58ac6c40593f0e7104ce838ef9163d743a5339166986ee4c3839224b25bddd26

Analysis

max time kernel
42s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2023, 22:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

BANDIZIP-SETUP-STD-X64.exe
Size

6.8MB
MD5

7793ef9c18f44a5962cc877e7efa110c
SHA1

e3b05cd6c0477fa98e9d14221123c9e09fa5916f
SHA256

58ac6c40593f0e7104ce838ef9163d743a5339166986ee4c3839224b25bddd26
SHA512

b12a34ebda99691add598d0822b9c0ab3bdbad0b6c03d8af14e8799aadc8285a91654e46a087b10289dc86c8eaed86bd4e2d930d86c9aa0ba85010cb852862c2
SSDEEP

196608:qr31OOcCprk5soeEjBAd7YyLQ0B4boBflQl7QiEQf1R:Q5Ujy7YyssKotlQl7dEQf1R

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 14 IoCs

pid	Process
2924	Bandizip.exe
4936	RegDll.x86.exe
4304	RegDll.x86.exe
4780	RegDll.x86.exe
1396	RegDll.x86.exe
4716	RegDll.x64.exe
4740	RegDll.x64.exe
1700	RegDll.x64.exe
1884	RegDll.x64.exe
4464	Bandizip.exe
1908	Bandizip.exe
3420	updater.exe
4040	Bandizip.exe
1488	RegPackage.x86.exe

Registers COM server for autorun 1 TTPs 9 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\WOW6432Node\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32\ThreadingModel = "Apartment"	RegDll.x86.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32	RegDll.x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32\ = "C:\\Program Files\\Bandizip\\bdzshl.x64.dll"	RegDll.x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32\	RegDll.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32\ = "C:\\Program Files\\Bandizip\\bdzshl.x64.dll"	RegDll.x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32\ThreadingModel = "Apartment"	RegDll.x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\WOW6432Node\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32	RegDll.x86.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\WOW6432Node\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32\ = "C:\\Program Files\\Bandizip\\bdzshl.x86.dll"	RegDll.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32\ThreadingModel = "Apartment"	RegDll.x64.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Bandizip.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	RegDll.x64.exe

