Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

bdcamsetup.exe

windows7-x64

7

bdcamsetup.exe

windows10-2004-x64

7

Resubmissions

05/02/2023, 21:06 UTC

230205-zx85kaah38 7

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/02/2023, 21:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bdcamsetup.exe

  • Size

    21.3MB

  • MD5

    ff33a6101796fe31cfadbe2fc3e3a822

  • SHA1

    3476419775cfa638711d340eab1a12397eaf14a7

  • SHA256

    1815488eaf4f43b667859b509e09cf1049b801fe8d46e3a190f2c40271b5b37d

  • SHA512

    f919bcd718ffce33147e834e1c089587d1cb037ba03073be1858df0afd02b17e5e07102dbe830c517a45892c9443766e64097c4cea5c519ee38452a4aedbe82b

  • SSDEEP

    393216:ptmgrOepJCO8Vk5PATwZJ2Zi53woEYxJEspG3JhPuXHvtWNfznm4h4vv:nmg1Dx8GBAyci53wDmehJ0PYNr/h4vv

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 35 IoCs
  • Registers COM server for autorun 1 TTPs 12 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 14 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 21 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bdcamsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\bdcamsetup.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
      "C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE" /S
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:268
      • C:\Windows\SysWOW64\regsvr32.exe
        "regsvr32" /s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1368
        • C:\Windows\system32\regsvr32.exe
          /s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"
          4⤵
          • Loads dropped DLL
          • Registers COM server for autorun
          • Modifies registry class
          PID:764
    • C:\Program Files (x86)\Bandicam\bdcam.exe
      "C:\Program Files (x86)\Bandicam\bdcam.exe" /install
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1204
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\Bandicam\bdcamvk64.dll",RegDll
        3⤵
        • Loads dropped DLL
        PID:1072
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Program Files (x86)\Bandicam\bdcamvk32.dll",RegDll
        3⤵
        • Loads dropped DLL
        PID:820
    • C:\Program Files (x86)\Bandicam\bdcam.exe
      "C:\Program Files (x86)\Bandicam\bdcam.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1324
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bandicam 2023-02-05 22-09-07-153.avi"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1760
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.bandicam.com/f.php?id=eng_app_complete_install&v=2&lang=en
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1384
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1384 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1600
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x564
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1228

Network

  • flag-us
    DNS
    www.bandicam.com
    bdcam.exe
    Remote address:
    8.8.8.8:53
    Request
    www.bandicam.com
    IN A
    Response
    www.bandicam.com
    IN A
    151.101.130.132
  • flag-us
    GET
    https://www.bandicam.com/downloads/version_eng.ini
    bdcam.exe
    Remote address:
    151.101.130.132:443
    Request
    GET /downloads/version_eng.ini HTTP/1.1
    User-Agent: BANDICAM/4, 6, 2, 1699 (ENG)
    Host: www.bandicam.com
    Cache-Control: no-cache
    Cookie: ui_version=3; ui_language=english.ini
    Response
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 227
    Server: nginx
    Content-Type: text/ini
    Last-Modified: Tue, 27 Dec 2022 08:59:20 GMT
    ETag: "63aab3e8-e3"
    X-Content-Type-Options: nosniff
    Accept-Ranges: bytes
    Date: Sun, 05 Feb 2023 21:08:22 GMT
    Via: 1.1 varnish
    Age: 1024207
    X-Served-By: cache-ams21036-AMS
    X-Cache: HIT
    X-Cache-Hits: 2
    X-Timer: S1675631303.838458,VS0,VE0
    Strict-Transport-Security: max-age=31557600
  • flag-us
    GET
    https://www.bandicam.com/app_info/index2.php?v=4.6.2.1699&r=0
    bdcam.exe
    Remote address:
    151.101.130.132:443
    Request
    GET /app_info/index2.php?v=4.6.2.1699&r=0 HTTP/1.1
    Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.bandicam.com
    Connection: Keep-Alive
    Cookie: registered=0; ui_version=3; ui_language=english.ini
    Response
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 652
    Server: nginx
    Content-Type: text/html; charset=UTF-8
    cache-control: public, s-maxage=1800
    X-Content-Type-Options: nosniff
    Content-Encoding: gzip
    Accept-Ranges: bytes
    Date: Sun, 05 Feb 2023 21:08:23 GMT
    Via: 1.1 varnish
    Age: 19
    X-Served-By: cache-ams21080-AMS
    X-Cache: HIT
    X-Cache-Hits: 1
    X-Timer: S1675631303.386422,VS0,VE1
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=31557600
  • 151.101.130.132:443
    www.bandicam.com
    tls
    IEXPLORE.EXE
    603 B
     4.3kB
     6
    7
  • 151.101.130.132:443
    www.bandicam.com
    tls
    IEXPLORE.EXE
    603 B
     4.3kB
     6
    7
  • 151.101.130.132:443
    https://www.bandicam.com/downloads/version_eng.ini
    tls, http
    bdcam.exe
    946 B
     6.2kB
     8
    11

