e1d78799d1cd43dc5a9c3c7306439b04d6c5ac99fa9adc3fd1fd5032676e1077

Analysis

max time kernel
154s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2023, 17:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Bandicam Key.exe
Size

69KB
MD5

e2b75c862bb136d9a9168929a6c9a00a
SHA1

cf200b6759a3429159fa6aaaff239042cadc8bd7
SHA256

e1d78799d1cd43dc5a9c3c7306439b04d6c5ac99fa9adc3fd1fd5032676e1077
SHA512

d2f1abd62c75ee134529eba1c1b620a5730595ee42de852edcadb3194b7857f91e5a14bd45c4491da51dea0386a0bdc269124dad089257fa7ed6abdbbc72a0c9
SSDEEP

1536:9/IKEJRjZa7NdUYjolwbxrtoE2sTe07UI:SKEJRdkTNjKI6fg7

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	bdcam.exe

Executes dropped EXE 5 IoCs

pid	Process
5804	bdcamsetup.exe
5768	BDMPEG1SETUP.EXE
5412	bdcam.exe
6828	bdcam.exe
2804	bdcam.exe

Loads dropped DLL 20 IoCs

pid	Process
5804	bdcamsetup.exe
5804	bdcamsetup.exe
5804	bdcamsetup.exe
5804	bdcamsetup.exe
5804	bdcamsetup.exe
5804	bdcamsetup.exe
5804	bdcamsetup.exe
5804	bdcamsetup.exe
5804	bdcamsetup.exe
5768	BDMPEG1SETUP.EXE
2224	regsvr32.exe
6016	regsvr32.exe
5768	BDMPEG1SETUP.EXE
5512	rundll32.exe
3724	rundll32.exe
5804	bdcamsetup.exe
5804	bdcamsetup.exe
5804	bdcamsetup.exe
6828	bdcam.exe
2804	bdcam.exe

Registers COM server for autorun 1 TTPs 12 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 14 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\bdmpegv.dll	BDMPEG1SETUP.EXE
File created	C:\Windows\SysWOW64\vcomp140.dll	bdcamsetup.exe
File created	C:\Windows\SysWOW64\msvcp110.dll	bdcamsetup.exe
File created	C:\Windows\system32\vcomp140.dll	bdcamsetup.exe
File created	C:\Windows\SysWOW64\bdmjpeg.dll	BDMPEG1SETUP.EXE
File created	C:\Windows\system32\D3DCompiler_47.dll	bdcamsetup.exe
File created	C:\Windows\system32\msvcp110.dll	bdcamsetup.exe
File created	C:\Windows\SysWOW64\bdmpega.acm	BDMPEG1SETUP.EXE
File created	C:\Windows\system32\bdmjpeg64.dll	BDMPEG1SETUP.EXE
File created	C:\Windows\SysWOW64\D3DCompiler_47.dll	bdcamsetup.exe
File created	C:\Windows\system32\msvcr110.dll	bdcamsetup.exe
File created	C:\Windows\system32\bdmpegv64.dll	BDMPEG1SETUP.EXE
File created	C:\Windows\system32\bdmpega64.acm	BDMPEG1SETUP.EXE
File created	C:\Windows\SysWOW64\msvcr110.dll	bdcamsetup.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs

