f2be132811577aea485de36890e65d1ff5e79c470e0c73b880268bd6d241ca5e

Analysis

max time kernel
126s
max time network
130s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BDCAMSETUP_ENG_5_1_1_1837.exe
Size

21.4MB
MD5

060bea29b3e2c6e476cbd2d4b10ee495
SHA1

e58f23d42d15fb4dbca276540bbb637b2724dce9
SHA256

f2be132811577aea485de36890e65d1ff5e79c470e0c73b880268bd6d241ca5e
SHA512

d3cf94ea30eb020bfc43a474fbebf44b074efd9a5f1d91f440e445f1c5edbbef0560ba134512540a26696c4ba94803be6a7fc0d9a75a3e3e5f02584c4ccf3c72
SSDEEP

393216:YtmljDgTsny1KqhbhBS0YK7Vqtkr3fdqdhPuXHvtWNfznm4h4vu:UmBgIrA9BS0YK74kr3lqd0PYNr/h4vu

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

BDMPEG1SETUP.EXEbdcam.exebdcam.exe

pid process

952 BDMPEG1SETUP.EXE
1216 bdcam.exe
1288 bdcam.exe

pid	process
952	BDMPEG1SETUP.EXE
1216	bdcam.exe
1288	bdcam.exe

Loads dropped DLL 34 IoCs

Processes:

BDCAMSETUP_ENG_5_1_1_1837.exeBDMPEG1SETUP.EXEregsvr32.exeregsvr32.exerundll32.exerundll32.exebdcam.exe

pid	process
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
952	BDMPEG1SETUP.EXE
952	BDMPEG1SETUP.EXE
952	BDMPEG1SETUP.EXE
952	BDMPEG1SETUP.EXE
952	BDMPEG1SETUP.EXE
952	BDMPEG1SETUP.EXE
1884	regsvr32.exe
1212	regsvr32.exe
952	BDMPEG1SETUP.EXE
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
872	rundll32.exe
872	rundll32.exe
872	rundll32.exe
872	rundll32.exe
1836	rundll32.exe
1836	rundll32.exe
1836	rundll32.exe
1836	rundll32.exe
1216	bdcam.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe
1292	BDCAMSETUP_ENG_5_1_1_1837.exe

Registers COM server for autorun 1 TTPs 12 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

regsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 14 IoCs

Processes:

BDCAMSETUP_ENG_5_1_1_1837.exeBDMPEG1SETUP.EXE

description	ioc	process
File created	C:\Windows\SysWOW64\msvcp110.dll	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Windows\system32\D3DCompiler_47.dll	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Windows\SysWOW64\msvcr110.dll	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Windows\SysWOW64\bdmpega.acm	BDMPEG1SETUP.EXE
File created	C:\Windows\system32\bdmjpeg64.dll	BDMPEG1SETUP.EXE
File created	C:\Windows\system32\bdmpegv64.dll	BDMPEG1SETUP.EXE
File created	C:\Windows\system32\bdmpega64.acm	BDMPEG1SETUP.EXE
File created	C:\Windows\SysWOW64\vcomp140.dll	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Windows\SysWOW64\D3DCompiler_47.dll	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Windows\system32\msvcp110.dll	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Windows\SysWOW64\bdmpegv.dll	BDMPEG1SETUP.EXE
File created	C:\Windows\system32\msvcr110.dll	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Windows\system32\vcomp140.dll	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Windows\SysWOW64\bdmjpeg.dll	BDMPEG1SETUP.EXE

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

bdcam.exebdcam.exe

pid process

1216 bdcam.exe
1288 bdcam.exe

Drops file in Program Files directory 64 IoCs

Processes:

BDCAMSETUP_ENG_5_1_1_1837.exeBDMPEG1SETUP.EXE

description	ioc	process
File created	C:\Program Files (x86)\Bandicam\lang\Russian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File opened for modification	C:\Program Files (x86)\Bandicam\data\language.dat	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\data\effects\highlight15.dat	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\uninstall.exe	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Finnish.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Kurdish.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\bdcamvk32.dll	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\English.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\French.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Lithuanian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Spanish.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\bdcam.exe	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\bdcap64.dll	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Bosnian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Traditional_Chinese.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\data\effects\effects20.dat	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\BandiMPEG1\bdfilters.dll	BDMPEG1SETUP.EXE
File created	C:\Program Files (x86)\BandiMPEG1\uninstall.exe	BDMPEG1SETUP.EXE
File created	C:\Program Files (x86)\Bandicam\translators.txt	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Hungarian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\data\lclick.wav	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\bdcam_nonadmin.exe	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\bandicam.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Burmese.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Latvian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Romanian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\data\start.wav	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\data\effects\effects10.dat	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\bdcamvk64.json	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Bulgarian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Croatian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Farsi.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Georgian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\German.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\khmer.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Serbian(Cyrillic).ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\bdcam64.dll	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Arabic.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Dutch.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Kazakh.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\UnregVulkanLayer.bat	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Armenian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\data\effects\highlight30.dat	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Thai.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\data\effects\effects15.dat	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Danish.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Greek.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Slovenian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll	BDMPEG1SETUP.EXE
File created	C:\Program Files (x86)\Bandicam\bdcap32.dll	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Uzbek.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\data\effects\effects30.dat	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Hebrew.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Italian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Indonesian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Japanese.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Luxembourgish.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Malay.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Serbian.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\lang\Turkish.ini	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\bdcam64.bin	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\bdcamvk32.json	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\data\stop.wav	BDCAMSETUP_ENG_5_1_1_1837.exe
File created	C:\Program Files (x86)\Bandicam\data\skin.dat	BDCAMSETUP_ENG_5_1_1_1837.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeBDCAMSETUP_ENG_5_1_1_1837.exeIEXPLORE.EXEbdcam.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f35fd4ec1ca1494aa57fdd0dc6b810a40000000002000000000010660000000100002000000006affaf5b6c1669ed6fb2c927a57b99bf1049611e84a7a82b09238a7b5386f52000000000e800000000200002000000065c8b158e4b19edd10932671a2743accbfd1369e28eb0b2e055ea304698e4f72900000001bda541764da5e3211f2e1f0c0add001617095fa9ed05cb4c9cf4d0375cec5eca8e84d657c964766af55d6348e8d25ea3f0e5dfc734a758574e17de376a39dffd05814ca070faf981bc1dc97170515b344ee796c3da2e252d968bedebac4d80517fe085122e70f38b21c113b15ac65803941694049bccb79908e7d552f46f2378cf6a2afc06f84b42a44a6ffd87e1eab4000000060d66e793556652ce652639c7980af529f478b58f2402cad825b075fb9917aa81dfb93791f6541957e3eada1387d7bb35dfd3afd797ed251d9a5d343b05632b2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\bdcam.exe = "1"	BDCAMSETUP_ENG_5_1_1_1837.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "387061529"	iexplore.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	BDCAMSETUP_ENG_5_1_1_1837.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f35fd4ec1ca1494aa57fdd0dc6b810a400000000020000000000106600000001000020000000f4bdb08ba9dba20cff3ae0bac28a7db59389a63127a776b493de5a21f28cdaf0000000000e80000000020000200000005499f3ddee553fa8894c99cdbdea676636d5706e442591c2d0d5b4c925f114652000000011736c4c5345cc0b51dbd0ae2ddf11f7aee509d5ef8f2f2a78935a3ec38851664000000095af470ec4f69e5a447cac883c5ac6cd5f1a22dfaa714a60a30ed1e0c33228e885cf2ddad3bc7a8c4dae842a75b25d5b7880902dda65faceb744ea2e6eb68872	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	BDCAMSETUP_ENG_5_1_1_1837.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5ABEB6F1-D007-11ED-B189-D28FF4BEF639} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5023b83a1464d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main	bdcam.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\bdcam.exe = "11000"	BDCAMSETUP_ENG_5_1_1_1837.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exebdcam.exeBDMPEG1SETUP.EXE

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FilterData = 02000000010080ff020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000aa00389b715000000000001000800000aa00389b710100000000001000800000aa00389b71	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\BANDICAM.bfix\Shell	bdcam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\CLSID = "{89C4B786-A490-4A3E-AA70-E6A8C61D3689}"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ThreadingModel = "Both"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ThreadingModel = "Both"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\ = "Bandicam MPEG-1 Video Decoder"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FriendlyName = "Bandicam MPEG-1 Video Decoder"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\CLSID = "{89C4B786-A490-4A3E-AA70-E6A8C61D3689}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\BANDICAM.bfix\Shell\Open	bdcam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FilterData = 02000000010080ff02000000000000003070693300000000000000000200000000000000000000003074793300000000700000008000000031747933000000007000000090000000317069330800000000000000010000000000000000000000307479330000000070000000a00000007669647300001000800000aa00389b714d50454700001000800000aa00389b714d50473100001000800000aa00389b7100000000000000000000000000000000	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\CLSID = "{E2E7539A-CECF-4A6A-B187-939943ECEF05}"	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32	BDMPEG1SETUP.EXE
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\BANDICAM.bfix\DefaultIcon	bdcam.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\.bfix	bdcam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\ = "Bandicam MPEG-1 Video Property"	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FriendlyName = "Bandicam MPEG-1 Audio Decoder"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FriendlyName = "Bandicam MPEG-1 Video Decoder"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\ = "Bandicam MPEG-1 Audio Property"	BDMPEG1SETUP.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FilterData = 02000000010080ff020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000aa00389b715000000000001000800000aa00389b710100000000001000800000aa00389b71	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ThreadingModel = "Both"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\BANDICAM.bfix\DefaultIcon\ = "C:\\Program Files (x86)\\Bandicam\\bdfix.exe"	bdcam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\CLSID = "{E2E7539A-CECF-4A6A-B187-939943ECEF05}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\BANDICAM.bfix	bdcam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\ = "Bandicam MPEG-1 Video Decoder"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\ = "Bandicam MPEG-1 Audio Decoder"	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\BANDICAM.bfix\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Bandicam\\bdfix.exe\"\"%1\""	bdcam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\ = "Bandicam MPEG-1 Video Property"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FriendlyName = "Bandicam MPEG-1 Audio Decoder"	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\.bfix\ = "BANDICAM.bfix"	bdcam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\BANDICAM.bfix\ = "BandiFix Recovery File"	bdcam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\ = "Bandicam MPEG-1 Audio Property"	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FilterData = 02000000010080ff02000000000000003070693300000000000000000200000000000000000000003074793300000000700000008000000031747933000000007000000090000000317069330800000000000000010000000000000000000000307479330000000070000000a00000007669647300001000800000aa00389b714d50454700001000800000aa00389b714d50473100001000800000aa00389b7100000000000000000000000000000000	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000_CLASSES\BANDICAM.bfix\Shell\Open\Command	bdcam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\ = "Bandicam MPEG-1 Audio Decoder"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}	BDMPEG1SETUP.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