    HTTP Request

    GET https://www.bandicam.com/downloads/version_eng.ini

    HTTP Response

    200
  • 151.101.130.132:443
    https://www.bandicam.com/app_info/index2.php?v=4.6.2.1699&r=0
    tls, http
    bdcam.exe
    1.3kB
     7.0kB
     8
    10

    HTTP Request

    GET https://www.bandicam.com/app_info/index2.php?v=4.6.2.1699&r=0

    HTTP Response

    200
  • 8.8.8.8:53
    www.bandicam.com
    dns
    bdcam.exe
    62 B
     78 B
     1
    1

    DNS Request

    www.bandicam.com

    DNS Response

    151.101.130.132

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll
    Filesize

    4.6MB

    MD5

    13f7a29baa1e04f74151737cb71bd0e5

    SHA1

    0bc8682c6c96923a729aa6239aa53d95221b13ab

    SHA256

    008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

    SHA512

    4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

    Download Submit

  • C:\Program Files (x86)\Bandicam\bandicam.ini
    Filesize

    25B

    MD5

    27040420efe98196ff3abd332cdc4458

    SHA1

    7d2e66c6d72ea6a514c217b6564daeb6b8fe7d5a

    SHA256

    7381638423ad67db8d63c778874de39c91b08797ee80707c7f2c5e096fbe1420

    SHA512

    919b9a718559a7bbadc50ab85a58c3971d09cd3f45a17a94319868a859997ac0e44cfe31dd14fe480f938b665e97a02bb93705666b35b7cae49edf76fbd0505f

    Download Submit

  • C:\Program Files (x86)\Bandicam\bdcam.dll
    Filesize

    18.4MB

    MD5

    73f85513be1f1a05271e74b804f7f82f

    SHA1

    ff63590d5a4c23158de6a147f9bcb12b370dec02

    SHA256

    2b401cb041e5450c47b87e07d82defeda2761f0c945b268d30fc64fb4632ab41

    SHA512

    d51a5840dd322cffddd1707bdb67b268f21adec4790f88b6372a4bb468ab247127f890bd8aa7c3d03bdf756405654449d1c67cd306f580ecf7afda9c6204b110

    Download Submit

  • C:\Program Files (x86)\Bandicam\bdcam.exe
    Filesize

    6.7MB

    MD5

    48c906ce763f5a3170a5f6819c619e6f

    SHA1

    afdae638675676ac10e8f864a6d96346c03b77b9

    SHA256

    8a6f0f84a3519d34a7a66c967bb926606399f4f8ab80ba036d5316ab2e5d6a34

    SHA512

    b2cb66005066befc0ed6043559c6801bc73f597be85d812185c2355df4b40c2fd8d018acce86147b01d8feb8d81d2a3be19204b5d3c0fdd103d40abe48373b77

    Download Submit

  • C:\Program Files (x86)\Bandicam\bdcam.exe
    Filesize

    6.7MB

    MD5

    48c906ce763f5a3170a5f6819c619e6f

    SHA1

    afdae638675676ac10e8f864a6d96346c03b77b9

    SHA256

    8a6f0f84a3519d34a7a66c967bb926606399f4f8ab80ba036d5316ab2e5d6a34

    SHA512

    b2cb66005066befc0ed6043559c6801bc73f597be85d812185c2355df4b40c2fd8d018acce86147b01d8feb8d81d2a3be19204b5d3c0fdd103d40abe48373b77