pid	Process
5412	bdcam.exe
5412	bdcam.exe
6828	bdcam.exe
6828	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Bandicam\bdfix.exe	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Spanish.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Swedish.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Thai.ini	bdcamsetup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230416195536.pma	setup.exe
File created	C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll	BDMPEG1SETUP.EXE
File created	C:\Program Files\Bandicam\lang\Arabic.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\French.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Malay.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Latvian.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Simplified_Chinese.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\data\sample.png	bdcamsetup.exe
File created	C:\Program Files\Bandicam\data\rclick.wav	bdcamsetup.exe
File created	C:\Program Files (x86)\BandiMPEG1\bdfilters.dll	BDMPEG1SETUP.EXE
File created	C:\Program Files\Bandicam\bdcap32.dll	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Armenian.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Hungarian.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\data\effects\effects30.dat	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Luxembourgish.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Serbian(Cyrillic).ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Urdu.ini	bdcamsetup.exe
File opened for modification	C:\Program Files\Bandicam\data\language.dat	bdcamsetup.exe
File created	C:\Program Files\Bandicam\bdcam_safemode.lnk	bdcamsetup.exe
File created	C:\Program Files\Bandicam\bdcam32.dll	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Finnish.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Hebrew.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\data\effects\highlight20.dat	bdcamsetup.exe
File created	C:\Program Files\Bandicam\bdcamvk32.json	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Slovak.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Traditional_Chinese.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Uzbek.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\data\effects\highlight10.dat	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Belarusian.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Lithuanian.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Ukrainian.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\data\skin.dat	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Bulgarian.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\data\effects\highlight30.dat	bdcamsetup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\388c7c32-9005-4f7d-a439-ff33f35003f7.tmp	setup.exe
File created	C:\Program Files\Bandicam\bdcamih.dll	bdcamsetup.exe
File created	C:\Program Files\Bandicam\bandicam.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\bdcamvk64.dll	bdcamsetup.exe
File created	C:\Program Files\Bandicam\bdcamvk64.json	bdcamsetup.exe
File created	C:\Program Files\Bandicam\bdcam.exe	bdcamsetup.exe
File created	C:\Program Files\Bandicam\bdcam_admin.lnk	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Portuguese.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Vietnamese.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\data\start.wav	bdcamsetup.exe
File created	C:\Program Files\Bandicam\data\effects\highlight15.dat	bdcamsetup.exe
File created	C:\Program Files\Bandicam\translators.txt	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Azerbaijani.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Serbian.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Turkish.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Burmese.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\English.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\data\effects\effects10.dat	bdcamsetup.exe
File created	C:\Program Files (x86)\BandiMPEG1\uninstall.exe	BDMPEG1SETUP.EXE
File created	C:\Program Files\Bandicam\RegVulkanLayer.bat	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Croatian.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\data\lclick.wav	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Indonesian.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Japanese.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\khmer.ini	bdcamsetup.exe
File created	C:\Program Files\Bandicam\lang\Norwegian.ini	bdcamsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	bdcamsetup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\bdcam.exe = "1"	bdcamsetup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	bdcamsetup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\bdcam.exe = "11000"	bdcamsetup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\ = "Bandicam MPEG-1 Audio Decoder"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\BANDICAM.bfix\ = "BandiFix Recovery File"	bdcam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\CLSID = "{E2E7539A-CECF-4A6A-B187-939943ECEF05}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\CLSID = "{E2E7539A-CECF-4A6A-B187-939943ECEF05}"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FriendlyName = "Bandicam MPEG-1 Video Decoder"	BDMPEG1SETUP.EXE
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32	BDMPEG1SETUP.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FilterData = 02000000010080ff020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000aa00389b715000000000001000800000aa00389b710100000000001000800000aa00389b71	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\BANDICAM.bfix\DefaultIcon\ = "C:\\Program Files\\Bandicam\\bdfix.exe"	bdcam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\ = "Bandicam MPEG-1 Video Decoder"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\ = "Bandicam MPEG-1 Audio Decoder"	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\ = "Bandicam MPEG-1 Video Property"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\CLSID = "{89C4B786-A490-4A3E-AA70-E6A8C61D3689}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ThreadingModel = "Both"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\ = "Bandicam MPEG-1 Video Property"	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\CLSID = "{89C4B786-A490-4A3E-AA70-E6A8C61D3689}"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\BANDICAM.bfix\Shell	bdcam.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\BANDICAM.bfix\Shell\Open	bdcam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\ = "Bandicam MPEG-1 Video Decoder"	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FilterData = 02000000010080ff02000000000000003070693300000000000000000200000000000000000000003074793300000000700000008000000031747933000000007000000090000000317069330800000000000000010000000000000000000000307479330000000070000000a00000007669647300001000800000aa00389b714d50454700001000800000aa00389b714d50473100001000800000aa00389b7100000000000000000000000000000000	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FriendlyName = "Bandicam MPEG-1 Audio Decoder"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\.bfix\ = "BANDICAM.bfix"	bdcam.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\BANDICAM.bfix\DefaultIcon	bdcam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\ = "Bandicam MPEG-1 Audio Property"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ThreadingModel = "Both"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FriendlyName = "Bandicam MPEG-1 Audio Decoder"	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\BANDICAM.bfix\Shell\Open\Command	bdcam.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\BANDICAM.bfix	bdcam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ThreadingModel = "Both"	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\.bfix	bdcam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}	BDMPEG1SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FilterData = 02000000010080ff020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000aa00389b715000000000001000800000aa00389b710100000000001000800000aa00389b71	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FilterData = 02000000010080ff02000000000000003070693300000000000000000200000000000000000000003074793300000000700000008000000031747933000000007000000090000000317069330800000000000000010000000000000000000000307479330000000070000000a00000007669647300001000800000aa00389b714d50454700001000800000aa00389b714d50473100001000800000aa00389b7100000000000000000000000000000000	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\BANDICAM.bfix\Shell\Open\Command\ = "\"C:\\Program Files\\Bandicam\\bdfix.exe\"\"%1\""	bdcam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ThreadingModel = "Both"	BDMPEG1SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FriendlyName = "Bandicam MPEG-1 Video Decoder"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll"	BDMPEG1SETUP.EXE

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\bdcamsetup.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
380	vlc.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
5412	bdcam.exe
5412	bdcam.exe
6828	bdcam.exe
6828	bdcam.exe
6828	bdcam.exe
6828	bdcam.exe
5428	msedge.exe
5428	msedge.exe
6948	msedge.exe
6948	msedge.exe
6452	identity_helper.exe
6452	identity_helper.exe
2804	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
380	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
6948	msedge.exe
6948	msedge.exe
6948	msedge.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeDebugPrivilege	2272	firefox.exe
Token: SeDebugPrivilege	2272	firefox.exe
Token: SeDebugPrivilege	5804	bdcamsetup.exe
Token: SeDebugPrivilege	5804	bdcamsetup.exe
Token: SeDebugPrivilege	5804	bdcamsetup.exe
Token: SeDebugPrivilege	5804	bdcamsetup.exe
Token: SeDebugPrivilege	5804	bdcamsetup.exe
Token: SeDebugPrivilege	5804	bdcamsetup.exe
Token: SeDebugPrivilege	5804	bdcamsetup.exe
Token: SeDebugPrivilege	5412	bdcam.exe
Token: SeDebugPrivilege	5412	bdcam.exe
Token: SeDebugPrivilege	5804	bdcamsetup.exe
Token: SeDebugPrivilege	5804	bdcamsetup.exe
Token: SeDebugPrivilege	5804	bdcamsetup.exe
Token: SeDebugPrivilege	5804	bdcamsetup.exe
Token: SeDebugPrivilege	5804	bdcamsetup.exe
Token: SeDebugPrivilege	5804	bdcamsetup.exe
Token: 33	6012	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6012	AUDIODG.EXE
Token: 33	6828	bdcam.exe
Token: SeIncBasePriorityPrivilege	6828	bdcam.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	6948	msedge.exe
Token: SeDebugPrivilege	5940	setup.exe
Token: SeDebugPrivilege	5940	setup.exe
Token: SeDebugPrivilege	5940	setup.exe
Token: SeDebugPrivilege	5940	setup.exe
Token: SeDebugPrivilege	5940	setup.exe
Token: SeDebugPrivilege	5940	setup.exe
Token: SeDebugPrivilege	5940	setup.exe
Token: 33	2804	bdcam.exe
Token: SeIncBasePriorityPrivilege	2804	bdcam.exe
Token: 33	380	vlc.exe
Token: SeIncBasePriorityPrivilege	380	vlc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2272	firefox.exe
2272	firefox.exe
2272	firefox.exe
2272	firefox.exe
6828	bdcam.exe
6948	msedge.exe
6948	msedge.exe
6948	msedge.exe
6948	msedge.exe
6948	msedge.exe
6948	msedge.exe
6828	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2272	firefox.exe
2272	firefox.exe
2272	firefox.exe
6828	bdcam.exe
6948	msedge.exe
6948	msedge.exe
6828	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
2272	firefox.exe
2272	firefox.exe
2272	firefox.exe
2272	firefox.exe
5804	bdcamsetup.exe
5768	BDMPEG1SETUP.EXE
5412	bdcam.exe
5412	bdcam.exe
6828	bdcam.exe
6828	bdcam.exe
6828	bdcam.exe
6828	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe
2804	bdcam.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 2272	3904	firefox.exe	94
PID 3904 wrote to memory of 2272	3904	firefox.exe	94
PID 3904 wrote to memory of 2272	3904	firefox.exe	94
PID 3904 wrote to memory of 2272	3904	firefox.exe	94
PID 3904 wrote to memory of 2272	3904	firefox.exe	94
PID 3904 wrote to memory of 2272	3904	firefox.exe	94
PID 3904 wrote to memory of 2272	3904	firefox.exe	94
PID 3904 wrote to memory of 2272	3904	firefox.exe	94
PID 3904 wrote to memory of 2272	3904	firefox.exe	94
PID 3904 wrote to memory of 2272	3904	firefox.exe	94
PID 3904 wrote to memory of 2272	3904	firefox.exe	94
PID 2272 wrote to memory of 4460	2272	firefox.exe	98
PID 2272 wrote to memory of 4460	2272	firefox.exe	98
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 3300	2272	firefox.exe	100
PID 2272 wrote to memory of 2792	2272	firefox.exe	101
PID 2272 wrote to memory of 2792	2272	firefox.exe	101
PID 2272 wrote to memory of 2792	2272	firefox.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Bandicam Key.exe
"C:\Users\Admin\AppData\Local\Temp\Bandicam Key.exe"
1⤵
PID:3824

