bd59d2eccbe8a77c4874c2d5eba664174d45897aeca9764a45ee616887ba3f34

Analysis

max time kernel
150s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 20:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
Size

1.1MB
MD5

29fdc9498b054d0c1148692e78bc72c0
SHA1

8b379f52462e7a318f330193cb903f39507b5cbd
SHA256

bd59d2eccbe8a77c4874c2d5eba664174d45897aeca9764a45ee616887ba3f34
SHA512

95b708ce20eff13e0151daa0f3b36716c4066c96d6e319f51bd2b37e2b552888a93606977bb2dd71da530d65fd0553e3857c5034c3f33b7a2acf0808457d8917
SSDEEP

12288:LwKfOVRo9yRY342X5sUSF14tXvAYE4xyqD:LxWVeyRY34s2hzyHD

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1668	environmentvisual.exe
2024	windowssystem6.1.7600.163857.0907131255.exe
2136	windowsmicrosoft.exe
3028	msdaorawindows.exe

Loads dropped DLL 4 IoCs

pid	Process
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 9 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\SendMailCheckers = "c:\\program files (x86)\\adobe\\reader 9.0\\reader\\plug_ins\\checkersadobe9.0.0.2008061200.exe"	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\OperatingWindows = "c:\\program files (x86)\\common files\\system\\ole db\\ja-jp\\windowsmicrosoft.exe"	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\msdattsqlxmlx = "c:\\program files (x86)\\common files\\system\\ole db\\msdaorawindows.exe"	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\OperatingSystem = "c:\\program files (x86)\\common files\\microsoft shared\\ink\\ja-jp\\windowssystem6.1.7600.163857.0907131255.exe"	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\EnvironmentVisual7.00.1590 = "c:\\program files (x86)\\common files\\microsoft shared\\vba\\vba7\\1033\\environmentvisual.exe"	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\sbdropsidebar = "c:\\program files (x86)\\windows sidebar\\de-de\\sbdropwindows.exe"	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\EngineOffice = "C:\\Users\\Admin\\AppData\\Local\\Temp\\29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe"	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\EngineSource = "C:\\Users\\Admin\\AppData\\Local\\Temp\\29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe"	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BCSSync = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ntdll.dll.dll	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\ntdll.dll.dll	environmentvisual.exe
File created	C:\Windows\SysWOW64\ntdll.dll.dll	windowssystem6.1.7600.163857.0907131255.exe
File created	C:\Windows\SysWOW64\ntdll.dll.dll	windowsmicrosoft.exe
File created	C:\Windows\SysWOW64\ntdll.dll.dll	msdaorawindows.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\RCX431C.tmp	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\CheckersAdobe9.0.0.2008061200.exe	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\WindowsSystem6.1.7600.163857.0907131255.exe	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\EnvironmentVisual.exe	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\msdaoraWindows.exe	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\WindowsSystem6.1.7600.163857.0907131255.exe	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\RCX2D3A.tmp	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\WindowsMicrosoft.exe	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\EnvironmentVisual.exe	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdaoraWindows.exe	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\RCX435C.tmp	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\RCX2CDA.tmp	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\de-DE\sbdropWindows.exe	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\de-DE\RCX2CFB.tmp	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\RCX42FC.tmp	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	windowssystem6.1.7600.163857.0907131255.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	msdaorawindows.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	environmentvisual.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	windowssystem6.1.7600.163857.0907131255.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	windowsmicrosoft.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	windowsmicrosoft.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msdaorawindows.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	environmentvisual.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	windowssystem6.1.7600.163857.0907131255.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	windowsmicrosoft.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msdaorawindows.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	environmentvisual.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
1668	environmentvisual.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2024	windowssystem6.1.7600.163857.0907131255.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2136	windowsmicrosoft.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
3028	msdaorawindows.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1668	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	30
PID 2228 wrote to memory of 1668	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	30
PID 2228 wrote to memory of 1668	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	30
PID 2228 wrote to memory of 1668	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	30
PID 2228 wrote to memory of 1668	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	30
PID 2228 wrote to memory of 1668	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	30
PID 2228 wrote to memory of 1668	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	30
PID 2228 wrote to memory of 2024	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	32
PID 2228 wrote to memory of 2024	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	32
PID 2228 wrote to memory of 2024	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	32
PID 2228 wrote to memory of 2024	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	32
PID 2228 wrote to memory of 2024	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	32
PID 2228 wrote to memory of 2024	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	32
PID 2228 wrote to memory of 2024	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	32
PID 2228 wrote to memory of 2136	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	34
PID 2228 wrote to memory of 2136	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	34
PID 2228 wrote to memory of 2136	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	34
PID 2228 wrote to memory of 2136	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	34
PID 2228 wrote to memory of 2136	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	34
PID 2228 wrote to memory of 2136	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	34
PID 2228 wrote to memory of 2136	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	34
PID 2228 wrote to memory of 3028	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	35
PID 2228 wrote to memory of 3028	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	35
PID 2228 wrote to memory of 3028	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	35
PID 2228 wrote to memory of 3028	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	35
PID 2228 wrote to memory of 3028	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	35
PID 2228 wrote to memory of 3028	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	35
PID 2228 wrote to memory of 3028	2228	29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe	35