Loads dropped DLL 3 IoCs

pid	Process
1396	RegDll.x86.exe
4716	RegDll.x64.exe
4040	Bandizip.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Bandizip\ark.x86.lgpl.dll	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\data\Amsiman.x64.exe	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\data\RegPackage.x86.exe	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\shellicons\cmd.ico	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\icons\default\gz.ico	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Bulgarian.lang	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\langs\Turkish.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\Arkview.x64.exe	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\icons\default\lzh.ico	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\icons\default\xz.ico	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Croatian.lang	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\langs\Swedish.lang	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\shellicons\cmd.ico	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\icons\default\iso.ico	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Ukrainian.lang	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\bdzsfx.x86.sfx	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\langs\Ukrainian.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\icons\default\xz.ico	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\langs\Bulgarian.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Farsi.lang	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\langs\Norwegian.lang	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\langs\PortugueseBR.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Slovak.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Swedish.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Uyghur.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\bdzsfx.x86.sfx	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\langs\Uzbek.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\data\lm.x64.dll	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\data\RegDll.x64.exe	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\icons\default\zipx.ico	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Kazakh.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Polish.lang	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\langs\Slovenian.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Thai.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\Uninstall.exe	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\Updater.exe	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\icons\default\cab.ico	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\icons\default\lha.ico	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\icons\default\tbz2.ico	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\data\bzshell.x64.dll	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\icons\default\001.ico	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Hindi.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Portuguese.lang	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\data\RegDll.x64.exe	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Catalan.lang	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\langs\German.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Korean.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Sinhala.lang	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\ark.x64.dll	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\ark.x64.lgpl.dll	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\ark.x86.dll	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\icons\default\_desc.ini	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\data\resource.data	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\data\skin.recovery.data	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\icons\default\gz.ico	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\icons\default\iso.ico	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\langs\Dutch.lang	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\langs\Romanian.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Uzbek.lang	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\langs\Vietnamese.lang	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\data\skin.data	BANDIZIP-SETUP-STD-X64.exe
File created	C:\Program Files\Bandizip\data\RegDll.x86.exe	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\data\web32.exe	BANDIZIP-SETUP-STD-X64.exe
File opened for modification	C:\Program Files\Bandizip\langs\Czech.lang	BANDIZIP-SETUP-STD-X64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Bandizip.exe = "11000"	RegDll.x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Bandizip.exe = "11000"	RegDll.x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Updater.exe = "11000"	RegDll.x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Updater.exe = "11000"	RegDll.x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\web32.exe = "11000"	RegDll.x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\web32.exe = "11000"	RegDll.x86.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.gz	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.tar\Shell\Open\Command\ = "\"C:\\Program Files\\Bandizip\\Bandizip.exe\" \"%1\""	Bandizip.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Bandizip.tbz2	Bandizip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.gz\DefaultIcon\ = "C:\\Program Files\\Bandizip\\icons\\default\\gz.ico"	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.lz\ = "Compressed File (LZ)"	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.lzh\Shell\Open\FriendlyAppName = "Bandizip"	Bandizip.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.iconpack	Bandizip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.tbz2\DefaultIcon\ = "C:\\Program Files\\Bandizip\\icons\\default\\tbz2.ico"	Bandizip.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Bandizip.ace	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.cab\Shell\Open\FriendlyAppName = "Bandizip"	Bandizip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.arj\ = "Compressed File (ARJ)"	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\.zst	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.bz\ = "Compressed File (BZ)"	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.bz	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.lzma\DefaultIcon	Bandizip.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Bandizip.bh	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\.tbz2	Bandizip.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.zip\Shell\Open\Command	Bandizip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.xz\ = "Compressed File (XZ)"	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.z\ = "Compressed File (Z)"	Bandizip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.iconpack\Shell\Open\FriendlyAppName = "Bandizip"	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.z\Shell	Bandizip.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.iconpack\Shell\Open\Command	Bandizip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.lzma\DefaultIcon\ = "C:\\Program Files\\Bandizip\\icons\\default\\Bandizip.ico"	Bandizip.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zst	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.7z\Shell\Open\FriendlyAppName = "Bandizip"	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.lha\Shell	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.rar\Shell\Open\Command\ = "\"C:\\Program Files\\Bandizip\\Bandizip.exe\" \"%1\""	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.zpaq\ = "Compressed File (ZPAQ)"	Bandizip.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.rar\Shell	Bandizip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.lha\Shell\Open\Command\ = "\"C:\\Program Files\\Bandizip\\Bandizip.exe\" \"%1\""	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.bz\DefaultIcon\ = "C:\\Program Files\\Bandizip\\icons\\default\\Bandizip.ico"	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\.bh	Bandizip.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.egg	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.zip\DefaultIcon\ = "C:\\Program Files\\Bandizip\\icons\\default\\zip.ico"	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\.7z	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.aes\Shell\Open\FriendlyAppName = "Bandizip"	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.pea\DefaultIcon\ = "C:\\Program Files\\Bandizip\\icons\\default\\Bandizip.ico"	Bandizip.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.lzma	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.rar	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.bz\Shell\Open\Command\ = "\"C:\\Program Files\\Bandizip\\Bandizip.exe\" \"%1\""	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.lzh	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.uue\Shell\Open\FriendlyAppName = "Bandizip"	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.ace\DefaultIcon\ = "C:\\Program Files\\Bandizip\\icons\\default\\Bandizip.ico"	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.aes	Bandizip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.aes\DefaultIcon\ = "C:\\Program Files\\Bandizip\\icons\\default\\Bandizip.ico"	Bandizip.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Bandizip.egg	Bandizip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.lzh\ = "Compressed File (LZH)"	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.tgz\Shell\Open\FriendlyAppName = "Bandizip"	Bandizip.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.pma\Shell	Bandizip.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.alz\Shell\Open	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.pea\Shell\Open\Command	Bandizip.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.uu\DefaultIcon	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.zipx\Shell\Open	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\.bz2	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.xz	Bandizip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.zipx\DefaultIcon\ = "C:\\Program Files\\Bandizip\\icons\\default\\zipx.ico"	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.cab\Shell	Bandizip.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.lha\DefaultIcon\ = "C:\\Program Files\\Bandizip\\icons\\default\\lha.ico"	Bandizip.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Bandizip.xz\Shell	Bandizip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Bandizip.exe\Shell\Open\Command\ = "\"C:\\Program Files\\Bandizip\\Bandizip.exe\" \"%1\""	BANDIZIP-SETUP-STD-X64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.txz\Shell	Bandizip.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Bandizip.cab	Bandizip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bandizip.cab\ = "Compressed File (CAB)"	Bandizip.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4228	BANDIZIP-SETUP-STD-X64.exe
4228	BANDIZIP-SETUP-STD-X64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1908	Bandizip.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1700	RegDll.x64.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3420	updater.exe
3420	updater.exe