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.0.2079886036\1834702910" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {baeafbb4-8853-4143-bb7c-6bc02809b487} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 1932 21dbbaf2f58 gpu
    3⤵
    PID:4460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.1.1021712207\2002360723" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbf79067-fe6f-494c-bb55-8d9c5bdb6757} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 2332 21daeb72858 socket
    3⤵
    - Checks processor information in registry
    PID:3300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.2.1541926911\1255148770" -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3104 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {546b4dd6-6d34-40e9-a87d-998a6f227f96} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 2980 21dbf830e58 tab
    3⤵
    PID:2792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.3.1208007761\770180738" -childID 2 -isForBrowser -prefsHandle 2368 -prefMapHandle 2516 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11e9b454-8717-407f-bb3a-d920b2c10eaf} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 1440 21dbde77e58 tab
    3⤵
    PID:3532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.4.1771084623\779260844" -childID 3 -isForBrowser -prefsHandle 3956 -prefMapHandle 3940 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68357370-f085-410a-984f-281b1be18215} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 3984 21daeb5d958 tab
    3⤵
    PID:3468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.6.462554601\379711317" -childID 5 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e4b0adc-b7de-4ff4-87a9-f1306dad1f95} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 5092 21dc1efbd58 tab
    3⤵
    PID:2148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.7.1084909795\1385200750" -childID 6 -isForBrowser -prefsHandle 5316 -prefMapHandle 5320 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57867c66-27ee-43fc-b2f5-3ebe59422374} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 5304 21dc1efab58 tab
    3⤵
    PID:3684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.5.1373643027\1018669397" -childID 4 -isForBrowser -prefsHandle 4952 -prefMapHandle 4936 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd7a6e67-ec1f-45db-a6f9-6404fb7215e9} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4964 21dc1efb758 tab
    3⤵
    PID:1356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.8.1876445367\1644382755" -childID 7 -isForBrowser -prefsHandle 5872 -prefMapHandle 5868 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09ea4407-94f8-415c-bc81-44b8e97e6ed7} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 5856 21dc4512458 tab
    3⤵
    PID:5812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.9.1339091822\507569778" -childID 8 -isForBrowser -prefsHandle 5632 -prefMapHandle 4976 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2be1b86-d2af-49e1-a1b0-89724ca8fd0b} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 5068 21dc06cdc58 tab
    3⤵
    PID:5516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.10.982230234\138007874" -childID 9 -isForBrowser -prefsHandle 3192 -prefMapHandle 3196 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d001903-9daa-41f7-b9bd-41d6167a399a} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 3712 21dc4acd958 tab
    3⤵
    PID:2808
- - C:\Users\Admin\Downloads\bdcamsetup.exe
    "C:\Users\Admin\Downloads\bdcamsetup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Drops file in Program Files directory
    - Modifies Internet Explorer settings
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
      "C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE" /S
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Drops file in Program Files directory
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:5768
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" /s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"
        5⤵
        Loads dropped DLL
        
        PID:2224
      - C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"
        6⤵
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:6016
  - - C:\Program Files\Bandicam\bdcam.exe
      "C:\Program Files\Bandicam\bdcam.exe" /install
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:5412
    - - C:\Windows\system32\rundll32.exe
        
        "C:\Windows\system32\rundll32.exe" "C:\Program Files\Bandicam\bdcamvk64.dll",RegDll
        5⤵
        Loads dropped DLL
        
        PID:5512
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Program Files\Bandicam\bdcamvk32.dll",RegDll
        5⤵
        Loads dropped DLL
        
        PID:3724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bandicam.com/f.php?id=eng_app_complete_install&v=2&lang=en
      4⤵
      Enumerates system info in registry
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:6948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x114,0x124,0x7ffcff9846f8,0x7ffcff984708,0x7ffcff984718
        5⤵
        