bdcam.exe

pid process

1288 bdcam.exe
1288 bdcam.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

IEXPLORE.EXE

pid process

288 IEXPLORE.EXE

pid	process
1288	bdcam.exe
1288	bdcam.exe

pid	process
288	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

BDMPEG1SETUP.EXEAUDIODG.EXEbdcam.exe

description	pid	process
Token: SeRestorePrivilege	952	BDMPEG1SETUP.EXE
Token: SeBackupPrivilege	952	BDMPEG1SETUP.EXE
Token: 33	280	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	280	AUDIODG.EXE
Token: 33	280	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	280	AUDIODG.EXE
Token: 33	1288	bdcam.exe
Token: SeIncBasePriorityPrivilege	1288	bdcam.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exebdcam.exe

pid process

1276 iexplore.exe
1288 bdcam.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

bdcam.exe

pid process

1288 bdcam.exe

pid	process
1276	iexplore.exe
1288	bdcam.exe

pid	process
1288	bdcam.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

bdcam.exebdcam.exeiexplore.exeIEXPLORE.EXE

pid	process
1216	bdcam.exe
1288	bdcam.exe
1276	iexplore.exe
1276	iexplore.exe
1288	bdcam.exe
288	IEXPLORE.EXE
288	IEXPLORE.EXE
1288	bdcam.exe
1288	bdcam.exe
288	IEXPLORE.EXE
288	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 48 IoCs

Processes:

BDCAMSETUP_ENG_5_1_1_1837.exeBDMPEG1SETUP.EXEregsvr32.exebdcam.exeiexplore.exe

description	pid	process	target process
PID 1292 wrote to memory of 952	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	BDMPEG1SETUP.EXE
PID 1292 wrote to memory of 952	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	BDMPEG1SETUP.EXE
PID 1292 wrote to memory of 952	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	BDMPEG1SETUP.EXE
PID 1292 wrote to memory of 952	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	BDMPEG1SETUP.EXE
PID 1292 wrote to memory of 952	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	BDMPEG1SETUP.EXE
PID 1292 wrote to memory of 952	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	BDMPEG1SETUP.EXE
PID 1292 wrote to memory of 952	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	BDMPEG1SETUP.EXE
PID 952 wrote to memory of 1884	952	BDMPEG1SETUP.EXE	regsvr32.exe
PID 952 wrote to memory of 1884	952	BDMPEG1SETUP.EXE	regsvr32.exe
PID 952 wrote to memory of 1884	952	BDMPEG1SETUP.EXE	regsvr32.exe
PID 952 wrote to memory of 1884	952	BDMPEG1SETUP.EXE	regsvr32.exe
PID 952 wrote to memory of 1884	952	BDMPEG1SETUP.EXE	regsvr32.exe
PID 952 wrote to memory of 1884	952	BDMPEG1SETUP.EXE	regsvr32.exe
PID 952 wrote to memory of 1884	952	BDMPEG1SETUP.EXE	regsvr32.exe
PID 1884 wrote to memory of 1212	1884	regsvr32.exe	regsvr32.exe
PID 1884 wrote to memory of 1212	1884	regsvr32.exe	regsvr32.exe
PID 1884 wrote to memory of 1212	1884	regsvr32.exe	regsvr32.exe
PID 1884 wrote to memory of 1212	1884	regsvr32.exe	regsvr32.exe
PID 1884 wrote to memory of 1212	1884	regsvr32.exe	regsvr32.exe
PID 1884 wrote to memory of 1212	1884	regsvr32.exe	regsvr32.exe
PID 1884 wrote to memory of 1212	1884	regsvr32.exe	regsvr32.exe
PID 1292 wrote to memory of 1216	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	bdcam.exe
PID 1292 wrote to memory of 1216	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	bdcam.exe
PID 1292 wrote to memory of 1216	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	bdcam.exe
PID 1292 wrote to memory of 1216	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	bdcam.exe
PID 1216 wrote to memory of 872	1216	bdcam.exe	rundll32.exe
PID 1216 wrote to memory of 872	1216	bdcam.exe	rundll32.exe
PID 1216 wrote to memory of 872	1216	bdcam.exe	rundll32.exe
PID 1216 wrote to memory of 872	1216	bdcam.exe	rundll32.exe
PID 1216 wrote to memory of 1836	1216	bdcam.exe	rundll32.exe
PID 1216 wrote to memory of 1836	1216	bdcam.exe	rundll32.exe
PID 1216 wrote to memory of 1836	1216	bdcam.exe	rundll32.exe
PID 1216 wrote to memory of 1836	1216	bdcam.exe	rundll32.exe
PID 1216 wrote to memory of 1836	1216	bdcam.exe	rundll32.exe
PID 1216 wrote to memory of 1836	1216	bdcam.exe	rundll32.exe
PID 1216 wrote to memory of 1836	1216	bdcam.exe	rundll32.exe
PID 1292 wrote to memory of 1288	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	bdcam.exe
PID 1292 wrote to memory of 1288	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	bdcam.exe
PID 1292 wrote to memory of 1288	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	bdcam.exe
PID 1292 wrote to memory of 1288	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	bdcam.exe
PID 1292 wrote to memory of 1276	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	iexplore.exe
PID 1292 wrote to memory of 1276	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	iexplore.exe
PID 1292 wrote to memory of 1276	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	iexplore.exe
PID 1292 wrote to memory of 1276	1292	BDCAMSETUP_ENG_5_1_1_1837.exe	iexplore.exe
PID 1276 wrote to memory of 288	1276	iexplore.exe	IEXPLORE.EXE
PID 1276 wrote to memory of 288	1276	iexplore.exe	IEXPLORE.EXE
PID 1276 wrote to memory of 288	1276	iexplore.exe	IEXPLORE.EXE
PID 1276 wrote to memory of 288	1276	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\BDCAMSETUP_ENG_5_1_1_1837.exe
"C:\Users\Admin\AppData\Local\Temp\BDCAMSETUP_ENG_5_1_1_1837.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1292

C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
"C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE" /S
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:952

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" /s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1884

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"
4⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1212

C:\Program Files (x86)\Bandicam\bdcam.exe
"C:\Program Files (x86)\Bandicam\bdcam.exe" /install
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1216

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Program Files (x86)\Bandicam\bdcamvk32.dll",RegDll
3⤵
- Loads dropped DLL
PID:1836

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\Bandicam\bdcamvk64.dll",RegDll
3⤵
- Loads dropped DLL
PID:872

C:\Program Files (x86)\Bandicam\bdcam.exe
"C:\Program Files (x86)\Bandicam\bdcam.exe"
2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.bandicam.com/f.php?id=eng_app_complete_install&v=2&lang=en
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1276

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1276 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:288

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:280

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BandiMPEG1\bdfilters.dll
Filesize
4.1MB

MD5
ed730387fdcd684b756601b863c47417

SHA1
c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde

SHA256
9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5

SHA512
e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f

Download Submit
C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll
Filesize
4.6MB

MD5
13f7a29baa1e04f74151737cb71bd0e5

SHA1
0bc8682c6c96923a729aa6239aa53d95221b13ab

SHA256
008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

SHA512
4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

Download Submit
C:\Program Files (x86)\Bandicam\bdcam.dll
Filesize
18.4MB

MD5
7ba8d011e1d8108088c300d466361d89

SHA1
4a390a72c871b4a6ceea147d62a4de05c1f55d41

SHA256
428b7604667062a43cd9070c154bd1244d51bc05ede22230e15576cda903b283

SHA512
4803efd4dbbd15b7612794cefba9aedeb8360682b5c86294bbbdb794cdcff6846cd90c5cabac13661483df0d12e19083f59d68755d65ec64ecee45386f89fafa

Download Submit
C:\Program Files (x86)\Bandicam\bdcam.exe
Filesize
6.7MB

MD5
5678524f13a58a56003c68fd1cd82c59

SHA1
e8291f6ece64d6d43c0f1424026e01520d2c662b

SHA256
dbdb5985b9364fa3e6a1d6af9c0228bb77fd50ebe8611821fb75be1588bb0671

SHA512
f341e422ac024c3f38dc32ae6e1ab90f7c6f26ebf2202e6839d4a2cd034669665e36b1009f87dbcf6f1859276bb2031071423db0dec95a70bb120afd470c526f