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 2924	4228	BANDIZIP-SETUP-STD-X64.exe	76
PID 4228 wrote to memory of 2924	4228	BANDIZIP-SETUP-STD-X64.exe	76
PID 4228 wrote to memory of 4936	4228	BANDIZIP-SETUP-STD-X64.exe	78
PID 4228 wrote to memory of 4936	4228	BANDIZIP-SETUP-STD-X64.exe	78
PID 4228 wrote to memory of 4936	4228	BANDIZIP-SETUP-STD-X64.exe	78
PID 4228 wrote to memory of 4304	4228	BANDIZIP-SETUP-STD-X64.exe	79
PID 4228 wrote to memory of 4304	4228	BANDIZIP-SETUP-STD-X64.exe	79
PID 4228 wrote to memory of 4304	4228	BANDIZIP-SETUP-STD-X64.exe	79
PID 4228 wrote to memory of 4780	4228	BANDIZIP-SETUP-STD-X64.exe	80
PID 4228 wrote to memory of 4780	4228	BANDIZIP-SETUP-STD-X64.exe	80
PID 4228 wrote to memory of 4780	4228	BANDIZIP-SETUP-STD-X64.exe	80
PID 4228 wrote to memory of 1396	4228	BANDIZIP-SETUP-STD-X64.exe	82
PID 4228 wrote to memory of 1396	4228	BANDIZIP-SETUP-STD-X64.exe	82
PID 4228 wrote to memory of 1396	4228	BANDIZIP-SETUP-STD-X64.exe	82
PID 4228 wrote to memory of 4716	4228	BANDIZIP-SETUP-STD-X64.exe	83
PID 4228 wrote to memory of 4716	4228	BANDIZIP-SETUP-STD-X64.exe	83
PID 4228 wrote to memory of 4740	4228	BANDIZIP-SETUP-STD-X64.exe	84
PID 4228 wrote to memory of 4740	4228	BANDIZIP-SETUP-STD-X64.exe	84
PID 4228 wrote to memory of 1884	4228	BANDIZIP-SETUP-STD-X64.exe	87
PID 4228 wrote to memory of 1884	4228	BANDIZIP-SETUP-STD-X64.exe	87
PID 4228 wrote to memory of 4464	4228	BANDIZIP-SETUP-STD-X64.exe	88
PID 4228 wrote to memory of 4464	4228	BANDIZIP-SETUP-STD-X64.exe	88
PID 1908 wrote to memory of 3420	1908	Bandizip.exe	93
PID 1908 wrote to memory of 3420	1908	Bandizip.exe	93
PID 1908 wrote to memory of 4040	1908	Bandizip.exe	100
PID 1908 wrote to memory of 4040	1908	Bandizip.exe	100
PID 4040 wrote to memory of 1488	4040	Bandizip.exe	101
PID 4040 wrote to memory of 1488	4040	Bandizip.exe	101
PID 4040 wrote to memory of 1488	4040	Bandizip.exe	101

C:\Users\Admin\AppData\Local\Temp\BANDIZIP-SETUP-STD-X64.exe
"C:\Users\Admin\AppData\Local\Temp\BANDIZIP-SETUP-STD-X64.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Program Files\Bandizip\Bandizip.exe
  "C:\Program Files\Bandizip\Bandizip.exe" /regmandatoryadmin
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:2924
- C:\Program Files\Bandizip\data\RegDll.x86.exe
  "C:\Program Files\Bandizip\data/RegDll.x86.exe" /regieemulation Bandizip.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:4936
- C:\Program Files\Bandizip\data\RegDll.x86.exe
  "C:\Program Files\Bandizip\data/RegDll.x86.exe" /regieemulation Updater.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:4304
- C:\Program Files\Bandizip\data\RegDll.x86.exe
  "C:\Program Files\Bandizip\data/RegDll.x86.exe" /regieemulation web32.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:4780
- C:\Program Files\Bandizip\data\RegDll.x86.exe
  "C:\Program Files\Bandizip\data/RegDll.x86.exe" /calldll "C:\Program Files\Bandizip\bdzshl.x86.dll" RegSvr
  2⤵
  - Executes dropped EXE
  - Registers COM server for autorun
  - Loads dropped DLL
  PID:1396
- C:\Program Files\Bandizip\data\RegDll.x64.exe
  "C:\Program Files\Bandizip\data/RegDll.x64.exe" /calldll "C:\Program Files\Bandizip\bdzshl.x64.dll" RegSvr
  2⤵
  - Executes dropped EXE
  - Registers COM server for autorun
  - Loads dropped DLL
  PID:4716
- C:\Program Files\Bandizip\data\RegDll.x64.exe
  "C:\Program Files\Bandizip\data/RegDll.x64.exe" /addpath "C:\Program Files\Bandizip\"
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Program Files\Bandizip\data\RegDll.x64.exe
  "C:\Program Files\Bandizip\data/RegDll.x64.exe" /removepath "C:\Program Files\Bandizip\7z"
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Program Files\Bandizip\Bandizip.exe
  "C:\Program Files\Bandizip\Bandizip.exe" /setdefaultprogram
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:4464