    Download Submit

  • C:\Program Files (x86)\Bandicam\bdcam.exe
    Filesize

    6.7MB

    MD5

    48c906ce763f5a3170a5f6819c619e6f

    SHA1

    afdae638675676ac10e8f864a6d96346c03b77b9

    SHA256

    8a6f0f84a3519d34a7a66c967bb926606399f4f8ab80ba036d5316ab2e5d6a34

    SHA512

    b2cb66005066befc0ed6043559c6801bc73f597be85d812185c2355df4b40c2fd8d018acce86147b01d8feb8d81d2a3be19204b5d3c0fdd103d40abe48373b77

    Download Submit

  • C:\Program Files (x86)\Bandicam\bdcamvk32.dll
    Filesize

    1.5MB

    MD5

    7c790924f093ee3f05efc7e054bf848f

    SHA1

    6579535137b389d8b9c70879e2b2c66a9753643b

    SHA256

    7d43059abc6d8caadd1201e4ed22fe955a4b5aa36f22214cba6eb6c2a12f5662

    SHA512

    f2c6068184632e23efc9db407c89592b18fb9f348e7c0fa0847e4a27b1d994d48192ea89c3f52253c264474546a2d555997cd51a1e37730d8f9abded912d81c7

    Download Submit

  • C:\Program Files (x86)\Bandicam\bdcamvk64.dll
    Filesize

    1.9MB

    MD5

    93b822cd5bcf89bbf319789d00960cd4

    SHA1

    6722785ee4c306fd2906251e1af39b451a1776f5

    SHA256

    5c9a6b23151109adaf881b68e02102ec08aaf04396e0449e17246dc03993da8c

    SHA512

    20d41244cb997827e5de134c387344e3c1c8a693bf1575b53538b22bb870a9ff9ee1063a67a56c980de029192499fdfd0e0c8a910d5fb6b378f7057ded1e2d77

    Download Submit

  • C:\Program Files (x86)\Bandicam\bdcap32.dll
    Filesize

    11.0MB

    MD5

    f4f24338b748f9b35c1704ce3537c312

    SHA1

    059e4656ab987e84fe950db13b2b339e6c9c94cd

    SHA256

    f71f1aaba8a41830feb16927f8e6a40469beb6a6e996548367c3786f3459145a

    SHA512

    a838c10f7669c48e62d416f087d4a5f084eaa092abb8db7a648d84765489af47490e1c6bb8003527ddeb12617409209f61e5610932d12ee9ad8db50d41acca2e

    Download Submit

  • C:\Program Files (x86)\Bandicam\bdcap64.dll
    Filesize

    15.6MB

    MD5

    2ad27be6464160e1ceb5a02d665d4b85

    SHA1

    e56f5f9e2665d2513db59f72bbde51f70dc9628e

    SHA256

    6b9ab4c92a9b0ccfe1afbb0c9ef5320bc2a9a10829fd370ee3f47fc1628f30af

    SHA512

    0a1c6bf909e4b25d9e790c95cccdd047e333b76057b024b69c5731cfe966874addc46a24962dd6bd667509e8eb58d0ef8aacae6958492acc1824bd00df025429

    Download Submit

  • C:\Program Files (x86)\Bandicam\data\effects\effects10.dat
    Filesize

    58KB

    MD5

    fe3d7459d1e60f1a3a9f4de092e46ba7

    SHA1

    c8545c0873e896d9549c9a66f099b67f36ba461e

    SHA256

    184bd469a52b67c553fb934bf4122334449f6b6bff86c07ba193eab2ee617427

    SHA512

    77eba3abacf6db565dbe8dd6f9107cabcb390c40512aca9c09d7d1d590f522cbfa97940d4f06cec71022053af4b13176183997fa14c7a10531cc5511709c8d86