Download Submit
C:\Program Files (x86)\Bandicam\bdcam.exe
Filesize
6.7MB

MD5
5678524f13a58a56003c68fd1cd82c59

SHA1
e8291f6ece64d6d43c0f1424026e01520d2c662b

SHA256
dbdb5985b9364fa3e6a1d6af9c0228bb77fd50ebe8611821fb75be1588bb0671

SHA512
f341e422ac024c3f38dc32ae6e1ab90f7c6f26ebf2202e6839d4a2cd034669665e36b1009f87dbcf6f1859276bb2031071423db0dec95a70bb120afd470c526f

Download Submit
C:\Program Files (x86)\Bandicam\bdcam.exe
Filesize
6.7MB

MD5
5678524f13a58a56003c68fd1cd82c59

SHA1
e8291f6ece64d6d43c0f1424026e01520d2c662b

SHA256
dbdb5985b9364fa3e6a1d6af9c0228bb77fd50ebe8611821fb75be1588bb0671

SHA512
f341e422ac024c3f38dc32ae6e1ab90f7c6f26ebf2202e6839d4a2cd034669665e36b1009f87dbcf6f1859276bb2031071423db0dec95a70bb120afd470c526f

Download Submit
C:\Program Files (x86)\Bandicam\bdcam.exe
Filesize
6.7MB

MD5
5678524f13a58a56003c68fd1cd82c59

SHA1
e8291f6ece64d6d43c0f1424026e01520d2c662b

SHA256
dbdb5985b9364fa3e6a1d6af9c0228bb77fd50ebe8611821fb75be1588bb0671

SHA512
f341e422ac024c3f38dc32ae6e1ab90f7c6f26ebf2202e6839d4a2cd034669665e36b1009f87dbcf6f1859276bb2031071423db0dec95a70bb120afd470c526f

Download Submit
C:\Program Files (x86)\Bandicam\bdcamvk32.dll
Filesize
1.5MB

MD5
f999bfbaa48d395d42e309385a109d20

SHA1
3aab3cdaaa62048754678d98252409e5581b0b1c

SHA256
9a753d8c522048848363157441a2cfc3b6abcc1b5aa362963f03b72d71717903

SHA512
aceba797d31b243b71b54bcdfd66d4fc6ad73688c9efc426c7042a1d086502af5ac991a297906ad6f8ff993a61457052df02e1b7538401be90766bdc4cdfe33d

Download Submit
C:\Program Files (x86)\Bandicam\bdcamvk64.dll
Filesize
1.9MB

MD5
94f867b7c0efe7cdfd701bf5e9daa44e

SHA1
5125786583feff84e57f1c4391a2ec795f3cbb33

SHA256
e020cc6cb8be609f7064552c918557518970552dc240814337d3ac805154dba8

SHA512
5901a0dab95519e46317b41cf0695d8ff9fe7228a2fe38356ed6949e645c193509f08fa509372bf20ea22e16a6732605a520be598d49100d4d74ad2de92693c8

Download Submit
C:\Program Files (x86)\Bandicam\bdcap32.dll
Filesize
11.1MB

MD5
55d4881cf02690dbc674203bbf9b38ce

SHA1
f658b57b82eecfb995afab7e41e95058e662a1f8

SHA256
fc929978e2c172fc4c770090a8f47bf003518e5ef497b754aa120b11933ba102

SHA512
b4c3c1fc92f5264946cb45670366fd83aede0429ae5afebe997317af0336fade15407d27b65f36d408686910a3aba4d7fec502f2be72278a2080d50a93f46785

Download Submit
C:\Program Files (x86)\Bandicam\bdcap64.dll
Filesize
15.7MB

MD5
a0819e3226d77194a6305a27040fc316

SHA1
f08a082637396b4e4456675d06ea00d41e25007e

SHA256
3553081a33ec50b1da0f043b4ea137170fc079f3797259e9c2ce06960fb95f47

SHA512
901578162bf6f96c70981aa92ddde43facbbcf668dbc31628609f036ecfd11e9c8eb7ad7b31c41022b124c14d8af83eadc0693135729464d0cda75e2a02ea97a

Download Submit
C:\Program Files (x86)\Bandicam\data\language.dat
Filesize
78KB

MD5
6a0f63570e3c72c76a486bb47e232fae

SHA1
b0c9fb828865fd836d9df0105f917ae75ec831b4

SHA256
ce68eab73740c3e32f6d1a1b19883cae2691122dae996678b7139a87c20c4917

SHA512
fef659982fac74eeee1ca1835e9c9ff59ef91253e55e82fa16b7f9e159be973bdb9eac2ff70c85f1e978f12278717e50e2624e4f29a5491ffae1bb872a281cb1

Download Submit
C:\Program Files (x86)\Bandicam\data\skin.dat
Filesize
663KB

MD5
07a08c7ea2d84b5bb2fb1f85aec333bf

SHA1
2a02c002f8b9021695b3a9f0b4c72bb6e9eb607a

SHA256
257e586ba2259bc7b5d8d6d9255d1c0f130843ec541450bf495a97494d190913

SHA512
4e54a34819c4d2df602ddf9cc94057ff6412a79b7cb3be40f7c3dd3cce3c0af010956d56728cbbebb3cb1472e0ff535b94afb5cbb6a97e765baf5e8ea4015435

Download Submit
C:\Program Files (x86)\Bandicam\lang\English.ini
Filesize
116KB

MD5
1446b0a7315a4d0e93bd5d468846b17d

SHA1
b979c433780084e242bcb48bcd722655076fa83c

SHA256
320bf706952073a2c877ef26c2df088cac64e65c6285fe7e186be958d27e7d57

SHA512
5e34739bdd1f2d5247fe90c29bfcc625a57f8b3dedcd1e68a1f796f640305c8eaa227df4cada8bbe0c950abf69296448467583035cee23976e666a51cf9753f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
38e5eb6d4499b6c56dd9385690ab0876

SHA1
e171270aff6887fc96c71902a0dcde1216472922

SHA256
79da6213d920d6816141c9e8ae7a3f96b3879d2b764bb51f748a54eaefe30bad

SHA512
de2a010be7c5bf0598ff0c28b24ff35ba9303212765c85d927404d42de8a9a76379b8721337e74227c6f43c79ca2af4ff603469abbe33fd2cbc37411017d5f50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
685426f56b4fe00c995f33b3e6a203d8

SHA1
26aec5bddc75b47c979911ac53699bc50b3960d0

SHA256
46d27c25cef9044d9b5de757c3656c194281825d9a75b9580a07a33143ecd7c6

SHA512
7fd78737adda0e655e47725c7dda8cf3f039a680741e82d90b43270a86b12b58fe624064cc4cf006a9235b7fe778f2e3259d11a1f72d62b285cfea2bb8bd0bf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
20e7e2d64315f9e0a6d3a730b2f2bd4e

SHA1
6fdba71717efe58095a6e7d5b206db417b556c55

SHA256
134f3cb52971abe4592312ba6085877d02e0a4c4990d2d973f7e532d523d6e23

SHA512
0ea11e4f755ebfd55a6336222aa8d19cb53b6b8773fcb51965072aa3ae5ec49c64437ac9259ce1444f315e91a033bc9e7f1d30160eaa10e710befe2157a94beb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
39713c5b1e4828daae41db0a113a23f2

SHA1
d5e90e20fd78d08539fc32c76d550e4641703a49

SHA256
23782cbca4212b014f31edf85eefce3f17e11c00180aed50a0ffd392cbae41bb

SHA512
00d39d943d8645408f96e467b94aa127f97f9b41a2c7afb6fb0132f780eef618680a6718afd60ca4f77636ba7e585ad5d898de7d4fe8d2b6e4207f72e735e9c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
070275e172ae232600a412e227408787

SHA1
d0edb743738cdd06cc2a0ee3b5fee6d6d6554643

SHA256
0aee73191dc19b209d93039c823b55de593e6cc00fc606dadc03ca485aab0c93

SHA512
5db822ecea1c8a84efb2bb33a85325756df25b7a0c6d212c4a96127c3acacfec1f3779a3f3d6a2273660ab1f5d93ed5a3d5bb0dfffe1e32d812b75a272f54912

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5f8aab1ebcd3739dd8c7590f37bc7ca2

SHA1
923562b026a45543457471816413303a91be733d

SHA256
a7b821426e53aec5fd61ae31b4a0f18175674cb857855ec0514b7151d3b26825

SHA512
870d3c8a4cb996bcb2b90e4e23705f37d6919067da771bd220c8687122549ecb3619a80a6f99dedbccb2db818ac195112ab8468a55b477789c06f56a613a7471

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
8edffd6ab245c6a2facf10ac62ffadaf

SHA1
292f6af23f20b2b252a1db20524891e353f3d0ec

SHA256
7137438128ac1fe3911371a12c820a11dd7acb0b2a24a94d7b0c4309b3724bf2

SHA512
f0b7e0608bba131dade4e12d53a0c6ad23cddb30cac1c097ddb24249e6d4288c27e59c241defcee37769e1456d91304463282d6239411d87627c008230992065

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
dab1296ba5e6cf734867bd8f508529e4

SHA1
9b5ec6484c2f216afdadbdea6dbce71fe797e6ed

SHA256
265ed1b9d1a95069a1025c8c918c8216fb99d51f56cfcf41959af90c4043693a

SHA512
4d93cc77051592cdf91e9f37d1c23d999ed4718696239be14a0617b28821bbb12104afb6d0a5ef728bd67ef81d4274b966d011ea8b4ccf85dfa0e818af6dc080