C:\Program Files\Bandizip\data\RegDll.x64.exe
"C:\Program Files\Bandizip\data\RegDll.x64.exe" /pin "C:\Program Files\Bandizip\Bandizip.exe"
1⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
PID:1700

C:\Program Files\Bandizip\Bandizip.exe
"C:\Program Files\Bandizip\Bandizip.exe" /setupiffirst
1⤵
- Executes dropped EXE
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files\Bandizip\updater.exe
  "C:\Program Files\Bandizip\updater.exe" /nosleep
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3420
- C:\Program Files\Bandizip\Bandizip.exe
  "C:\Program Files\Bandizip\Bandizip.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4040
- - C:\Program Files\Bandizip\data\RegPackage.x86.exe
    "C:\Program Files\Bandizip\data\RegPackage.x86.exe" /check Bandisoft.com.15700C60EE320
    3⤵
    - Executes dropped EXE
    PID:1488

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Bandizip\Bandizip.exe

Filesize
3.2MB

MD5
dbf7d165455fae94f5673bb43e3603be

SHA1
6c369ba2e7bb0c9831d1371ee628fe333239a702

SHA256
88c1b8d98209e9df9e07efdb9ab96d972fbef62b7c2180a4b49fb4a021117e1b

SHA512
e6de275b9891bf6ea28655a382d9a54313e22864626ab0b91536720104af643195b7e67c26d81cf9160f918337f2589788f481bacda5ac38af99f2695e550889

Download Submit
C:\Program Files\Bandizip\Bandizip.exe

Filesize
3.2MB

MD5
dbf7d165455fae94f5673bb43e3603be

SHA1
6c369ba2e7bb0c9831d1371ee628fe333239a702

SHA256
88c1b8d98209e9df9e07efdb9ab96d972fbef62b7c2180a4b49fb4a021117e1b

SHA512
e6de275b9891bf6ea28655a382d9a54313e22864626ab0b91536720104af643195b7e67c26d81cf9160f918337f2589788f481bacda5ac38af99f2695e550889

Download Submit
C:\Program Files\Bandizip\Bandizip.exe

Filesize
3.2MB

MD5
dbf7d165455fae94f5673bb43e3603be

SHA1
6c369ba2e7bb0c9831d1371ee628fe333239a702

SHA256
88c1b8d98209e9df9e07efdb9ab96d972fbef62b7c2180a4b49fb4a021117e1b

SHA512
e6de275b9891bf6ea28655a382d9a54313e22864626ab0b91536720104af643195b7e67c26d81cf9160f918337f2589788f481bacda5ac38af99f2695e550889

Download Submit
C:\Program Files\Bandizip\Bandizip.exe

Filesize
3.2MB

MD5
dbf7d165455fae94f5673bb43e3603be

SHA1
6c369ba2e7bb0c9831d1371ee628fe333239a702

SHA256
88c1b8d98209e9df9e07efdb9ab96d972fbef62b7c2180a4b49fb4a021117e1b

SHA512
e6de275b9891bf6ea28655a382d9a54313e22864626ab0b91536720104af643195b7e67c26d81cf9160f918337f2589788f481bacda5ac38af99f2695e550889