        PID:7040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2868010325871354624,8591700377175210407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
        5⤵
        
        PID:5440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2868010325871354624,8591700377175210407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,2868010325871354624,8591700377175210407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
        5⤵
        
        PID:324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2868010325871354624,8591700377175210407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
        5⤵
        
        PID:6248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2868010325871354624,8591700377175210407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
        5⤵
        
        PID:6288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2868010325871354624,8591700377175210407,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
        5⤵
        
        PID:5800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2868010325871354624,8591700377175210407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
        5⤵
        
        PID:6880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
        5⤵
        Drops file in Program Files directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:5940
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7edb15460,0x7ff7edb15470,0x7ff7edb15480
        6⤵
        
        PID:6800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2868010325871354624,8591700377175210407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6452

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6572

C:\Program Files\Bandicam\bdcam.exe
"C:\Program Files\Bandicam\bdcam.exe" 0x00019F0C
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:6828

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x310 0x240
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5632

C:\Users\Admin\Desktop\Bandicam Key.exe
"C:\Users\Admin\Desktop\Bandicam Key.exe"
1⤵
PID:5160

C:\Program Files\Bandicam\bdcam.exe
"C:\Program Files\Bandicam\bdcam.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\RedoPublish.cmd" "
1⤵
PID:4172

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bandicam 2023-04-16 19-56-23-632.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:380

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BandiMPEG1\bdfilters.dll

Filesize
4.1MB

MD5
ed730387fdcd684b756601b863c47417

SHA1
c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde

SHA256
9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5

SHA512
e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f

Download Submit
C:\Program Files (x86)\BandiMPEG1\bdfilters.dll

Filesize
4.1MB

MD5
ed730387fdcd684b756601b863c47417

SHA1
c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde

SHA256
9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5

SHA512
e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f

Download Submit
C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll

Filesize
4.6MB

MD5
13f7a29baa1e04f74151737cb71bd0e5

SHA1
0bc8682c6c96923a729aa6239aa53d95221b13ab

SHA256
008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

SHA512
4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

Download Submit
C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll

Filesize
4.6MB

MD5
13f7a29baa1e04f74151737cb71bd0e5

SHA1
0bc8682c6c96923a729aa6239aa53d95221b13ab

SHA256
008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

SHA512
4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

Download Submit
C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll

Filesize
4.6MB

MD5
13f7a29baa1e04f74151737cb71bd0e5

SHA1
0bc8682c6c96923a729aa6239aa53d95221b13ab

SHA256
008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d

SHA512
4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8

Download Submit
C:\Program Files\Bandicam\bandicam.ini

Filesize
25B

MD5
447e6efb40ceca0392761e0f6d015382

SHA1
dfe94a1b7de96d7a9d99c4a0c4f67e10ddaa0197

SHA256
3272c12dd37ea9141dceea771cbfdd77c7b2d2ccb11df65b507c9e525ef6c989

SHA512
a71ae97b3b3e3e2f80dbf76c2ee50c5bc27ddd0541513fb03588d852cea592a92d2908e23377a14e593a93340d2c7c550d4b046d889e6a77dc14be1baf91dd5f

Download Submit
C:\Program Files\Bandicam\bdcam.exe

Filesize
13.1MB

MD5
0e369f77ceb6f3bf32942b298d295721

SHA1
1d72df24014fcafe1fac29c460fce2f6728cd8d2

SHA256
60bba9d2eb73100b2649bde9d04d6f5f8cb853c8a319d66eb07fbaaed44f4de4

SHA512
dbb2f0703a9879506a2eb887a432463705b6273021ec021d0b513a3b7180a43170dff5821c9b0edcb19ea592a9308a15052ea53f9d2451543d66c38a7ffb597b

Download Submit
C:\Program Files\Bandicam\bdcam.exe

Filesize
13.1MB

MD5
0e369f77ceb6f3bf32942b298d295721

SHA1
1d72df24014fcafe1fac29c460fce2f6728cd8d2

SHA256
60bba9d2eb73100b2649bde9d04d6f5f8cb853c8a319d66eb07fbaaed44f4de4

SHA512
dbb2f0703a9879506a2eb887a432463705b6273021ec021d0b513a3b7180a43170dff5821c9b0edcb19ea592a9308a15052ea53f9d2451543d66c38a7ffb597b

Download Submit
C:\Program Files\Bandicam\bdcam.exe

Filesize
13.1MB

MD5
0e369f77ceb6f3bf32942b298d295721

SHA1
1d72df24014fcafe1fac29c460fce2f6728cd8d2

SHA256
60bba9d2eb73100b2649bde9d04d6f5f8cb853c8a319d66eb07fbaaed44f4de4

SHA512
dbb2f0703a9879506a2eb887a432463705b6273021ec021d0b513a3b7180a43170dff5821c9b0edcb19ea592a9308a15052ea53f9d2451543d66c38a7ffb597b

Download Submit
C:\Program Files\Bandicam\bdcam.exe

Filesize
13.1MB

MD5
0e369f77ceb6f3bf32942b298d295721

SHA1
1d72df24014fcafe1fac29c460fce2f6728cd8d2

SHA256
60bba9d2eb73100b2649bde9d04d6f5f8cb853c8a319d66eb07fbaaed44f4de4

SHA512
dbb2f0703a9879506a2eb887a432463705b6273021ec021d0b513a3b7180a43170dff5821c9b0edcb19ea592a9308a15052ea53f9d2451543d66c38a7ffb597b

Download Submit
C:\Program Files\Bandicam\bdcam.exe

Filesize
13.1MB

MD5
0e369f77ceb6f3bf32942b298d295721

SHA1
1d72df24014fcafe1fac29c460fce2f6728cd8d2

SHA256
60bba9d2eb73100b2649bde9d04d6f5f8cb853c8a319d66eb07fbaaed44f4de4

SHA512
dbb2f0703a9879506a2eb887a432463705b6273021ec021d0b513a3b7180a43170dff5821c9b0edcb19ea592a9308a15052ea53f9d2451543d66c38a7ffb597b