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
30dc06fc066be884bf28d14755fe7e88

SHA1
c82b8295a89daec573da5ecd57bf09e2a6de74ea

SHA256
d89406f216775f76daa92855b165fda3cac290fc36546eccc19f4a8d2182d969

SHA512
d2d0880cde0bdc08e14e3790cb0aeaaff161bae37721721fb0330bf962cda6f3f197322e700135a45b2ba70aa2135c223c197aa35a7bf2bb6f26347765bbe895

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
7c11dd58541f520ecfe3ae371d3fc6f4

SHA1
eaf78365148a895bb21109fbbee84742afab3264

SHA256
8d9c7885e297e3a42cb7d1c0527426c93f931dec45f1087e03b0c628746a09c2

SHA512
c6b402ded6b6c7ca9703247602398f3a34ca73148dad3a213c088d818f4bf03bfa456f73b3353bdf8e03874f078912edd8d75fd3e4e6f7ce8239537682eb12c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
36d0e827332808ecc6aead3b55c5e32a

SHA1
fbf37c6e5330349031b880ca6c9e04ec7d31d285

SHA256
e3d903ef050b3880ae399ee602c859e24331a2b40ed75168337af05c4371e255

SHA512
1e99d03ce91387934f8a0b5c5cd85f42dacf9fc3c1cf7594e6716e980fc18f021eb96bb5d1765e88b59c3a72894195077ace4c49565c0f87e768bccb63ced513

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
b76c3bdacdf7b0d5275794f9c5c57714

SHA1
47dee09758f9aada19b0be7acbe38211e53cce4c

SHA256
d9c524237853c5120226ce15306de399b62aa4ecdf8b9c418aa8974fdb1a3f52

SHA512
d67011c581aeb2064f5a6ca12b432a2610231f0034e35762e1f633827891562ef7b3e87245d01b41cad39c22a4f7c81d25582160a90dd72a65525e6d1eb29857

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9bb968f3b01493d4f021c17b7d482877

SHA1
e4f9ff8a5f6a6beff13754abce51e8700c020415

SHA256
220002d75f675e610c5a239a5b7cc0599ceecd4e6d09aef9090cd2d456dccd3f

SHA512
a05e45961f64dd3546d9641f3cacea75fb0ebf61fb67323b9a8d80f03db55aba04e150efe8ba493cf4038757bd0f692e1053be4dc02077ef737e75f77dfdb3c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9bb968f3b01493d4f021c17b7d482877

SHA1
e4f9ff8a5f6a6beff13754abce51e8700c020415

SHA256
220002d75f675e610c5a239a5b7cc0599ceecd4e6d09aef9090cd2d456dccd3f

SHA512
a05e45961f64dd3546d9641f3cacea75fb0ebf61fb67323b9a8d80f03db55aba04e150efe8ba493cf4038757bd0f692e1053be4dc02077ef737e75f77dfdb3c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e0b47e79a0c789d234d310eb0b46e5e6

SHA1
d7e7cb09ce19dae6353f2d4611b8457b93d544f8

SHA256
c8cf0917911a894f13731f0700b05ccf8dccc92d7dc5a33445782c2d0e8da97f

SHA512
879f2be3a84d3f6189ad352c13ac0defe96581a7ff0ddcec348f34913f8a057da9f3beee086e21f24d88d058cf650894997462c81ae87c3306965bece1b348f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
750e294791045010770e096dafb89d2a

SHA1
b918276b6431fb671fc3ac41cddefba77c202f62

SHA256
8369c5b3d8fd86c1c65b4235c1d157471073987a0d1cc5b96a2308ded2e6c93a

SHA512
57d8e6baa48e41b3db338d48a85cb09d5ff0dcb28457d55d61a385440820b6a4246ad1643b3bb48b02100a6d84e674fd0de1ca3e14bd23038b9f14380666c2da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
c93e3136b72d8f8f2f34bce265e817f9

SHA1
0a4b6d3213f17eb49eda3cb5a308fa7e8dbc7b5c

SHA256
6d34d398e0f23f637adfc558f0322cf9e228c74e6e6d7ad7f735d76e59c4197f

SHA512
87b356d9a76cb59ffc6b265b99243d6de8cd74d6f4cf572a507cb8d7dc5a348001994c58abe506bd576b523743b7ba8464d8a54b04eb32fe551d1ea49028b436

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d9d406c61185ee450ac06aa82bb6391e

SHA1
e7162b1d470b69b55ab3365f762d4f72fa4604c5

SHA256
7d4dde38f105108f08abf064056b1aedc4769a9e09392bdcca4ae4ee2bb58226

SHA512
d471afeb2b8152ec06346da231ade91ed26586bb9e65db17a7bc3b594b47efd582785521ffccd2e3f36ee57df8a168e08d2e4e0e9c8c6e0cffc9bfced4d5940e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e76bb086c089e3b13b0515519b270171

SHA1
f32e2db383e6a9fdec9025ff9ba39034374cc388

SHA256
42d7c19842436531bd71e88b9f2650719a680663be23b980a9829c27a048fcd5

SHA512
7d0b83d0aaa96c82d89837d9ee14d2194b2ad3c04b196b9d29a9d2555bfda67d46cb1c35a5e487520531738ac1d7826ada976cb10c74ece6c4888936af69bb46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e76bb086c089e3b13b0515519b270171

SHA1
f32e2db383e6a9fdec9025ff9ba39034374cc388

SHA256
42d7c19842436531bd71e88b9f2650719a680663be23b980a9829c27a048fcd5

SHA512
7d0b83d0aaa96c82d89837d9ee14d2194b2ad3c04b196b9d29a9d2555bfda67d46cb1c35a5e487520531738ac1d7826ada976cb10c74ece6c4888936af69bb46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
54f5a41a10914df179108afd0d9b8d40

SHA1
b8495fc968d29fc6fa8e8dc717805c9e673989ae

SHA256
56c0f7012adc272bade66f3d288e8c0eb26dd83b4cfda65999969c9a2e602626

SHA512
165a1bce04d9d686e98c8629077e26ac0fe13139e128c1a27fcd8e0119122551d20fbfc5a757bd075cab9234c99a2b263140532cc8ee04a95fbc307795f1ed43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e0ea51a0b7e64b4fb835fc56cd25be59

SHA1
d3c96af7c499f2cc820ac84ea3d832ca2b11b491

SHA256
7dcf0080527174fbdac7a4b7bdc4d027a560343795fc4ac99bbe7c5958b0e494

SHA512
eb0ae2fe2b55f526513ec04d118f7c74d7ac22d616084f7c1b30ccf37c9e9ffb3758b01f14cfdc86019a3573c5a34c66245ebcaf2d5d167ad9392399b6e94a26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9dc3f3b485b1999540aa8c9f17d0b757

SHA1
9bf0d218d4983d3daeab38dcc28c5039daa1ee52

SHA256
711263934d961e4395ca9abddd4babbdf3642a3c35be99373904b3e55423e4e4

SHA512
e01b82e6cf61e311bc6509c9516b6c20f44ab7c6253b0a3032e7427f32fe9a7f8a952b15b49738a84e5d22a942cce568f983c79d4d484651c0efb3a0f09bf538

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
bf1b64536474665e94a2923b458d4880

SHA1
53cd8599a0a5103568a08ba10cf81030737bd304

SHA256
804c41764c46f6d71d421d9d7ef39dbdbf34e3cd34f8818ed1610f4ba6d6bf6b

SHA512
0529e894367900868b389814ae76ca0eaa2a82eb6dbd8cd863544fdaadf87c98aa62436804ab72fe7425eb2fd69145768fd8b9add19d37cba2c641d3b934cb00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
0bdbe9eca25d7e12f86150e4483e2e12

SHA1
c3e9819d4ff72bee2c2f289c0a2ed25670dd8e89

SHA256
59951f28653a64629248e2d9fc3635f7ba945664adf04820d19b7e2143c8e6a9

SHA512
269a58df0111674c4f5f65b08ee4b30e6651d15568e1e62991dd1dbdc441558b2243dde82b08e24a14c18aeac27e73c6b7be7676c685eab432e848cca074a7ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
97a4955f31ca89441ff72fac1a787562

SHA1
0eb09a3fec1d7b1383fd38185ba95d2a53ab197c

SHA256
7e7519bd42a74379bbad3b9c27c8d9e8038313468626f6494b1f4f1d54e7cca1

SHA512
7475a386725b8436c2d2374e1a36de1c890a73879185d09121d3a8ad323ab56fdc24ef34975f06eab21d35ce578c4b93feb168e1220d1993652d073a972e9b7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
97a4955f31ca89441ff72fac1a787562

SHA1
0eb09a3fec1d7b1383fd38185ba95d2a53ab197c

SHA256
7e7519bd42a74379bbad3b9c27c8d9e8038313468626f6494b1f4f1d54e7cca1

SHA512
7475a386725b8436c2d2374e1a36de1c890a73879185d09121d3a8ad323ab56fdc24ef34975f06eab21d35ce578c4b93feb168e1220d1993652d073a972e9b7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f7e13ea21fd8aaf86a039af1d819f260

SHA1
ebd5c27227ed2c9bc959ec2e5b1946a7b9c33dd0

SHA256
f198946364d805877cfaa11b32fab883e90892f312e9981b20c18ac007ceec52

SHA512
727c1249dc8d42827178a643eec0b9f27e3152d995e822f0dececa4b0ed0792db19650ac9a40e68c81b25be13f2e0001948a8dc583b50aa24d9d5907e28053da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
53944c54ea1b74394061e73da5a67c21