    Download Submit

  • C:\Program Files (x86)\Bandicam\data\effects\highlight10.dat
    Filesize

    3KB

    MD5

    e734e8f933a0f60adcc30c465bbe1c4c

    SHA1

    d7722aafbf6a2aacec2c1740e99a23af7d01b966

    SHA256

    a2b6a948b305d71bb8cf7bde3a79a3194ee29562e5c447a46b7efac831aee5c7

    SHA512

    802c993816d3e6aa868f67c384f3702af636415560f10de8336eb226639b180da4b2211b922bcfbb0d4accb3111a450603f20437f46436a067f05356f0752d2a

    Download Submit

  • C:\Program Files (x86)\Bandicam\data\language.dat
    Filesize

    74KB

    MD5

    3086a9603248ca63af3fc75816c381d6

    SHA1

    6b32a9673a8feffc985ef15b5a65a4a7a4dfbc31

    SHA256

    f074c2ed73dc4853afec8a6289b167b179148c7c069d618b27d474c842dc3fd5

    SHA512

    da62cdb5d4fa730cee2dfbce687754011b07ad705edb4c2946f834ea370b33b992286505052d06065820b52746c227d55f3a7c6c3c9ec08d164eb7e6469941dc

    Download Submit

  • C:\Program Files (x86)\Bandicam\data\skin.dat
    Filesize

    616KB

    MD5

    4bab7d2dea98555798921832a76029d6

    SHA1

    8529990d7913907cadbc5261431c9ce14d12f8d2

    SHA256

    d96739906ff2eb34382dbf92809c69adadc959f46c1206e670d8464d20792466

    SHA512

    7cbdd243799769eaa08822c4c2441ef92e36abc3acdc15a00a3496ed5c02e0388fca8e5aefdd9f27bbef12ebce3dc7322794fb8ce3ff0c950cc6ad07eeb8f978

    Download Submit

  • C:\Program Files (x86)\Bandicam\lang\English.ini
    Filesize

    110KB

    MD5

    b7c822379925806136a091c6dfcd3fe2

    SHA1

    887bea16885863807430a1953ac2625c71c00f54

    SHA256

    0a04f09e4d2bd95d4b23c1ad1798b7778b470635de04628fef4fa9596e5dcb00

    SHA512

    bf6310037bfb0c7f3e7a0413b886dac65333b29b6d75ce540e96408d76ba6606f53cecde68e0198604e05da6f63c01c6547f47cd2342e5c2d2747f8b140e604f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
    Filesize

    1.4MB

    MD5

    461d135a4fccd51bbae38f742e123fd3

    SHA1

    c12a442fbcd4a9c44102f0a560ba03d59bc501ed

    SHA256

    4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

    SHA512

    41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
    Filesize

    1.4MB

    MD5

    461d135a4fccd51bbae38f742e123fd3

    SHA1

    c12a442fbcd4a9c44102f0a560ba03d59bc501ed

    SHA256

    4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

    SHA512

    41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

    Download Submit

  • C:\Users\Admin\Documents\Bandicam\bandicam 2023-02-05 22-09-07-153.avi
    Filesize

    166KB

    MD5

    97efde78e57c9d3ac1e2a968b28d6c7a

    SHA1

    4f4bbf98477ab85fc2921af2d1420e64edcf3886

    SHA256

    fc5655c1c3ce4492802fe0aeb57753ba47351559d6ffd0b277bf8f846024f9f0

    SHA512

    b68f643a894a071ecdfaf53d9565c42fdab36a0a2d866c1f903c5108b9fcfadc83323365fc32fc0da39fb83e6d5513edfc15b5fda155371fc723147ff1bf64d0