Download Submit
C:\Program Files\Bandicam\bdcam64.dll

Filesize
21.1MB

MD5
48783907638599892076512cdd70b777

SHA1
1327657115cfa1c18fb28bc24df5fffc610d9d02

SHA256
471829805a61798974c9032da8175bbeead0668ceef2ce6230d73d93769f17a0

SHA512
df486441e7106c3843fce6299140c273975f5f0fa4951a07f86387287b55a29ac23fa98830e5e05c6ca9f276febf61610f961eea59e244e60bdf061eb9c2dc57

Download Submit
C:\Program Files\Bandicam\bdcam64.dll

Filesize
21.1MB

MD5
48783907638599892076512cdd70b777

SHA1
1327657115cfa1c18fb28bc24df5fffc610d9d02

SHA256
471829805a61798974c9032da8175bbeead0668ceef2ce6230d73d93769f17a0

SHA512
df486441e7106c3843fce6299140c273975f5f0fa4951a07f86387287b55a29ac23fa98830e5e05c6ca9f276febf61610f961eea59e244e60bdf061eb9c2dc57

Download Submit
C:\Program Files\Bandicam\bdcamvk32.dll

Filesize
1.6MB

MD5
ecffe88a4cec4121cd3deab97039710b

SHA1
e55569cfc183873da94c6bce35f326f249483cb1

SHA256
9fc560f65d810256bf7b25ba76082f1bed9f07fc1b43bb501933657bb9926514

SHA512
a0f333638e82692379be2034ef37c2af8207ae7b405503c31d8f7ccb687a3657ee6f1da204c2e32ebb443e75df46b370612c4d41bf308e4f4e6521ddaf67e975

Download Submit
C:\Program Files\Bandicam\bdcamvk32.dll

Filesize
1.6MB

MD5
ecffe88a4cec4121cd3deab97039710b

SHA1
e55569cfc183873da94c6bce35f326f249483cb1

SHA256
9fc560f65d810256bf7b25ba76082f1bed9f07fc1b43bb501933657bb9926514

SHA512
a0f333638e82692379be2034ef37c2af8207ae7b405503c31d8f7ccb687a3657ee6f1da204c2e32ebb443e75df46b370612c4d41bf308e4f4e6521ddaf67e975

Download Submit
C:\Program Files\Bandicam\bdcamvk64.dll

Filesize
1.9MB

MD5
0c697a245078a78ce948f4d3cfb98e16

SHA1
0f106a8ee0d44a3854feaffced205e05a6b8cf91

SHA256
aabfba080fc42b18fc89bc91f4a3b7e81f8422fd262a12684eade3362d6a78f5

SHA512
deeac7e0f5a85772dd98d12b93b7cee5859e8d61f1dc44fb890564a1b8dcc26755ed1acce3d09b17abec40907c10bc9e7514454b69fca446fd75b7dcf9e9349b

Download Submit
C:\Program Files\Bandicam\bdcamvk64.dll

Filesize
1.9MB

MD5
0c697a245078a78ce948f4d3cfb98e16

SHA1
0f106a8ee0d44a3854feaffced205e05a6b8cf91

SHA256
aabfba080fc42b18fc89bc91f4a3b7e81f8422fd262a12684eade3362d6a78f5

SHA512
deeac7e0f5a85772dd98d12b93b7cee5859e8d61f1dc44fb890564a1b8dcc26755ed1acce3d09b17abec40907c10bc9e7514454b69fca446fd75b7dcf9e9349b

Download Submit
C:\Program Files\Bandicam\bdcap64.dll

Filesize
20.8MB

MD5
bc9dadd99081ff8ec5c99940038f0f06

SHA1
90aa077b7c703df8c423c97faf2a9ace65ca4e5f

SHA256
56647b03a04ff1b2a02aa04d992c44c05368b8045c00a84c42ed1a059ba2ef4b

SHA512
3e384e59bb42560e0b006c3e89802f64827acd0821090f8287121872dcde4e1cfa0d45070ff8d308675e666b73bde7aebab6ebf06e1952297e1bc93f35d013c7

Download Submit
C:\Program Files\Bandicam\bdcap64.dll

Filesize
20.8MB

MD5
bc9dadd99081ff8ec5c99940038f0f06

SHA1
90aa077b7c703df8c423c97faf2a9ace65ca4e5f

SHA256
56647b03a04ff1b2a02aa04d992c44c05368b8045c00a84c42ed1a059ba2ef4b

SHA512
3e384e59bb42560e0b006c3e89802f64827acd0821090f8287121872dcde4e1cfa0d45070ff8d308675e666b73bde7aebab6ebf06e1952297e1bc93f35d013c7

Download Submit
C:\Program Files\Bandicam\data\effects\effects10.dat

Filesize
58KB

MD5
fe3d7459d1e60f1a3a9f4de092e46ba7

SHA1
c8545c0873e896d9549c9a66f099b67f36ba461e

SHA256
184bd469a52b67c553fb934bf4122334449f6b6bff86c07ba193eab2ee617427

SHA512
77eba3abacf6db565dbe8dd6f9107cabcb390c40512aca9c09d7d1d590f522cbfa97940d4f06cec71022053af4b13176183997fa14c7a10531cc5511709c8d86

Download Submit
C:\Program Files\Bandicam\data\effects\highlight10.dat

Filesize
3KB

MD5
e734e8f933a0f60adcc30c465bbe1c4c

SHA1
d7722aafbf6a2aacec2c1740e99a23af7d01b966

SHA256
a2b6a948b305d71bb8cf7bde3a79a3194ee29562e5c447a46b7efac831aee5c7

SHA512
802c993816d3e6aa868f67c384f3702af636415560f10de8336eb226639b180da4b2211b922bcfbb0d4accb3111a450603f20437f46436a067f05356f0752d2a