SHA1
22495fb2964b747d51dbf392494d9c14529616f8

SHA256
a7b0256c163876a8f7b917269c804228bbc376f58beb6101cf7bad18cf1b7678

SHA512
43d2c95a9fa45fdae82be4936e12dc61b7fa8096975f060f2c54c903ad84dcf53dc0059db6e9abade19f48aee85e1294769dcfb31c0a53e35ada49ac8ef9a785

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
53944c54ea1b74394061e73da5a67c21

SHA1
22495fb2964b747d51dbf392494d9c14529616f8

SHA256
a7b0256c163876a8f7b917269c804228bbc376f58beb6101cf7bad18cf1b7678

SHA512
43d2c95a9fa45fdae82be4936e12dc61b7fa8096975f060f2c54c903ad84dcf53dc0059db6e9abade19f48aee85e1294769dcfb31c0a53e35ada49ac8ef9a785

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ec871ebefc2cdab7cc2ef69939131025

SHA1
5c73040209ad0c35b01b0c19b9033bd932cd9654

SHA256
284b893a92fa33e11aa0552ed6ff393f8d7326f917f6f0e5bce2e16fa5e1c7dd

SHA512
6700f160ba0cc659741d3064ce0f4e795c67e07ce758e3fb107571229a7bdf3d74cb65885f3173a42f9d6176c0838f3b8e8798d4f9cff4d7025176168f9714ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
766cd39b240fb6f945245761dd8d2cc5

SHA1
6ba545fff1b769593a9bf6b4e9e5e17904f1fd38

SHA256
060e1dc32ff60f7aae096f7c7382ebb2b79114d8270507bf901921f0b2df5906

SHA512
f91361d287a1705345b9a6070644463d568004d85a72b3f95fdf36696c2972c5c74a546492982de10fbddfd337c65f01f3c859098b251e9a680851307c8e2c46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
766cd39b240fb6f945245761dd8d2cc5

SHA1
6ba545fff1b769593a9bf6b4e9e5e17904f1fd38

SHA256
060e1dc32ff60f7aae096f7c7382ebb2b79114d8270507bf901921f0b2df5906

SHA512
f91361d287a1705345b9a6070644463d568004d85a72b3f95fdf36696c2972c5c74a546492982de10fbddfd337c65f01f3c859098b251e9a680851307c8e2c46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e262bbafec526612e250d2e970dd081d

SHA1
95734d3a1f423a41c595f44b0c157ac86b51462d

SHA256
552a52c3213fbb6216013c166fe5a08211a118e3c81074d6d868e4790d97a12c

SHA512
2911ec529dc95d61345b718bc6670ccd9d8bb2a26914f490428b6e5c09c5e90d07d0289fcf92ed96a8dac3332d22baf9807e1dcae86e519b6dd2cb64ed5e940a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
4cbc781c79e9e041546e272f2b47bd61

SHA1
335bf88deb428bcea246b2d65922f42f4634534c

SHA256
b5d4a098358a8c81bdb3b496ff9bec9475003193d5125a69aaedacd0fea118fa

SHA512
396cc33c6262c7593db7181cd5d71a99eed2ce37545bf63669b001f2a88b29933e58579c4536d0f17d33e4e0c01103e600b689d4a55359bc51c5e2159693bb1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5e93fc4ae1a2df7bf4f37b95b1bcaecd

SHA1
6f3e39ef6cef72657105395e54c2a2e9fd97515a

SHA256
6e8fd4e4e6e2cd24297a9319be107ad42eb891c92241b63f5e450397b6db9517

SHA512
06aef3b632220a8db86cac9e6d8c2e0e93d5ab2cbfe742b94c1295d137638baa90f96fa1a4c55cec0ef460803a4906df03df0084ac3f637f476dec7a594ad8a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
77cf93d94941f2e45edb82e1bbd6e73a

SHA1
ab4846c24164af8c9d6da109e32425c4f69bcd22

SHA256
d5f4e9731d79c4ff1e048e93a929babe0de2feaa6c08b8896158ebc0dbb7ee2b

SHA512
6c561e56b8339d38bbd103c289bf5a2b562e7eb089c6e710b678a586939027e482dc82de663ce305346e62399a9b34eff08740fa0a5e8f90fe18affe3fc890db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
58cad0ba9d553b76dd3deefc5c40eb9b

SHA1
cb4d230dac7645a46afda7e13ef723f7d926921b

SHA256
f5c0e313d6c730bf0b811eda7e109f62d634496522c097ec48985e54a7575147

SHA512
2e307ffd147ccbebed302bd47b4be9e7449b00b2ded5ae9229e0fac2d1f7b9d805863d23ea8f74de09dee8cf1754745d9af33ef3609b5442092b89713d5fa265

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9451aa880c04c071dabaf70682751c6a

SHA1
bc7243d4892691516c38cdb144774967205c5036

SHA256
ee40ad549d203a92e9e4ec18555cfd9ff35592f5a114bda2efa09f74bf3d1db5

SHA512
65cc88921ccc70a0a5a00c2605de9064dfebefd357edc32aee0021b291eded073b0fc82c614f3502b0dcbcd1e71f94a6bfe8253cae442610c2d3a10520653f70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d62c71b80ff58bcda67622d04d58fbd9

SHA1
fb4d8593d3857e0ee6cf23aa8531c5755369b5d6

SHA256
995e06e85dc676cc2776fddbf8635592816869a14149e2d349d5f818b8817868

SHA512
9ada29409558759ce4a0f0c8f30353075dfb6c371f2585096eca9775ee14db9893f06a0c39de30c2770fe1c267a0a2cb70a3fac9ef1d70f9812f16ec8912a662

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ed8a0b299c0e15003031b196484bc4d9

SHA1
7a9bf497ca627cbbe95df26f1ec198469af3204e

SHA256
585e69a418e02e741073cc31adb8166053c1884ab7681078414ef6282f655a6e

SHA512
0cae4dbb3adc204ff4db2fb562a9332ac34d5d98ada3404e8c6235ce7460026f076d0dee378a94bc17fb65475e1e92b8591b31bcd7af6d703e2bfc4f7a551417

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
85e305f169e097b8583993119f1f431d

SHA1
80ebbc9f366bede79dfb21eb997a69ee3e577427

SHA256
c6e7065d012240fe6ace968a82dc55dfe2d2022ebd6b9df77f733ca0c9a76779

SHA512
e796cd3e87d6780a6c32a6e4957ec89c2c254af84c61009fc19c438c0993e0780fa43cb522c68fe251eba86e474a89b2466465bf76d28d16c361b0ae399023bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
35e207c7da616aa156a7d377de41cbe2

SHA1
3656c29cea760738b5369f8dd666e8c0c398882b

SHA256
c1deb1aa3e3db3aaecac98a349dbb070a0f96a124beca7c484e0a3a5eb4f113e

SHA512
9a0ad9b837c415918b0458fb42cf47931a170938b14f301a657f3b8701018ebd3ff8d4e66988d2272a6f1a06d62d8a7926abb93318b8b160f9be4f2c78de5ae8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
630912aaf82ac0c8aa7e074270f2b688

SHA1
5685abba42c806e25599b152fcdee567e2d72135

SHA256
83d6b81150fdff118667bf6048c854cabad61e328fcc22b2867aee93de580725

SHA512
5ccce49b570ebf977f1a2c8fabc34e5b7a2be3313ca26896478295811a919451363903e6d70031c14e1f1685de0d2f54ff62845e0364538ec358332b5b5bd817

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
cc2dd8f0f7703ab8c9b186170b88f9cf

SHA1
7a24ca2174ba3e78e331256f7f422c7338502eea

SHA256
8bd9a4635dab0347f39494a70aaed1993f81e04853dfa90d1831ed010dca35a5

SHA512
1956d22e48c82abad5b9cf0c88647f3c5559d917cebebfbca3eb3b731e6537db812cc3571e98de610263da2ff1d2b4662bdc4e21bf9b69d755a3bf74083109ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
6e393b209584ce90fc35620c44cc402e

SHA1
624d38107cd48af009b3d3950f436bcd999cae40

SHA256
fdabb4c2f572e35f78f33f2b958ad9e23bcda704f1bbfcbbba019587e439c5ed

SHA512
55285db16f9062c313d28c0fea7a0d39c0eed1bc021d2b67a840d715715d0e82a1203d1b3a51300ecdb373f8990c09ca3251ecfeec485644e9c64191ed72b014

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f1775c8197b865faa0789902b87233a0

SHA1
7a35c8276d95d8df7a55f5731ca3f39fcc5e21ce

SHA256
2c3821d65017b818bbc537d84cbaa7527430c51507ea72f5ce71fbeea3d9b582

SHA512
e577e501a0ede7b0645ec0f24f5413031059a8b746d951d8cc3ed3c3223174725895aa7426529ce47fbeb0b42194f434c7b71f96c271a4a2b224ebbe0cb73e04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f1775c8197b865faa0789902b87233a0

SHA1
7a35c8276d95d8df7a55f5731ca3f39fcc5e21ce

SHA256
2c3821d65017b818bbc537d84cbaa7527430c51507ea72f5ce71fbeea3d9b582

SHA512
e577e501a0ede7b0645ec0f24f5413031059a8b746d951d8cc3ed3c3223174725895aa7426529ce47fbeb0b42194f434c7b71f96c271a4a2b224ebbe0cb73e04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
69ae1895be72a6aee5b051d26a406a8b