    Download Submit

  • \Program Files (x86)\BandiMPEG1\bdfilters.dll
    Filesize

    4.1MB

    MD5

    ed730387fdcd684b756601b863c47417

    SHA1

    c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde

    SHA256

    9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5

    SHA512

    e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f

    Download Submit

  • \Program Files (x86)\BandiMPEG1\bdfilters64.dll
    Filesize

    4.6MB

    MD5

    13f7a29baa1e04f74151737cb71bd0e5

    SHA1

    0bc8682c6c96923a729aa6239aa53d95221b13ab

    SHA256

    008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

    SHA512

    4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

    Download Submit

  • \Program Files (x86)\BandiMPEG1\bdfilters64.dll
    Filesize

    4.6MB

    MD5

    13f7a29baa1e04f74151737cb71bd0e5

    SHA1

    0bc8682c6c96923a729aa6239aa53d95221b13ab

    SHA256

    008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

    SHA512

    4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

    Download Submit

  • \Program Files (x86)\Bandicam\bdcam.dll
    Filesize

    18.4MB

    MD5

    73f85513be1f1a05271e74b804f7f82f

    SHA1

    ff63590d5a4c23158de6a147f9bcb12b370dec02

    SHA256

    2b401cb041e5450c47b87e07d82defeda2761f0c945b268d30fc64fb4632ab41

    SHA512

    d51a5840dd322cffddd1707bdb67b268f21adec4790f88b6372a4bb468ab247127f890bd8aa7c3d03bdf756405654449d1c67cd306f580ecf7afda9c6204b110

    Download Submit

  • \Program Files (x86)\Bandicam\bdcam.exe
    Filesize

    6.7MB

    MD5

    48c906ce763f5a3170a5f6819c619e6f

    SHA1

    afdae638675676ac10e8f864a6d96346c03b77b9

    SHA256

    8a6f0f84a3519d34a7a66c967bb926606399f4f8ab80ba036d5316ab2e5d6a34

    SHA512

    b2cb66005066befc0ed6043559c6801bc73f597be85d812185c2355df4b40c2fd8d018acce86147b01d8feb8d81d2a3be19204b5d3c0fdd103d40abe48373b77

    Download Submit

  • \Program Files (x86)\Bandicam\bdcam.exe
    Filesize

    6.7MB

    MD5

    48c906ce763f5a3170a5f6819c619e6f

    SHA1

    afdae638675676ac10e8f864a6d96346c03b77b9

    SHA256

    8a6f0f84a3519d34a7a66c967bb926606399f4f8ab80ba036d5316ab2e5d6a34

    SHA512

    b2cb66005066befc0ed6043559c6801bc73f597be85d812185c2355df4b40c2fd8d018acce86147b01d8feb8d81d2a3be19204b5d3c0fdd103d40abe48373b77

    Download Submit

  • \Program Files (x86)\Bandicam\bdcam.exe
    Filesize

    6.7MB

    MD5

    48c906ce763f5a3170a5f6819c619e6f

    SHA1

    afdae638675676ac10e8f864a6d96346c03b77b9

    SHA256

    8a6f0f84a3519d34a7a66c967bb926606399f4f8ab80ba036d5316ab2e5d6a34

    SHA512

    b2cb66005066befc0ed6043559c6801bc73f597be85d812185c2355df4b40c2fd8d018acce86147b01d8feb8d81d2a3be19204b5d3c0fdd103d40abe48373b77

    Download Submit

  • \Program Files (x86)\Bandicam\bdcam.exe
    Filesize

    6.7MB

    MD5

    48c906ce763f5a3170a5f6819c619e6f

    SHA1

    afdae638675676ac10e8f864a6d96346c03b77b9

    SHA256

    8a6f0f84a3519d34a7a66c967bb926606399f4f8ab80ba036d5316ab2e5d6a34

    SHA512

    b2cb66005066befc0ed6043559c6801bc73f597be85d812185c2355df4b40c2fd8d018acce86147b01d8feb8d81d2a3be19204b5d3c0fdd103d40abe48373b77

    Download Submit

  • \Program Files (x86)\Bandicam\bdcam_nonadmin.exe
    Filesize

    156KB

    MD5

    aa6f3a6e63e0634f74c0882a771050b8

    SHA1

    8161fc6214ac0ce307985cdcd006929a62335a09

    SHA256

    68acc1f23c0685d84bc83f1fa9dc9970c0d0defd902906b64f58f9d0b56b135b

    SHA512

    52fd53729f38516be00e44033c2050885508dd1da38f92e9ccfedc7359487f8dca5c048e0d2787543cb79460e0925996bf4b64e42f213db55bf120826598f3c8