Download Submit
C:\Program Files\Bandicam\data\language.dat

Filesize
89KB

MD5
b48a0986223b0bc6571b18edac972337

SHA1
7d12f1a1cdd7014bd1cfc21bc7048df0898cd4d7

SHA256
cce13c44651d9ee0ddf541b2c8c6203a0d69371bf5ee26d272460897bdb37ed6

SHA512
de07e9cfad69e12e18ecf9b03fc7134a887cc7ab6123a6bfcc19f85c5cec8035853590fcab911a6c16ba245c45769cc7a95e61e70e20987a9a02b126f5198c80

Download Submit
C:\Program Files\Bandicam\data\skin.dat

Filesize
794KB

MD5
fd108a61417f023bbffbd0c58d66c64b

SHA1
1ba29970323bb69caf4435d5021a35807416cbb3

SHA256
c3c6e9df3a62fc59f4aa82ddef88c3de790b7caf1ba14e67a97b866170436b24

SHA512
15b5f2c3d96c7db440228841c939824c1830d250a881c62cbc6c3b97feeaeb4f8ac59463e50b053c76ffaa13a9382b7081bbb28ff3614992f152cbac27aec82d

Download Submit
C:\Program Files\Bandicam\lang\English.ini

Filesize
129KB

MD5
8f59a8ca038379fbea51897d6ae63da4

SHA1
ebd91cfa7073242742396391930d07bd7ed6aef4

SHA256
6fec045505016ac8323c2f535012c2cf9bbeca44d97cbb4a41dd921ae4b61641

SHA512
eb5caf11ad44c56116536fa9da65088235f65a675f62d85ffad94efaf8c5cbddfec1c21e0a7750f0d1f1551f973c54715409b5db0959cb9100ca7aa8e6b47bb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
515720ceb68c54edf876244c5168542b

SHA1
e0e28885a280001d81990a4dcfc9957f94a0a101

SHA256
8efc4efaa57d43fbefc5ec467dfd9aab2db7946bbd0c406ab79ce7449648b8be

SHA512
c89f6e59b36b7112307211991ddb738c879033f12c8640a85af2e371ce283f5a6915fb814a690282e1965c08ac8fb5cb816ce7cec27da471cff4ff1dae6f166a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
42e9db34a8b64b32bafc07d927372d83

SHA1
4dd54ff4ab31f5e5da8bf38e836962f2399c5a1d

SHA256
b6bdca0632ae6bb1fe349e824e927fc397b2e0a92f9eb63f8d3c156965e499ea

SHA512
a383ffe76bd9fa8c9eccd6143b8cd1701270ad48f424005e0e14c06e8f94d04ce32a1becca673356609adb52605956a4e98c21374319e17da2d8c1a9a6a1e7cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_9B2AD33CBA8FC50DD8D8B0635B46183D

Filesize
472B

MD5
b09a2be725817537400709b63ad6cf34

SHA1
f841234471952f5566ae6b182b4a43ba89e5f8fd

SHA256
3590ef13c9a1f58c9042b347589ee892f7c625a295d2baec592ad488313ea880

SHA512
a7b7dc0f94ce3b3543eb310b43ba9f8bae0f981ce7bdcb5c5d4f96224bee327e6ff7e86b40d35a6e2a6f7db5998bd929d737e130bfde42c46f68dea651bfe588

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
fdac9bab03ae9310dbc6d79df466c6d5

SHA1
5aca7492b836b917e09e653b2e6cdfb5c9cb2617

SHA256
0523a6af84dd9af4d3b30849b45435aed692ec7cfda67c5deb8697b1a49f5e53

SHA512
c0178691ee600f271abff5f4814142c004267157a0c0c5b5c9372966e57dc11e4955a325916bb52416430e8cccacb8f2b120bac09a425c189024de20dada7b83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
7bd97739c41e61060634c3ebb94169bd

SHA1
f219b7a3a47c1624776f761466d268af0b92c72a

SHA256
f06946b241d2a4491fb3a42d241899083728778332fce816e46d5f67a1410160

SHA512
a680519cd86b3627d11ee98e6d185e66b20bf33898c60ca4b96641bdea532900fbec5af23b4a7d4cdc67fe13fde6226932246a30e6c8f9c193047d8bac72d23d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
d1b47a07b51b771f555da00265f0810e

SHA1
ae77104cf900657dacde220df51612566ced9e8c

SHA256
210d6b1e0ae89ff06411eb38a524537644267aac706184d20202d86cfb29d446

SHA512
a21a495864fb7b7ebfeb68b4142d89934c417ad7c4ce228ddd6a52923d82d6aa4efcb242abe9cf46813fa95bb9eced2856a765ec0a7e31ab122f8bc4bd7e36e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_9B2AD33CBA8FC50DD8D8B0635B46183D

Filesize
410B

MD5
0a941add4ce53485c56c205891a030df

SHA1
8f5fcbabac68146156a29158dc450925d621e061

SHA256
d7ae11c1ea33498596778418c87df09fdadb95afa743808b5b3802681c871eeb

SHA512
3c1384343c7dda3af586530e3703c3f39a57369133b5e68be6390d20fd0b54aab1c7c56698074a187839ddd720ae52a0eb06fb124089eec60aee003216267cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
26KB

MD5
e82b5d25b64a62e5480ebb12241d70fa

SHA1
1af03d0f4172c4f6dde976402284971dd668b5a3

SHA256
2b32fdbef5b15accfcdd657ea0b20ca248c9ffc310ded5c886c2f8b5f43c4d72

SHA512
d55f88add75c03137acbc8df3feb7c9706a9f2aa9789b22b870c4f8357b444fd96c7dd231086a08476837f22aedc345301adbcc5d6319053803351d789556c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
8db9c438c20491696787a93262755f30