SHA1
7834d557d3fc57bd6e6bdff137d055d5c6e019b3

SHA256
86c0c2ee512e9913a41757b7b095351fed4ad133d375d3a54343f0423f4fd03a

SHA512
60e4ebff39dce7605fb2f5f7b4ed63a850a721e35da48c0e6c0d6eb0375670b378bd7edc5972ad65d84056fa326746458050a715f3b7b12c94c19fcf80823be2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ce0326590d6851d9f78696a75acff176

SHA1
2f35e4db612deab77ee8661fe2d7927a6f1b8c10

SHA256
8dd80f7a6c7b5a385018b7b13704c32235708983c6d0b4283f78afa6bea3f8fc

SHA512
848259144d235c4f79af7ed72572776b25b17f99b70225663799b30962b9be1b7ba7be090d9227c83044f43e9d2c5d693c0cdbd71277fd92e25821cd8bb15347

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
35aa97fab9279746720e5c11a4d7d6f8

SHA1
e322c89900faecb954dd39ab4125c7a1c5514dbe

SHA256
f61c47e8035fd86e88ed6c2eba0b5583b0c5d45c24a3a4082d69e9789e9b675c

SHA512
6ed9899d27a039954f05c08742408a1ca2f4b76f3127f6470ca06d86d47895838df986317c731da52908dbb428087a84f1c2641b4eaf3cd5cd89f595ac2b86d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
15a7b392dd6b99503ac80a54da9b5538

SHA1
933437585bd62862735458cbb224ffc1b63effc4

SHA256
4002d2c86f431a4b43ec5314b811d80d815bcb8ce16fd1c4f5b19248be0dab82

SHA512
8584f8cfe4353e28dd4cf5a0656f640ff8a86bfb250fcd64fd4d912a30cf5f4da0ebcf91690126c74e8a3af5123eda2af6736471471dfe8b1af6b02a0244be4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2b508d6c1807aa3c0b2c7a3d8ad5ae64

SHA1
c657301ee41ca6f3db803f803cc623adeda6b53d

SHA256
350e149e6907af2b7f9d68f32f54aae47ff58575f4205869df706d1008a93b83

SHA512
4cc80557b7fbe9669ee90ee1d8ccac1b3d9c3bf506406b4eeb5f4497cc55f64c0fa63930175f354e562b18d7f62ca93ef53fea3ecef42722486852ea0e5bfb77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2b508d6c1807aa3c0b2c7a3d8ad5ae64

SHA1
c657301ee41ca6f3db803f803cc623adeda6b53d

SHA256
350e149e6907af2b7f9d68f32f54aae47ff58575f4205869df706d1008a93b83

SHA512
4cc80557b7fbe9669ee90ee1d8ccac1b3d9c3bf506406b4eeb5f4497cc55f64c0fa63930175f354e562b18d7f62ca93ef53fea3ecef42722486852ea0e5bfb77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ec7029993aa91209f341a1f5be514b20

SHA1
4c3c28ea4b0df9d3715d6e7bfe558b43341c3652

SHA256
960d71e8b618995bbba975acc2cfd9df54db6fcaf87cfd69570ec75529937d37

SHA512
0fa9ef164271caeaf1f20ee3715c7089ca9cf21ee5a095bc3bea68f59dd8e2df5f35ad81b7628e4f8eaee4d7836f8a78444751f1bc4aa2ecf8e5795efd60eeb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
191b69c91155fcdc811bcf74ef23566e

SHA1
42df0192aa8671a77acdebbb4eba8fa3cfb03a27

SHA256
49bc85aed031c6482671d91c1684b5c2214b6b42cd83d2e5ced322f367ccfa77

SHA512
3279e70bd136b69fd7053bae2cf51e4ce715a3029ae21642cc967447bed2c2d761ba53eafb2d27c78c6ff93e2d8a68d19faaeb8a1bd9ec5e9ed454bc53eaf8e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5deb18e414cfdee4c7b8f477a096778c

SHA1
808c99e9360913e358b875803d181a0cf1c83ed1

SHA256
edcd6d7d5510587e8e9477286bd6f577a227a471370c9536dc1810d3a94a386f

SHA512
64e678351fc572adcd3e19482dff8c7e09b69ee8c501a73ebdc1eadaf66aae050e8340f8b3169c301ea6abc969e4ed5fe8317a1097889793725559fd46157500

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d158bd4b3a3f3ce38c947d21f7dfcfb4

SHA1
8043a6f514e9eaf14eb599068c8daed5e92fa1e6

SHA256
0c539136d5a56f2ab88c3c70ea2e2c658e07e389bb9e1bda283d154cd3718097

SHA512
fdc76e2682893f2f2c015a568026a35c5ab3231c3a208034ea75199c8aa1b840b47a2bf79eb792caa933bb2dcb3e1cc343a18e75d5259bd6857b4f636b9ede0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
4f954087487bfb9f6a7c1d8ef5b5a619

SHA1
9875dc952959e86351f6556afe7aebe2d5962f5b

SHA256
6b38d2a0bc56939ed8029476c4a6f4875fd067a5f1d2a164e1186d0d606a40da

SHA512
2ed44b4c212cfe898b735a12e1a8adf0e8cde24eb9fe2033f4ed9e04c008fbc563d7738b5007f94b29251bb4b6188d0b5db1728124ff67e09ccc8532e80b7d8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
8af9c9d738e6a95398a98c9f32621c29

SHA1
c9eba765a16cbe13a7977d48badf9a0a364413e5

SHA256
c0c985967ddf3cede7136dfabf5bf742c00183e61fdb48ec252ac57ec41b78d4

SHA512
8f3ea3258de004c2eb8f07e981e47b7963c0d07b86e247cfe017b9e72bcc55b3b4f140f1dbd351d1c4ee28230d946ca52cf147cb5bbc0bf07df0fad6580837ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
c478db09fc70940c7f953c9c7d89714a

SHA1
2e521a0128a2c40f596600aeeba3996416d10222

SHA256
88e6810cea7000eeeed02ae172273d4cb17d1ce4396b8ea903bb32217f3d2c2c

SHA512
a789706cf13a4ca2bbe35d24e9fa3f5dd9a1e16de61d1aad6557b3c4ff54e869d0cc51b0f6e8ed1da6db7ea03f735129ddb8a1b358324d2b89136499a5fbf08f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
eb7fa5e392226154dad32733f865f147

SHA1
26ef656ee5edca2654cc3b8a1747b4896b0e005b

SHA256
02a9409ec58162a1133f3c85a90c0039c7371815b9c8dffc8d51192b0998d356

SHA512
2b1b304dc57f19d882fd46db1550f2b139e6704c434c318bed5237404ad625282cb2c0f619ff818c44b02f7fc26da7451a082eecd06664209b77a3b08659822a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a1f9f5dcba55276d760b0dcecee9d0ac

SHA1
c90b4fb591107eb08eefaf08c797ff785bf05703

SHA256
08798d005f1016284e2b2ef8d84369753e7a13140d273b3971c692c0d431489b

SHA512
b5f7a3ee68160a0030f36b696eae95d936318fee00008dc750a46a6f04b6910224400536ca1bf2322d89e6885458ad3b3b041036ee75e0371d6020fa1b041559

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5329c3d1e3278222e4cdae30208c2d56

SHA1
d3ed92d7d57e7a3328d5f49b1b147a8438508d34

SHA256
b67a44cbce0c0be852aba1f4f60d46b37e4cb39986fe52e3725339e26fc4d1e6

SHA512
65cc5feb617e3350b780211447f15d64b327d715c12b968162284806568fdc4403f16796b23269c4c9756ea7e99ce70b3317cc03db0e76be924227017cf23700

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a8d0fbd1162ae4923f6edad8c1cfa8bf

SHA1
0f7cca92b98fc4147156b21ba1df39f6b70f3c8c

SHA256
1a4318858ce91c5104f14f7a761935474545688be73bb9a721a61e1f22c65f48

SHA512
5edd3d35bb97979c9d3a1eaf041dc8c3d8b3176bfb98f115f7ab17d8c4f65b153f87dde70a932c97d3c9a3caf5580ab05dfefb28fab70bc1866402f69bd80c7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d4d428a39b428db32b004bb90b69542f

SHA1
0c009a271aef893cde60e4bfd5feb4094a71a941

SHA256
a2d212d79c6fd81d8f1a178cd99edb70b123876e9e6cf531bfbe67c9731a5947

SHA512
f3f61a11e4f7a4078ad9a810103f05966dd241340ccdafab9c496f2f4b0559b4f6125435bfbff8afb4723dbad8adea2d5d2ebe5de0523e68b8fcd06932e2bfe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\x4s3ygl\imagestore.dat
Filesize
5KB

MD5
c4ca3d2080989d15bac30acf232305a5

SHA1
a97c885563d59ad74743f2c31af775c5ce564c0d

SHA256
7cab4ee2c45facc3159463565f711b0cd318e28af976ffb66f98b982ac80b9b0

SHA512
c4bc221a2e34cb8263d1ef3f3f7f9f3f61af2894a978a6d10594d5026dc59f214eff1340bfdbb1fbd4fc366d0ce6dbe2ced94622ebce57941785fe037b86e817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BYN4WSI\favicon[1].ico
Filesize
2KB