    Download Submit

  • \Program Files (x86)\Bandicam\bdcamvk32.dll
    Filesize

    1.5MB

    MD5

    7c790924f093ee3f05efc7e054bf848f

    SHA1

    6579535137b389d8b9c70879e2b2c66a9753643b

    SHA256

    7d43059abc6d8caadd1201e4ed22fe955a4b5aa36f22214cba6eb6c2a12f5662

    SHA512

    f2c6068184632e23efc9db407c89592b18fb9f348e7c0fa0847e4a27b1d994d48192ea89c3f52253c264474546a2d555997cd51a1e37730d8f9abded912d81c7

    Download Submit

  • \Program Files (x86)\Bandicam\bdcamvk32.dll
    Filesize

    1.5MB

    MD5

    7c790924f093ee3f05efc7e054bf848f

    SHA1

    6579535137b389d8b9c70879e2b2c66a9753643b

    SHA256

    7d43059abc6d8caadd1201e4ed22fe955a4b5aa36f22214cba6eb6c2a12f5662

    SHA512

    f2c6068184632e23efc9db407c89592b18fb9f348e7c0fa0847e4a27b1d994d48192ea89c3f52253c264474546a2d555997cd51a1e37730d8f9abded912d81c7

    Download Submit

  • \Program Files (x86)\Bandicam\bdcamvk32.dll
    Filesize

    1.5MB

    MD5

    7c790924f093ee3f05efc7e054bf848f

    SHA1

    6579535137b389d8b9c70879e2b2c66a9753643b

    SHA256

    7d43059abc6d8caadd1201e4ed22fe955a4b5aa36f22214cba6eb6c2a12f5662

    SHA512

    f2c6068184632e23efc9db407c89592b18fb9f348e7c0fa0847e4a27b1d994d48192ea89c3f52253c264474546a2d555997cd51a1e37730d8f9abded912d81c7

    Download Submit

  • \Program Files (x86)\Bandicam\bdcamvk32.dll
    Filesize

    1.5MB

    MD5

    7c790924f093ee3f05efc7e054bf848f

    SHA1

    6579535137b389d8b9c70879e2b2c66a9753643b

    SHA256

    7d43059abc6d8caadd1201e4ed22fe955a4b5aa36f22214cba6eb6c2a12f5662

    SHA512

    f2c6068184632e23efc9db407c89592b18fb9f348e7c0fa0847e4a27b1d994d48192ea89c3f52253c264474546a2d555997cd51a1e37730d8f9abded912d81c7

    Download Submit

  • \Program Files (x86)\Bandicam\bdcamvk64.dll
    Filesize

    1.9MB

    MD5

    93b822cd5bcf89bbf319789d00960cd4

    SHA1

    6722785ee4c306fd2906251e1af39b451a1776f5

    SHA256

    5c9a6b23151109adaf881b68e02102ec08aaf04396e0449e17246dc03993da8c

    SHA512

    20d41244cb997827e5de134c387344e3c1c8a693bf1575b53538b22bb870a9ff9ee1063a67a56c980de029192499fdfd0e0c8a910d5fb6b378f7057ded1e2d77

    Download Submit

  • \Program Files (x86)\Bandicam\bdcamvk64.dll
    Filesize

    1.9MB

    MD5

    93b822cd5bcf89bbf319789d00960cd4

    SHA1

    6722785ee4c306fd2906251e1af39b451a1776f5

    SHA256

    5c9a6b23151109adaf881b68e02102ec08aaf04396e0449e17246dc03993da8c

    SHA512

    20d41244cb997827e5de134c387344e3c1c8a693bf1575b53538b22bb870a9ff9ee1063a67a56c980de029192499fdfd0e0c8a910d5fb6b378f7057ded1e2d77