SHA1
e8059f0d9d1b8e3a95190da49b5c28769a7d3b00

SHA256
1a69db1760f9e5d060f0b893767eb9a97dbdb581eb39eee8654fc68b3dfb3a77

SHA512
df33f61f7899910486f289e22a2f8da559e48ffd78519c788efbb1ac6ac13824159624e7b5fe73dbcf2c419dca7d98994c54613c590012b3012a26ffe77993f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57d292.TMP

Filesize
48B

MD5
9ee751e83eb297f501df29989f48cbd5

SHA1
8c6b080f7f2d8e5770b16ad18b16491b9b26541c

SHA256
dc28a2fa65b47b038ad3bdc25cbf32610e6a26216e571fef9f10786df4152cf5

SHA512
5ef1e35822416a85a9eb519db4db106d3c26be0cbeacbd312f8002f42d91912e6811221d23e8cfeda0bfe8d887d449a1fe03de802e0cb48c89782635566c6db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
26b3dca046f1a0037b69acf906b60150

SHA1
f764d6310cb61af89bfdef5745137bac92802c81

SHA256
a85a021775550746116c0a3a1bd65a6c53f6c86218bf010e609cd8a8678f7820

SHA512
289f9d7cabd678f92f5b0436a751516ef8f91ba00f107c666164afa9232580c010c049f82accb036a6b15a7fb174c3b53e53e266162c1031b124ed6f6c06b00f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ab10f233a389032d4f9ecb7e85c896d6

SHA1
173f91e5e62d50f9edc35a8ed48dba6738d6fb7b

SHA256
7bda7e7742ffedafc3bc9d5f76763ea101c1d39356efce1367ec515bd5cc6251

SHA512
7d2d8683d9def216672824b3d999a94b555c3abd6c2ae467d164a2223be128c3e2593b6cbb01f1481c46f0684cf5b9b31a73a29417a4f4de675a2a192866cd99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
404fc08c286fa77453dd7fcba7763ea4

SHA1
fe738ec44b27c9f7734b3bf64b2c49dc3022abc4

SHA256
c70acfa70c92d7f5512db719bd028a82384821d5808ae24d1f95764fbc820aa9

SHA512
a98ade3fdec88d1a5feb8453a737d40b92e7b957ff7a35e05cfdc3a30b345c84b9818376f13cd6ff30ecf71a45eed0c5b55da549fe3946924e3063f12369eb56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
009654dabf1119bc218b7efc72d269e1

SHA1
9846de94fc6519329f2b48ec99b70977ddba7971

SHA256
d55bf28b40d333fea717028b970b74177fc9f8782db0683c8b90481d034c35c7

SHA512
2fc471a4dcfe8753125753327e90a61a271f5fe4b3ad79f8ecdd5adae832e30bc6e9c03cd2d24f44e6dbf056811c7e006e8babc7c8258dea584f48e65379b9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e592763ce16376cb28b22f1320666917

SHA1
80d20d18d7cdbd826af2a5b6c6c368063596bb3f

SHA256
7fe2ce09bcefaf162200dd3bfd071681ff951174cee939d434d49c7d3825124f

SHA512
95ddefdfb6fd1d88f6cd5ef20169db76837fe1552be10490360a98833e4c7882fabbbfbb68beff67ca400a719500d55d97a1cf4ebc4a2ee32311e0c10b022f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
602832033e140a9af8cb4fef4be57a6f

SHA1
9585f4178d7ab5352118477b1a5e1e60c166676f

SHA256
c9455175db99c9a1da2d18566f1b3480f174032e7f8e85c78a87682b563ec3da

SHA512
2e4fa2763fe320f6248541a34882302253fe813db9932fa719937b524e6545f2979ed7e78bf58217bbe1efae11e112016dd7193a7f31cc8414e5b74ee8f52c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
42548a059f3f27883c315bc896783baa

SHA1
541b3f281b3460792a2b16f6098a02b77382c7dd

SHA256
589c2d415e84a95e41115c3b1d87a86d46dfd9a89e96d9122d84174877c1f084

SHA512
b4c190e6b21b215d5866d96c3e11701a938f71086fe15601fcddd5671f30d268758cc1af1e29c135825ec144581dff2bb9377b2ff5ede897f844ca46169eec84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPVLIKPI\js[1].js

Filesize
112KB

MD5
51c42646750627c908952c498ea1aed4

SHA1
4bc082dbb765cdb2ecbcf130c398862d11260428

SHA256
7c0eb8f2f3e58273f9eaaf0b8eaad8b628f493dc6d2cbf748ffb63189941af83

SHA512
9eff9d99a12ae41462a1da021f54c5a3da57adb65665ff3386826528ef2f706f9e578506fe0a0af4bee78f6be248b5a6d79200e86dde85bfa207b56b7363fb21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RPW4GWWI\analytics[1].js

Filesize
49KB

MD5
54e51056211dda674100cc5b323a58ad

SHA1
26dc5034cb6c7f3bbe061edd37c7fc6006cb835b

SHA256
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

SHA512
e305d190287c28ca0cc2e45b909a304194175bb08351ad3f22825b1d632b1a217fb4b90dfd395637932307a8e0cc01da2f47831fa4eda91a18e49efe6685b74b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json.tmp

Filesize
136KB

MD5
5ac6637f28377e640cad422adf6aa833

SHA1
11ad80c96d3ffa21c3ec9825689c339cdea54edc

SHA256
9673db58ebee8878212a4a8f737dced4b3da8e1ac43322bc2b8a6a9bf460c4d9

SHA512
04d65d9203d8346c8df196bf9be8ad300c92a8808fd366952c42eb8a27949ed112c0da0c2b9addbb6085c9df8e7fa546caebdb91e755a20c6cd492db1fa34dcf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\20400