MD5
8da30e4f305af8d2d916ab2a8d2d7862

SHA1
ef14bf29c519e1dc4a4f8d21baca3a67943f77dc

SHA256
a704f59e4a0a47db5b6248f9f7345db2d68369cb398b9d1e5128e878cd34a5d0

SHA512
a6db3e3e0e4f5388d0c5b1ed3f894a78bd9eb097e10a4312d7a2702e21a0ff990a69f9c319933f99784f1d6ed9d68c260280ddb66e0211886b1a9aef0d10decb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2EIRHNV\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
Filesize
1.4MB

MD5
461d135a4fccd51bbae38f742e123fd3

SHA1
c12a442fbcd4a9c44102f0a560ba03d59bc501ed

SHA256
4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

SHA512
41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

Download Submit
C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
Filesize
1.4MB

MD5
461d135a4fccd51bbae38f742e123fd3

SHA1
c12a442fbcd4a9c44102f0a560ba03d59bc501ed

SHA256
4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

SHA512
41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4607.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4842.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\Dialer.dll
Filesize
3KB

MD5
6e7e197ffa13cea15434b221b96b3202

SHA1
5fc93dca4a33d79d8601e888daa21a1d0e02eab3

SHA256
cb94aead070194af4d3b01f80ef85f227a70b5cfcfa305d26c3b42b8853ac6b4

SHA512
4d294929ba55e145027107aeef135d918f2d6ec4a7e3b9fc8fc028924019d1987c12202cf37e9adf18a70a02fb321de7f060c4977de874687fc8a4d924cfb19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\InstallOptions.dll
Filesize
15KB

MD5
720304c57dcfa17751ed455b3bb9c10a

SHA1
59a1c3a746de10b8875229ff29006f1fd36b1e41

SHA256
6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

SHA512
c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\LangDLL.dll
Filesize
5KB

MD5
f1e9eed02db3a822a7ddef0c724e5f1f

SHA1
65864992f5b6c79c5efbefb5b1354648a8a86709

SHA256
6dff504c6759c418c6635c9b25b8c91d0d9ef7787a3a93610d7670bb563c09df

SHA512
c22b64fff76b25cf53231b8636f07b361d95791c4646787ce7beac27ad6a0de88337dcceb25b5196f97c452dda72e2614647f51a8a18cb4d5228a82ed2e0780c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\System.dll
Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\UserInfo.dll
Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\ioSpecial.ini
Filesize
1KB

MD5
75d1a542221fb5e70444100248433480

SHA1
d1632a5bbf0f2fb5f88bbf46ff4d5cf5fc8502a0

SHA256
c52740a71eb480c27372d285bbb346f25d5bd8fd5f5bcdefefbfbcc7281b5546

SHA512
c58dcccd2de7f992f909780a72cc51038576a7b8ffb260389de2f3c24aed5e580d815deb95f643e455a9c455131be55eccbfc6d2ec9e70dee07c1333cc6d602f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\ioSpecial.ini
Filesize
1KB

MD5
c98eb60efaf4b4dd7ccd0d4fe48f8e66

SHA1
e98774d604d2f1edc037476b7ac3f792c517918a

SHA256
8d91fe231eaf3ed13d31a732dbb1e586aa548437b04f59e0f0fc14f9d8e0a6d7

SHA512
ee61952168379f02e3da9e4ee3b97b1ddc4ae18bfd9d638238eb904f0502540d8b9de18959c5a0a5b2242382b2a265ee26cfc22cf23804d998f2a2d6d05f80f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\ioSpecial.ini
Filesize
1KB

MD5
411c50302134856da10a4982d6a68fc5

SHA1
e62385e40b36b617b6ce11ec153eadec438621c1

SHA256
698bc816a4e33cf577941ad7bcf9824d95cbd7b26a1874abfeaf36161f931fe0

SHA512
e7c26d78508fb9dee9a7444fc4815743ed4bfe127ba3d82f1293da0d62fe6745ddee4a9b2577c29f7afb918544c2a79de7a476f5091b3f35b11b43c1547c1966

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyD05C.tmp\System.dll
Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZFY8LJ1V.txt
Filesize
607B

MD5
09a071cd1c65f41608c4f71b48d6d8ad

SHA1
9a7e2e3437548a06ce2809cce57e612d862348a0

SHA256
5f6dd7b0c731b1fb51d058eaf7c8bfb45b3687b8a08a38c038436eeb9af1cd86

SHA512
110aabcaf924243a8b09459ca89b56e9505181f9e1b77a48c3107356341fc7379872f17bd9054d6dbf087371d2cad49f245f01b789021b7ec5bd7e96f11dbfb4

Download Submit
\Program Files (x86)\BandiMPEG1\bdfilters.dll
Filesize
4.1MB

MD5
ed730387fdcd684b756601b863c47417

SHA1
c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde

SHA256
9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5

SHA512
e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f

Download Submit
\Program Files (x86)\BandiMPEG1\bdfilters64.dll
Filesize
4.6MB

MD5
13f7a29baa1e04f74151737cb71bd0e5

SHA1
0bc8682c6c96923a729aa6239aa53d95221b13ab

SHA256
008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

SHA512
4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

Download Submit
\Program Files (x86)\BandiMPEG1\bdfilters64.dll
Filesize
4.6MB

MD5
13f7a29baa1e04f74151737cb71bd0e5

SHA1
0bc8682c6c96923a729aa6239aa53d95221b13ab

SHA256
008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

SHA512
4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

Download Submit
\Program Files (x86)\Bandicam\bdcam.dll
Filesize
18.4MB

MD5
7ba8d011e1d8108088c300d466361d89

SHA1
4a390a72c871b4a6ceea147d62a4de05c1f55d41

SHA256
428b7604667062a43cd9070c154bd1244d51bc05ede22230e15576cda903b283

SHA512
4803efd4dbbd15b7612794cefba9aedeb8360682b5c86294bbbdb794cdcff6846cd90c5cabac13661483df0d12e19083f59d68755d65ec64ecee45386f89fafa

Download Submit
\Program Files (x86)\Bandicam\bdcam.exe
Filesize
6.7MB

MD5
5678524f13a58a56003c68fd1cd82c59

SHA1
e8291f6ece64d6d43c0f1424026e01520d2c662b

SHA256
dbdb5985b9364fa3e6a1d6af9c0228bb77fd50ebe8611821fb75be1588bb0671

SHA512
f341e422ac024c3f38dc32ae6e1ab90f7c6f26ebf2202e6839d4a2cd034669665e36b1009f87dbcf6f1859276bb2031071423db0dec95a70bb120afd470c526f

Download Submit
\Program Files (x86)\Bandicam\bdcam.exe
Filesize
6.7MB

MD5
5678524f13a58a56003c68fd1cd82c59

SHA1
e8291f6ece64d6d43c0f1424026e01520d2c662b

SHA256
dbdb5985b9364fa3e6a1d6af9c0228bb77fd50ebe8611821fb75be1588bb0671

SHA512
f341e422ac024c3f38dc32ae6e1ab90f7c6f26ebf2202e6839d4a2cd034669665e36b1009f87dbcf6f1859276bb2031071423db0dec95a70bb120afd470c526f

Download Submit
\Program Files (x86)\Bandicam\bdcam.exe
Filesize
6.7MB

MD5
5678524f13a58a56003c68fd1cd82c59

SHA1
e8291f6ece64d6d43c0f1424026e01520d2c662b

SHA256
dbdb5985b9364fa3e6a1d6af9c0228bb77fd50ebe8611821fb75be1588bb0671

SHA512
f341e422ac024c3f38dc32ae6e1ab90f7c6f26ebf2202e6839d4a2cd034669665e36b1009f87dbcf6f1859276bb2031071423db0dec95a70bb120afd470c526f

Download Submit
\Program Files (x86)\Bandicam\bdcam.exe
Filesize
6.7MB

MD5
5678524f13a58a56003c68fd1cd82c59

SHA1
e8291f6ece64d6d43c0f1424026e01520d2c662b

SHA256
dbdb5985b9364fa3e6a1d6af9c0228bb77fd50ebe8611821fb75be1588bb0671

SHA512
f341e422ac024c3f38dc32ae6e1ab90f7c6f26ebf2202e6839d4a2cd034669665e36b1009f87dbcf6f1859276bb2031071423db0dec95a70bb120afd470c526f

Download Submit
\Program Files (x86)\Bandicam\bdcam_nonadmin.exe
Filesize
157KB

MD5
659e250fa548077eccae04567786d081

SHA1
78e544a0f9753f3e30567fa3677805e95b4f5bf0

SHA256
e3342da0cc2c14f9445efc823206b33b10de818600ceba507d334357b20234e6

SHA512
91a175569d86da1a78eb209d029195c119f3ffa8a22865ee2a8c61c87b1f5e8c63f0e17b93ba2bc1de8709baf0ec543385c6c69158b030a8ddfb77b2dc49a1bd

Download Submit
\Program Files (x86)\Bandicam\bdcamvk32.dll
Filesize
1.5MB

MD5
f999bfbaa48d395d42e309385a109d20

SHA1
3aab3cdaaa62048754678d98252409e5581b0b1c

SHA256
9a753d8c522048848363157441a2cfc3b6abcc1b5aa362963f03b72d71717903

SHA512
aceba797d31b243b71b54bcdfd66d4fc6ad73688c9efc426c7042a1d086502af5ac991a297906ad6f8ff993a61457052df02e1b7538401be90766bdc4cdfe33d

Download Submit
\Program Files (x86)\Bandicam\bdcamvk32.dll
Filesize
1.5MB

MD5
f999bfbaa48d395d42e309385a109d20

SHA1
3aab3cdaaa62048754678d98252409e5581b0b1c

SHA256
9a753d8c522048848363157441a2cfc3b6abcc1b5aa362963f03b72d71717903

SHA512
aceba797d31b243b71b54bcdfd66d4fc6ad73688c9efc426c7042a1d086502af5ac991a297906ad6f8ff993a61457052df02e1b7538401be90766bdc4cdfe33d