C:\Users\Admin\AppData\Local\Temp\29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\29fdc9498b054d0c1148692e78bc72c0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2228
- \??\c:\program files (x86)\common files\microsoft shared\vba\vba7\1033\environmentvisual.exe
  "c:\program files (x86)\common files\microsoft shared\vba\vba7\1033\environmentvisual.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- \??\c:\program files (x86)\common files\microsoft shared\ink\ja-jp\windowssystem6.1.7600.163857.0907131255.exe
  "c:\program files (x86)\common files\microsoft shared\ink\ja-jp\windowssystem6.1.7600.163857.0907131255.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- \??\c:\program files (x86)\common files\system\ole db\ja-jp\windowsmicrosoft.exe
  "c:\program files (x86)\common files\system\ole db\ja-jp\windowsmicrosoft.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- \??\c:\program files (x86)\common files\system\ole db\msdaorawindows.exe
  "c:\program files (x86)\common files\system\ole db\msdaorawindows.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\WindowsSystem6.1.7600.163857.0907131255.exe

Filesize
1.1MB

MD5
29fdc9498b054d0c1148692e78bc72c0

SHA1
8b379f52462e7a318f330193cb903f39507b5cbd

SHA256
bd59d2eccbe8a77c4874c2d5eba664174d45897aeca9764a45ee616887ba3f34

SHA512
95b708ce20eff13e0151daa0f3b36716c4066c96d6e319f51bd2b37e2b552888a93606977bb2dd71da530d65fd0553e3857c5034c3f33b7a2acf0808457d8917

Download Submit
C:\Program Files (x86)\Windows Sidebar\de-DE\sbdropWindows.exe

Filesize
1.1MB

MD5
741a03eb721ceecfe6fce97a53963fa2

SHA1
fb101e892f3ce232ca0b96045e3fce02b9135e6b

SHA256
2709ac7bdf69d57f2f1a7e88cc6a881df27f3625377114719c24004c7b494448

SHA512
bf8a62c652977a763fc108e34a3cd63261cfece46c6c24239b7eb64602ac32c8dd9649849a090e81d9ef96752cf7a765f65e3600d22b25256f5654328ddc7465

Download Submit
\Program Files (x86)\Common Files\System\Ole DB\ja-JP\WindowsMicrosoft.exe

Filesize
1.1MB

MD5
2342e040e3798d03859cd32f46fd77d4

SHA1
4a70c377e7ccff03c4a9ba77826b30497efa1173

SHA256
bd14f5f28d9649ce3a507695e7b474deb10fb2942519438f00b9813a9edee21a

SHA512
916f7f64c3d1825f3d37a5e8fb85b1d1e35ad174a7491e32e91584f70ea6f2803d8ab61c9114ce240c816c8aae81274c15cec99d070c27e95af33198dcc1390a

Download Submit