Download Submit
C:\Program Files\Bandizip\Bandizip.exe

Filesize
3.2MB

MD5
dbf7d165455fae94f5673bb43e3603be

SHA1
6c369ba2e7bb0c9831d1371ee628fe333239a702

SHA256
88c1b8d98209e9df9e07efdb9ab96d972fbef62b7c2180a4b49fb4a021117e1b

SHA512
e6de275b9891bf6ea28655a382d9a54313e22864626ab0b91536720104af643195b7e67c26d81cf9160f918337f2589788f481bacda5ac38af99f2695e550889

Download Submit
C:\Program Files\Bandizip\Updater.exe

Filesize
948KB

MD5
ff65da6caaef0f07b01e0974e497cf34

SHA1
3b1ed9f28d03b9cf00a458214119b2161e1455a2

SHA256
c47e018fba79835c6e264e7d6d197b7b3aa107460bee69b7f7f6fb2ad14ea25e

SHA512
3b6e8a5d0b8d70057ea34f16771cdf5ad6583cfdd4eab3693d72401045cb8d910fe5799a4c07df481dbf656a56d205a48b27c1f42d80b4aebdb961986a9243f0

Download Submit
C:\Program Files\Bandizip\VersionNo.ini

Filesize
31B

MD5
290af7923417701eff8f7ec3a5c00096

SHA1
c2b2719c0bb161d3b5755aa85b8de32a01f78d9b

SHA256
80acf14866d06015f6002168f6c3827c6a11a18a0df6841866f736e649c10298

SHA512
32d9b50f679465ff2bc656065368b9eace1eb3da366b70ee63a5d1d929ee66d0aa619db8445973ec6ceb0a5c92fe94c3c497540460b57631aa52a85a6dfaca07

Download Submit
C:\Program Files\Bandizip\ark.x64.dll

Filesize
2.6MB

MD5
717d6645d225d02f2628daa697dbf125

SHA1
8e8a014c757245c654eda19491281049bd6e21b0

SHA256
b6aab7bbec71b611d456a1272b03b6674b85e18c990a699f89a0f01ec55cd2bf

SHA512
8d0b571d9f2bbf85d0b1cf9c2ce60a32f3d0cc576f495ef9b2012ab4691f910a5b3f52c1398f93cf555d5bb5f007332fda1a4b2105603343326df61acecd2d11

Download Submit
C:\Program Files\Bandizip\ark.x64.dll

Filesize
2.6MB

MD5
717d6645d225d02f2628daa697dbf125

SHA1
8e8a014c757245c654eda19491281049bd6e21b0

SHA256
b6aab7bbec71b611d456a1272b03b6674b85e18c990a699f89a0f01ec55cd2bf

SHA512
8d0b571d9f2bbf85d0b1cf9c2ce60a32f3d0cc576f495ef9b2012ab4691f910a5b3f52c1398f93cf555d5bb5f007332fda1a4b2105603343326df61acecd2d11

Download Submit
C:\Program Files\Bandizip\bdzshl.x64.dll

Filesize
523KB

MD5
e1d31928fcb454110fcd471bffea57ef

SHA1
bf92d8c718e03cd1a836e0a2bfb4a9f12c0a8a69

SHA256
f582cc130fe53b28c93f1082a6cb650a12f613cbb549e0e2f8df74e904de8fa2

SHA512
685bb0a1cf7a2addb075ebdc6bde9d82fb9e89fab6e2c135b8e4db9420c85d8888e370d9414e0530284aabb409fb2908b28d61a51f6629472f6745c2704257a8

Download Submit
C:\Program Files\Bandizip\bdzshl.x64.dll

Filesize
523KB

MD5
e1d31928fcb454110fcd471bffea57ef

SHA1
bf92d8c718e03cd1a836e0a2bfb4a9f12c0a8a69

SHA256
f582cc130fe53b28c93f1082a6cb650a12f613cbb549e0e2f8df74e904de8fa2

SHA512
685bb0a1cf7a2addb075ebdc6bde9d82fb9e89fab6e2c135b8e4db9420c85d8888e370d9414e0530284aabb409fb2908b28d61a51f6629472f6745c2704257a8

Download Submit
C:\Program Files\Bandizip\bdzshl.x86.dll

Filesize
419KB

MD5
736d71452e60df10e32f6a5c03e02801

SHA1
e4d81755c306d7d7a5ca3c4d4155b653d7b46863

SHA256
ec45c5981ea7bede494e3bf75d87116b9ac6d88de9dd8c40fc939b7134e48644

SHA512
4f71ebd8908aa479081c573e2c5bfb7f2a964e11eb442247f313b8a3f9c5a278fc4de036c9d737adeed7bb214b6c6503e95dfcaff57da145158fb8435b8f9faa