Download Submit
\Program Files (x86)\Bandicam\bdcamvk32.dll
Filesize
1.5MB

MD5
f999bfbaa48d395d42e309385a109d20

SHA1
3aab3cdaaa62048754678d98252409e5581b0b1c

SHA256
9a753d8c522048848363157441a2cfc3b6abcc1b5aa362963f03b72d71717903

SHA512
aceba797d31b243b71b54bcdfd66d4fc6ad73688c9efc426c7042a1d086502af5ac991a297906ad6f8ff993a61457052df02e1b7538401be90766bdc4cdfe33d

Download Submit
\Program Files (x86)\Bandicam\bdcamvk32.dll
Filesize
1.5MB

MD5
f999bfbaa48d395d42e309385a109d20

SHA1
3aab3cdaaa62048754678d98252409e5581b0b1c

SHA256
9a753d8c522048848363157441a2cfc3b6abcc1b5aa362963f03b72d71717903

SHA512
aceba797d31b243b71b54bcdfd66d4fc6ad73688c9efc426c7042a1d086502af5ac991a297906ad6f8ff993a61457052df02e1b7538401be90766bdc4cdfe33d

Download Submit
\Program Files (x86)\Bandicam\bdcamvk64.dll
Filesize
1.9MB

MD5
94f867b7c0efe7cdfd701bf5e9daa44e

SHA1
5125786583feff84e57f1c4391a2ec795f3cbb33

SHA256
e020cc6cb8be609f7064552c918557518970552dc240814337d3ac805154dba8

SHA512
5901a0dab95519e46317b41cf0695d8ff9fe7228a2fe38356ed6949e645c193509f08fa509372bf20ea22e16a6732605a520be598d49100d4d74ad2de92693c8

Download Submit
\Program Files (x86)\Bandicam\bdcamvk64.dll
Filesize
1.9MB

MD5
94f867b7c0efe7cdfd701bf5e9daa44e

SHA1
5125786583feff84e57f1c4391a2ec795f3cbb33

SHA256
e020cc6cb8be609f7064552c918557518970552dc240814337d3ac805154dba8

SHA512
5901a0dab95519e46317b41cf0695d8ff9fe7228a2fe38356ed6949e645c193509f08fa509372bf20ea22e16a6732605a520be598d49100d4d74ad2de92693c8

Download Submit
\Program Files (x86)\Bandicam\bdcamvk64.dll
Filesize
1.9MB

MD5
94f867b7c0efe7cdfd701bf5e9daa44e

SHA1
5125786583feff84e57f1c4391a2ec795f3cbb33

SHA256
e020cc6cb8be609f7064552c918557518970552dc240814337d3ac805154dba8

SHA512
5901a0dab95519e46317b41cf0695d8ff9fe7228a2fe38356ed6949e645c193509f08fa509372bf20ea22e16a6732605a520be598d49100d4d74ad2de92693c8

Download Submit
\Program Files (x86)\Bandicam\bdcamvk64.dll
Filesize
1.9MB

MD5
94f867b7c0efe7cdfd701bf5e9daa44e

SHA1
5125786583feff84e57f1c4391a2ec795f3cbb33

SHA256
e020cc6cb8be609f7064552c918557518970552dc240814337d3ac805154dba8

SHA512
5901a0dab95519e46317b41cf0695d8ff9fe7228a2fe38356ed6949e645c193509f08fa509372bf20ea22e16a6732605a520be598d49100d4d74ad2de92693c8

Download Submit
\Program Files (x86)\Bandicam\bdfix.exe
Filesize
2.8MB

MD5
0a1ef59acc9bc02ad7dfa2dde2bdc35d

SHA1
5fd14e4b06f857d22bc208ef19030c6ec3b01acf

SHA256
6485ee60165bb0344ce87e2f1d92b981d9a3092f18c30118ff9dfe6eb5e63408

SHA512
e8a0611af5b118fa38597552b2fcd98c3ccde96d82e3642c65301a9e881ac6c850f6f0ddb0d4de67cadd702560d1ae9a0b2b3e92743c224d495a0f4363564be4

Download Submit
\Program Files (x86)\Bandicam\uninstall.exe
Filesize
173KB

MD5
1c02654f3f803d9d8a61281528320032

SHA1
87dca31db4ec4274143358ffff146d312c933327

SHA256
9e69a051e517752fc6cf194b55d4c1df688357b59ac00e4574e77eea018ccc08

SHA512
d0271131c46a41bb3051aa1869a2a5d261045e0de4ce750b55b5236d95a181d21f07486696c4d352f20e3f80c455f24c3080b526da3c11c94b49b5a829588d51

Download Submit
\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
Filesize
1.4MB

MD5
461d135a4fccd51bbae38f742e123fd3

SHA1
c12a442fbcd4a9c44102f0a560ba03d59bc501ed

SHA256
4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

SHA512
41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

Download Submit
\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
Filesize
1.4MB

MD5
461d135a4fccd51bbae38f742e123fd3

SHA1
c12a442fbcd4a9c44102f0a560ba03d59bc501ed

SHA256
4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

SHA512
41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

Download Submit
\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
Filesize
1.4MB

MD5
461d135a4fccd51bbae38f742e123fd3

SHA1
c12a442fbcd4a9c44102f0a560ba03d59bc501ed

SHA256
4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

SHA512
41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

Download Submit
\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
Filesize
1.4MB

MD5
461d135a4fccd51bbae38f742e123fd3

SHA1
c12a442fbcd4a9c44102f0a560ba03d59bc501ed

SHA256
4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

SHA512
41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

Download Submit
\Users\Admin\AppData\Local\Temp\bdfilters.dll
Filesize
4.1MB

MD5
ed730387fdcd684b756601b863c47417

SHA1
c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde

SHA256
9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5

SHA512
e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f

Download Submit
\Users\Admin\AppData\Local\Temp\bdfilters.dll
Filesize
4.1MB

MD5
ed730387fdcd684b756601b863c47417

SHA1
c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde

SHA256
9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5

SHA512
e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\Dialer.dll
Filesize
3KB

MD5
6e7e197ffa13cea15434b221b96b3202

SHA1
5fc93dca4a33d79d8601e888daa21a1d0e02eab3

SHA256
cb94aead070194af4d3b01f80ef85f227a70b5cfcfa305d26c3b42b8853ac6b4

SHA512
4d294929ba55e145027107aeef135d918f2d6ec4a7e3b9fc8fc028924019d1987c12202cf37e9adf18a70a02fb321de7f060c4977de874687fc8a4d924cfb19e

Download Submit
\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\InstallOptions.dll
Filesize
15KB

MD5
720304c57dcfa17751ed455b3bb9c10a

SHA1
59a1c3a746de10b8875229ff29006f1fd36b1e41

SHA256
6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

SHA512
c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

Download Submit
\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\InstallOptions.dll
Filesize
15KB

MD5
720304c57dcfa17751ed455b3bb9c10a

SHA1
59a1c3a746de10b8875229ff29006f1fd36b1e41

SHA256
6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

SHA512
c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

Download Submit
\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\LangDLL.dll
Filesize
5KB

MD5
f1e9eed02db3a822a7ddef0c724e5f1f

SHA1
65864992f5b6c79c5efbefb5b1354648a8a86709

SHA256
6dff504c6759c418c6635c9b25b8c91d0d9ef7787a3a93610d7670bb563c09df

SHA512
c22b64fff76b25cf53231b8636f07b361d95791c4646787ce7beac27ad6a0de88337dcceb25b5196f97c452dda72e2614647f51a8a18cb4d5228a82ed2e0780c

Download Submit
\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\System.dll
Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\System.dll
Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\UserInfo.dll
Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
\Users\Admin\AppData\Local\Temp\nsd6EFA.tmp\UserInfo.dll
Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
\Users\Admin\AppData\Local\Temp\nsyD05C.tmp\System.dll
Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
memory/1216-313-0x00000000013B0000-0x0000000001A71000-memory.dmp

Filesize
6.8MB

Download
memory/1216-297-0x00000000013B0000-0x0000000001A71000-memory.dmp

Filesize
6.8MB

Download
memory/1216-298-0x00000000013B0000-0x0000000001A71000-memory.dmp

Filesize
6.8MB

Download
memory/1288-538-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/1288-533-0x00000000001A0000-0x00000000001AA000-memory.dmp

Filesize
40KB

Download
memory/1288-532-0x00000000001A0000-0x00000000001AA000-memory.dmp

Filesize
40KB

Download
memory/1288-515-0x0000000001020000-0x00000000016E1000-memory.dmp

Filesize
6.8MB

Download
memory/1288-514-0x0000000001020000-0x00000000016E1000-memory.dmp

Filesize
6.8MB

Download
memory/1288-1242-0x0000000001020000-0x00000000016E1000-memory.dmp

Filesize
6.8MB

Download
memory/1292-296-0x0000000003B10000-0x00000000041D1000-memory.dmp

Filesize
6.8MB

Download
memory/1292-209-0x0000000002F50000-0x0000000002F60000-memory.dmp

Filesize
64KB

Download
memory/1292-501-0x0000000002F50000-0x0000000002F60000-memory.dmp

Filesize
64KB

Download
memory/1292-502-0x0000000002F50000-0x0000000002F60000-memory.dmp

Filesize
64KB

Download