    Download Submit

  • \Program Files (x86)\Bandicam\bdcamvk64.dll
    Filesize

    1.9MB

    MD5

    93b822cd5bcf89bbf319789d00960cd4

    SHA1

    6722785ee4c306fd2906251e1af39b451a1776f5

    SHA256

    5c9a6b23151109adaf881b68e02102ec08aaf04396e0449e17246dc03993da8c

    SHA512

    20d41244cb997827e5de134c387344e3c1c8a693bf1575b53538b22bb870a9ff9ee1063a67a56c980de029192499fdfd0e0c8a910d5fb6b378f7057ded1e2d77

    Download Submit

  • \Program Files (x86)\Bandicam\bdcamvk64.dll
    Filesize

    1.9MB

    MD5

    93b822cd5bcf89bbf319789d00960cd4

    SHA1

    6722785ee4c306fd2906251e1af39b451a1776f5

    SHA256

    5c9a6b23151109adaf881b68e02102ec08aaf04396e0449e17246dc03993da8c

    SHA512

    20d41244cb997827e5de134c387344e3c1c8a693bf1575b53538b22bb870a9ff9ee1063a67a56c980de029192499fdfd0e0c8a910d5fb6b378f7057ded1e2d77

    Download Submit

  • \Program Files (x86)\Bandicam\bdcap32.dll
    Filesize

    11.0MB

    MD5

    f4f24338b748f9b35c1704ce3537c312

    SHA1

    059e4656ab987e84fe950db13b2b339e6c9c94cd

    SHA256

    f71f1aaba8a41830feb16927f8e6a40469beb6a6e996548367c3786f3459145a

    SHA512

    a838c10f7669c48e62d416f087d4a5f084eaa092abb8db7a648d84765489af47490e1c6bb8003527ddeb12617409209f61e5610932d12ee9ad8db50d41acca2e

    Download Submit

  • \Program Files (x86)\Bandicam\bdfix.exe
    Filesize

    2.8MB

    MD5

    dddf65a71f12833e7de66d039e41110d

    SHA1

    8f6452fccfb8b03b2ab5d5d2be4a9d1648901884

    SHA256

    e1ce5d710944720cd4edfb2df9164a2d8f235effe518c873caff5fd23a78cf21

    SHA512

    9c7b2a1b06713f55bf0afbde8fce3b72f5caf48a4b8b77cd5511ce042515d8eae62cc0900a4a42c22a59e5708e527402ae21622cd75398112bd10f307f6ad584

    Download Submit

  • \Program Files (x86)\Bandicam\uninstall.exe
    Filesize

    173KB

    MD5

    93e46ed00fdc8d8cd7e2006b8cb799ac

    SHA1

    5060fdf9d033e245bf3f0e535a957b07f2d1f2b7

    SHA256

    2178cc1b4d1e9f15f7628121cd29c19e534c057e09a0f81602a100dd1901697e

    SHA512

    e9cb9a2a92bd993eb059107e298f398e2101fd7721216cff9ad9d8b8f557927179f8ae8534e7d25f6dd9b61f4d3e435dd265df93788e5f25f887102828d7545d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
    Filesize

    1.4MB

    MD5

    461d135a4fccd51bbae38f742e123fd3

    SHA1

    c12a442fbcd4a9c44102f0a560ba03d59bc501ed

    SHA256

    4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

    SHA512

    41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
    Filesize

    1.4MB

    MD5

    461d135a4fccd51bbae38f742e123fd3

    SHA1

    c12a442fbcd4a9c44102f0a560ba03d59bc501ed

    SHA256

    4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

    SHA512

    41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
    Filesize

    1.4MB

    MD5

    461d135a4fccd51bbae38f742e123fd3

    SHA1

    c12a442fbcd4a9c44102f0a560ba03d59bc501ed

    SHA256

    4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

    SHA512

    41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
    Filesize

    1.4MB

    MD5

    461d135a4fccd51bbae38f742e123fd3

    SHA1

    c12a442fbcd4a9c44102f0a560ba03d59bc501ed

    SHA256

    4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

    SHA512

    41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

    Download Submit

  • \Users\Admin\AppData\Local\Temp\bdfilters.dll
    Filesize

    4.1MB

    MD5

    ed730387fdcd684b756601b863c47417

    SHA1

    c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde

    SHA256

    9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5

    SHA512

    e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\bdfilters.dll
    Filesize