Download Submit
C:\Program Files\Bandizip\bdzshl.x86.dll

Filesize
419KB

MD5
736d71452e60df10e32f6a5c03e02801

SHA1
e4d81755c306d7d7a5ca3c4d4155b653d7b46863

SHA256
ec45c5981ea7bede494e3bf75d87116b9ac6d88de9dd8c40fc939b7134e48644

SHA512
4f71ebd8908aa479081c573e2c5bfb7f2a964e11eb442247f313b8a3f9c5a278fc4de036c9d737adeed7bb214b6c6503e95dfcaff57da145158fb8435b8f9faa

Download Submit
C:\Program Files\Bandizip\config.ini

Filesize
335B

MD5
ddb7f9ed22d62fa5982c2669e266090a

SHA1
18a064910a2f4bb48565ed18c55f91ee126b2028

SHA256
9d7256be0696e58542bc901659b201178c8e821f23b2f908b271d6b0ba391a16

SHA512
72acb7b24c5cb2273bf95219eff6c45451cd5bc109e202f667189f0eccb5062f29423f70deafa488889f35705b02fa7bdc65f8f913d17473372e95e5390bea69

Download Submit
C:\Program Files\Bandizip\data\RegDll.x64.exe

Filesize
196KB

MD5
4d75334381f7f27d86d152465eca6bfb

SHA1
35edf83326922806fb0f2328ea827cf5e881e9ad

SHA256
bc5b75327044dc990c52dc7ef6411ab55131ca6f5bf95f5068d577278a68db21

SHA512
90f20eba7c74f4b9bea6b7f768161fe48646e333b69af63703af67b8134e85ef554e9814234186fc2af25c1408d14d0e05495b369625b1b2da331941db11f2aa

Download Submit
C:\Program Files\Bandizip\data\RegDll.x64.exe

Filesize
196KB

MD5
4d75334381f7f27d86d152465eca6bfb

SHA1
35edf83326922806fb0f2328ea827cf5e881e9ad

SHA256
bc5b75327044dc990c52dc7ef6411ab55131ca6f5bf95f5068d577278a68db21

SHA512
90f20eba7c74f4b9bea6b7f768161fe48646e333b69af63703af67b8134e85ef554e9814234186fc2af25c1408d14d0e05495b369625b1b2da331941db11f2aa

Download Submit
C:\Program Files\Bandizip\data\RegDll.x64.exe

Filesize
196KB

MD5
4d75334381f7f27d86d152465eca6bfb

SHA1
35edf83326922806fb0f2328ea827cf5e881e9ad

SHA256
bc5b75327044dc990c52dc7ef6411ab55131ca6f5bf95f5068d577278a68db21

SHA512
90f20eba7c74f4b9bea6b7f768161fe48646e333b69af63703af67b8134e85ef554e9814234186fc2af25c1408d14d0e05495b369625b1b2da331941db11f2aa

Download Submit
C:\Program Files\Bandizip\data\RegDll.x64.exe

Filesize
196KB

MD5
4d75334381f7f27d86d152465eca6bfb

SHA1
35edf83326922806fb0f2328ea827cf5e881e9ad

SHA256
bc5b75327044dc990c52dc7ef6411ab55131ca6f5bf95f5068d577278a68db21

SHA512
90f20eba7c74f4b9bea6b7f768161fe48646e333b69af63703af67b8134e85ef554e9814234186fc2af25c1408d14d0e05495b369625b1b2da331941db11f2aa

Download Submit
C:\Program Files\Bandizip\data\RegDll.x64.exe

Filesize
196KB

MD5
4d75334381f7f27d86d152465eca6bfb

SHA1
35edf83326922806fb0f2328ea827cf5e881e9ad

SHA256
bc5b75327044dc990c52dc7ef6411ab55131ca6f5bf95f5068d577278a68db21

SHA512
90f20eba7c74f4b9bea6b7f768161fe48646e333b69af63703af67b8134e85ef554e9814234186fc2af25c1408d14d0e05495b369625b1b2da331941db11f2aa

