698f6133939672aa2858c6b3a0766445c7a16d5d1acd0aaa6b63f4be94ae
-
Filesize
40KB
MD57ce120ec6246d303dee35292b74b90f2
SHA1cc4a8a188d99c1fa57e7af8709d38031e9630f2c
SHA256db9273aa7f07d249947b1d64b80c7fe57385fb357783c6c48c01dac1b94e1215
SHA5125d6b80a7585bfc7942a019125e872eef4a88bb8ec8141456fee116e05b26711ada5d24f129480a14c6e63ad90b5afcb2b6ba39571ac17b9d5b4213a2f1dd8a80
-
Filesize
40KB
MD57ce120ec6246d303dee35292b74b90f2
SHA1cc4a8a188d99c1fa57e7af8709d38031e9630f2c
SHA256db9273aa7f07d249947b1d64b80c7fe57385fb357783c6c48c01dac1b94e1215
SHA5125d6b80a7585bfc7942a019125e872eef4a88bb8ec8141456fee116e05b26711ada5d24f129480a14c6e63ad90b5afcb2b6ba39571ac17b9d5b4213a2f1dd8a80
-
Filesize
40KB
MD57ce120ec6246d303dee35292b74b90f2
SHA1cc4a8a188d99c1fa57e7af8709d38031e9630f2c
SHA256db9273aa7f07d249947b1d64b80c7fe57385fb357783c6c48c01dac1b94e1215
SHA5125d6b80a7585bfc7942a019125e872eef4a88bb8ec8141456fee116e05b26711ada5d24f129480a14c6e63ad90b5afcb2b6ba39571ac17b9d5b4213a2f1dd8a80
-
Filesize
182KB
MD5fc136d5c16573d1d1a64b0a62b586235
SHA18363d0d80fb25e4ace7b77efcfe119b7675913a1
SHA2565a12236a02ba2984b62d7acfe5afb048e461fc4c76989d055ffe8965f212ebbf
SHA5120ad82e28de1a65251eb536aef9739a76baaaa28a41dae78faacb82a9d1acd83d71816051dec16b7664e16a741706803d1fc0ad914bcdca4d28cb2ac2a05ff427
-
Filesize
763.6MB
MD5143d94d5593d64dfd6f5ba8d15137413
SHA143af1f03e1dae86f0208369385fb0af8a487ffb9
SHA2560c575035b464a7d2f62e71a164e82ad3cd4ef694aeb27fbeef1c27f86aa648ce
SHA5121a9894c3ace38aff436211f80836b1153c9a04f095115f114bccd6db2c55b04dd207ca89f2c835005a2be6861bd68291113ecc66de75e9d1da995d46c2f7f455
-
Filesize
763.6MB
MD5143d94d5593d64dfd6f5ba8d15137413
SHA143af1f03e1dae86f0208369385fb0af8a487ffb9
SHA2560c575035b464a7d2f62e71a164e82ad3cd4ef694aeb27fbeef1c27f86aa648ce
SHA5121a9894c3ace38aff436211f80836b1153c9a04f095115f114bccd6db2c55b04dd207ca89f2c835005a2be6861bd68291113ecc66de75e9d1da995d46c2f7f455
-
Filesize
763.6MB
MD5143d94d5593d64dfd6f5ba8d15137413
SHA143af1f03e1dae86f0208369385fb0af8a487ffb9
SHA2560c575035b464a7d2f62e71a164e82ad3cd4ef694aeb27fbeef1c27f86aa648ce
SHA5121a9894c3ace38aff436211f80836b1153c9a04f095115f114bccd6db2c55b04dd207ca89f2c835005a2be6861bd68291113ecc66de75e9d1da995d46c2f7f455
-
Filesize
1.0MB
-
Filesize
10.8MB
-
Filesize
184KB
-
Filesize
72KB
-
Filesize
376KB
-
Filesize
380KB
-
Filesize
256KB
-
Filesize
472KB
-
Filesize
56KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
10.2MB