    4.1MB

    MD5

    ed730387fdcd684b756601b863c47417

    SHA1

    c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde

    SHA256

    9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5

    SHA512

    e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsj6E7F.tmp\System.dll
    Filesize

    11KB

    MD5

    959ea64598b9a3e494c00e8fa793be7e

    SHA1

    40f284a3b92c2f04b1038def79579d4b3d066ee0

    SHA256

    03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    SHA512

    5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy2B37.tmp\Dialer.dll
    Filesize

    3KB

    MD5

    6e7e197ffa13cea15434b221b96b3202

    SHA1

    5fc93dca4a33d79d8601e888daa21a1d0e02eab3

    SHA256

    cb94aead070194af4d3b01f80ef85f227a70b5cfcfa305d26c3b42b8853ac6b4

    SHA512

    4d294929ba55e145027107aeef135d918f2d6ec4a7e3b9fc8fc028924019d1987c12202cf37e9adf18a70a02fb321de7f060c4977de874687fc8a4d924cfb19e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy2B37.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    720304c57dcfa17751ed455b3bb9c10a

    SHA1

    59a1c3a746de10b8875229ff29006f1fd36b1e41

    SHA256

    6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

    SHA512

    c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy2B37.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    720304c57dcfa17751ed455b3bb9c10a

    SHA1

    59a1c3a746de10b8875229ff29006f1fd36b1e41

    SHA256

    6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

    SHA512

    c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy2B37.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    f1e9eed02db3a822a7ddef0c724e5f1f

    SHA1

    65864992f5b6c79c5efbefb5b1354648a8a86709

    SHA256

    6dff504c6759c418c6635c9b25b8c91d0d9ef7787a3a93610d7670bb563c09df

    SHA512

    c22b64fff76b25cf53231b8636f07b361d95791c4646787ce7beac27ad6a0de88337dcceb25b5196f97c452dda72e2614647f51a8a18cb4d5228a82ed2e0780c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy2B37.tmp\System.dll
    Filesize

    11KB

    MD5

    17ed1c86bd67e78ade4712be48a7d2bd

    SHA1

    1cc9fe86d6d6030b4dae45ecddce5907991c01a0

    SHA256

    bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

    SHA512

    0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy2B37.tmp\System.dll
    Filesize

    11KB

    MD5

    17ed1c86bd67e78ade4712be48a7d2bd

    SHA1

    1cc9fe86d6d6030b4dae45ecddce5907991c01a0

    SHA256

    bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

    SHA512

    0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy2B37.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    1b446b36f5b4022d50ffdc0cf567b24a

    SHA1

    d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

    SHA256

    2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

    SHA512

    04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy2B37.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    1b446b36f5b4022d50ffdc0cf567b24a

    SHA1

    d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

    SHA256

    2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

    SHA512

    04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

    Download Submit

  • memory/764-78-0x000007FEFB9C1000-0x000007FEFB9C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1204-90-0x0000000001370000-0x0000000001A21000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/1204-103-0x0000000001370000-0x0000000001A21000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/1204-88-0x0000000001370000-0x0000000001A21000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/1252-54-0x0000000075091000-0x0000000075093000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1252-114-0x0000000001E90000-0x0000000001EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1252-115-0x0000000001E90000-0x0000000001EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1252-121-0x0000000001E90000-0x0000000001EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1252-82-0x0000000001E90000-0x0000000001EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1252-87-0x0000000003970000-0x0000000004021000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/1324-131-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-138-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-129-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-125-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-130-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-124-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-123-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-134-0x00000000013B0000-0x0000000001A61000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/1324-135-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-136-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-137-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-126-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-139-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-140-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-141-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-142-0x0000000000210000-0x000000000021A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1324-122-0x00000000013B0000-0x0000000001A61000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/1324-120-0x00000000013B0000-0x0000000001A61000-memory.dmp

    Filesize

    6.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.