Download Submit
C:\Program Files\Bandizip\data\RegDll.x86.exe

Filesize
161KB

MD5
658720727cc093ba739390af1e3399dd

SHA1
a447f3fa165c5f08a6bdae778d4f12a1bb71318b

SHA256
8187baa0041e36a5a282baf37613fd32de833f2b1359c1e2f4624133c4526431

SHA512
eea960e9de6dd2da80a951584bbefd75f50d5bdea62ce1993fcc52b17ad72e7e046d8f5e98cb26236b2d87efe1160d9db84aa76e3588a9cc275c03eebeb1c6d8

Download Submit
C:\Program Files\Bandizip\data\RegDll.x86.exe

Filesize
161KB

MD5
658720727cc093ba739390af1e3399dd

SHA1
a447f3fa165c5f08a6bdae778d4f12a1bb71318b

SHA256
8187baa0041e36a5a282baf37613fd32de833f2b1359c1e2f4624133c4526431

SHA512
eea960e9de6dd2da80a951584bbefd75f50d5bdea62ce1993fcc52b17ad72e7e046d8f5e98cb26236b2d87efe1160d9db84aa76e3588a9cc275c03eebeb1c6d8

Download Submit
C:\Program Files\Bandizip\data\RegDll.x86.exe

Filesize
161KB

MD5
658720727cc093ba739390af1e3399dd

SHA1
a447f3fa165c5f08a6bdae778d4f12a1bb71318b

SHA256
8187baa0041e36a5a282baf37613fd32de833f2b1359c1e2f4624133c4526431

SHA512
eea960e9de6dd2da80a951584bbefd75f50d5bdea62ce1993fcc52b17ad72e7e046d8f5e98cb26236b2d87efe1160d9db84aa76e3588a9cc275c03eebeb1c6d8

Download Submit
C:\Program Files\Bandizip\data\RegDll.x86.exe

Filesize
161KB

MD5
658720727cc093ba739390af1e3399dd

SHA1
a447f3fa165c5f08a6bdae778d4f12a1bb71318b

SHA256
8187baa0041e36a5a282baf37613fd32de833f2b1359c1e2f4624133c4526431

SHA512
eea960e9de6dd2da80a951584bbefd75f50d5bdea62ce1993fcc52b17ad72e7e046d8f5e98cb26236b2d87efe1160d9db84aa76e3588a9cc275c03eebeb1c6d8

Download Submit
C:\Program Files\Bandizip\data\RegDll.x86.exe

Filesize
161KB

MD5
658720727cc093ba739390af1e3399dd

SHA1
a447f3fa165c5f08a6bdae778d4f12a1bb71318b

SHA256
8187baa0041e36a5a282baf37613fd32de833f2b1359c1e2f4624133c4526431

SHA512
eea960e9de6dd2da80a951584bbefd75f50d5bdea62ce1993fcc52b17ad72e7e046d8f5e98cb26236b2d87efe1160d9db84aa76e3588a9cc275c03eebeb1c6d8

Download Submit
C:\Program Files\Bandizip\data\RegPackage.x86.exe

Filesize
196KB

MD5
635a16f3040149c7a53001536c343a20

SHA1
b4541f700aa5f73da9f5d4968285ada7af372ad6

SHA256
c389e77289eb9d575a2386857e7c8302f68516ae9f382db8f83811a3234cb33e

SHA512
1b96d06240a69ac15c23b49507ec8a01856cee7d2528b27f3e27dbb56597578bed80e2e91d4b11afb914924680b7c6909f469d19e46ddfa1bd9cf280e77d060a

Download Submit
C:\Program Files\Bandizip\data\RegPackage.x86.exe

Filesize
196KB

MD5
635a16f3040149c7a53001536c343a20

SHA1
b4541f700aa5f73da9f5d4968285ada7af372ad6

SHA256
c389e77289eb9d575a2386857e7c8302f68516ae9f382db8f83811a3234cb33e

SHA512
1b96d06240a69ac15c23b49507ec8a01856cee7d2528b27f3e27dbb56597578bed80e2e91d4b11afb914924680b7c6909f469d19e46ddfa1bd9cf280e77d060a

Download Submit
C:\Program Files\Bandizip\data\resource.data

Filesize
52KB

MD5
d3036ec2de826267ab8a51a5e78bcdbc

SHA1
39d8f82ae28cd74cca1e49f701e20b6cada65301

SHA256
7192f0d66300464f1acfa000427cb35ab8c8ea4412bc35a984a79767f0e4362d

SHA512
e11253a63678fbbc074cdd64aad6e2ecdd64a12132f93a0d8884d0f2bd87b6e9926df03f66185309c831e014a484836fd934068c114163440eef296a2f4ec015

Download Submit
C:\Program Files\Bandizip\data\skin.data

Filesize
802KB

MD5
09a0880ea5aeec5a04ed73a43495f8a6

SHA1
18d54fa6c5bd4243336412415830113d3d7a70e2

SHA256
a9d2f2769e679a44ef47a0086369762f1de8a1c65a0863758e829311ae2ee7ce

SHA512
b8bcd98bb49be8304cf540aac8231ca5ac71754d4a8868a7bdd158adfb1ba2cd4c4ed76b53c4f5895a1553499902641f9970bb8ddb51ae38e707902b1fa36dc0

Download Submit
C:\Program Files\Bandizip\langs\English.lang

Filesize
71KB

MD5
a366569de49bc573c5f4e55a02ede1d9

SHA1
649523dcbd36daa69048770c6f6d4d2aa6d8e588

SHA256
9d77b3739f87ddc25c9f07eca079cd6ed0e7e387b6c3831323c2d2740961c6f8

SHA512
5c75e3b17a4259fa76de01830f39721b4c39ad044a70b15f6745afc6ac6e4bf5d3c2b9160613ddbf7e42b23450fd8ed2ec6a775c6252863bc8ea395ec054a674

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
2KB

MD5
61a9f01083346a0ee40dc68983932b14

SHA1
85737a00e510acc709a5ea03d04a666bf41eb912

SHA256
db745e7939f305e69baa8e6fda50687f545b5b9af3cffbd290f1223d7956c1e7

SHA512
80edf82ede77a5657e92ca9c6ec45fe28118f1f0372d33e377185f7043580ee136927922556795552b41b9bd03aaef9a0273758af375b56ad4470aa23ac88349

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\17893E08B70B1D88FA1BAD0C80F66433

Filesize
472B

MD5
fdd73bc83bee4a3018d0735261f35ad4

SHA1
ec2e813f71343be500124313f7a6ad042c03d084

SHA256
45603b6c5214fbd4dd7f701afed6126ed5b77869d1be19dc238323165bf4f265

SHA512
51307c74efae5e4f507ce6380f2d64ec8a025fecc6497af4b5db3828b383963a1bf2a8244dd7cf7698a882a831ca0d25549be9eb7044c3d1378afb1af8ea052b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
deb5907196e6e5e0e915c276f65a6924

SHA1
62802115ee04a17e66297fbfd5ab8d933040ffdb

SHA256
48c65c4f7dfbf070a4e8157cd0ec68e495eb3f963668f3d51ae6fedcff7fcda1

SHA512
4881fd5f46e1846f4e4dd3cb0295c5b48f62181bba01f8113520d97ee31b1489429281778d1ac0d58d02a3343ad97d24a96ce1d2bdbb1ddda2f77e5101f51c43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
9e6b35e0362283bff0e08cf713cbce04

SHA1
323df387b55d51ffcbd9b3b53a37b5e6657f74c3

SHA256
64252dd0fc69161a8dc5ff48207ba50ad8c91e7bbc3bfd9ea8050979a2dcee40

SHA512
8a379bd5795365554781651b3a10f4570d71b3ef2406a8fb01b047b2a4f8390d83108139360c4bbc0be524269348380dce94008b2182557e76705b1ac2d46260

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\17893E08B70B1D88FA1BAD0C80F66433

Filesize
480B

MD5
908e0017290805ebc103813cad944f35

SHA1
0e93169c7e470304157e5e63aa19c3f55ae66c4b

SHA256
73aaf31a3b54a3e6c09355d3d91d62e4e47d91d1f84b71ba7cb2b61d0a19fb0f

SHA512
48be66c69c020bcfa633123988cffc8885c381da2b3116af660171e0e25c2fa327a7ab20219bab896ff6000437b507ac492272c93d3959761fa1aee01fd4990d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
7d76727a889fd488739755f53e08319d

SHA1
03668b0ea2cf76c37ecbe5018b4f62aaa8ec20b8

SHA256
5f8a5e68d750c693634d5dac25d1de5d1928e108cd8dac479eccafc3d06e685d

SHA512
3267e4df7f5641d15cc9a823385bfd7408d25222047cb724110391f5017c777526929bf10e0fa7cf2e6f4939a5969a4b3c091861cf215c63b3e592fb021ba82c

Download Submit