Filesize
98KB

MD5
1f91c50f87297aaa40c46a594c558d6f

SHA1
a87779465dde5d28315c8a975aa0ea82c962beba

SHA256
441c876dda95e52b394a9a3787ccdf5555da00ac0b326060c3de598af8edc3f8

SHA512
6f6ed8e4c317c6ab9baaa657c9df95c4b622b64291a4ea844baa8752e30babedccf07b2e794d5ef3e3b1796dff6d14576736230e4aa1f3cbc96ef4fd231dd8cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\4351

Filesize
98KB

MD5
55a15bbbe3e23f3023bf8ce0e7ab7f4e

SHA1
219477962d2ad5b372ce52c068233beac54f1fb5

SHA256
aeaf0c1c86b16da07d4777245c855094e2dcea68240a619fa01611ed7e2bf738

SHA512
fbf1de0e748bcf2c323e1943212ac6f25e5aba46212ba63f400da1af329538caae755f855b5810a87b55d9d6609caca7b03cac6bf8c790232218d88e153734c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE

Filesize
1.4MB

MD5
461d135a4fccd51bbae38f742e123fd3

SHA1
c12a442fbcd4a9c44102f0a560ba03d59bc501ed

SHA256
4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

SHA512
41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

Download Submit
C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE

Filesize
1.4MB

MD5
461d135a4fccd51bbae38f742e123fd3

SHA1
c12a442fbcd4a9c44102f0a560ba03d59bc501ed

SHA256
4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079

SHA512
41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\Dialer.dll

Filesize
3KB

MD5
6e7e197ffa13cea15434b221b96b3202

SHA1
5fc93dca4a33d79d8601e888daa21a1d0e02eab3

SHA256
cb94aead070194af4d3b01f80ef85f227a70b5cfcfa305d26c3b42b8853ac6b4

SHA512
4d294929ba55e145027107aeef135d918f2d6ec4a7e3b9fc8fc028924019d1987c12202cf37e9adf18a70a02fb321de7f060c4977de874687fc8a4d924cfb19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\Dialer.dll

Filesize
3KB

MD5
6e7e197ffa13cea15434b221b96b3202

SHA1
5fc93dca4a33d79d8601e888daa21a1d0e02eab3

SHA256
cb94aead070194af4d3b01f80ef85f227a70b5cfcfa305d26c3b42b8853ac6b4

SHA512
4d294929ba55e145027107aeef135d918f2d6ec4a7e3b9fc8fc028924019d1987c12202cf37e9adf18a70a02fb321de7f060c4977de874687fc8a4d924cfb19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\Dialer.dll

Filesize
3KB

MD5
6e7e197ffa13cea15434b221b96b3202

SHA1
5fc93dca4a33d79d8601e888daa21a1d0e02eab3

SHA256
cb94aead070194af4d3b01f80ef85f227a70b5cfcfa305d26c3b42b8853ac6b4

SHA512
4d294929ba55e145027107aeef135d918f2d6ec4a7e3b9fc8fc028924019d1987c12202cf37e9adf18a70a02fb321de7f060c4977de874687fc8a4d924cfb19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\InstallOptions.dll

Filesize
15KB

MD5
720304c57dcfa17751ed455b3bb9c10a

SHA1
59a1c3a746de10b8875229ff29006f1fd36b1e41

SHA256
6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

SHA512
c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\InstallOptions.dll

Filesize
15KB

MD5
720304c57dcfa17751ed455b3bb9c10a

SHA1
59a1c3a746de10b8875229ff29006f1fd36b1e41

SHA256
6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

SHA512
c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\InstallOptions.dll

Filesize
15KB

MD5
720304c57dcfa17751ed455b3bb9c10a

SHA1
59a1c3a746de10b8875229ff29006f1fd36b1e41

SHA256
6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

SHA512
c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\InstallOptions.dll

Filesize
15KB

MD5
720304c57dcfa17751ed455b3bb9c10a

SHA1
59a1c3a746de10b8875229ff29006f1fd36b1e41

SHA256
6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

SHA512
c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\LangDLL.dll

Filesize
5KB

MD5
f1e9eed02db3a822a7ddef0c724e5f1f

SHA1
65864992f5b6c79c5efbefb5b1354648a8a86709

SHA256
6dff504c6759c418c6635c9b25b8c91d0d9ef7787a3a93610d7670bb563c09df

SHA512
c22b64fff76b25cf53231b8636f07b361d95791c4646787ce7beac27ad6a0de88337dcceb25b5196f97c452dda72e2614647f51a8a18cb4d5228a82ed2e0780c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\LangDLL.dll

Filesize
5KB

MD5
f1e9eed02db3a822a7ddef0c724e5f1f

SHA1
65864992f5b6c79c5efbefb5b1354648a8a86709

SHA256
6dff504c6759c418c6635c9b25b8c91d0d9ef7787a3a93610d7670bb563c09df

SHA512
c22b64fff76b25cf53231b8636f07b361d95791c4646787ce7beac27ad6a0de88337dcceb25b5196f97c452dda72e2614647f51a8a18cb4d5228a82ed2e0780c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\ShellExecAsUser.dll

Filesize
43KB

MD5
552cba3c6c9987e01be178e1ee22d36b

SHA1
4c0ab0127453b0b53aeb27e407859bccb229ea1b

SHA256
1f17e4d5ffe7b2c9a396ee9932ac5198f0c050241e5f9ccd3a56e576613d8a29

SHA512
9bcf47b62ca8ffa578751008cae523d279cdb1699fd916754491899c31ace99f18007ed0e2cbe9902abf132d516259b5fb283379d2fead37c76b19e2e835e95a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\ShellExecAsUser.dll

Filesize
43KB

MD5
552cba3c6c9987e01be178e1ee22d36b

SHA1
4c0ab0127453b0b53aeb27e407859bccb229ea1b

SHA256
1f17e4d5ffe7b2c9a396ee9932ac5198f0c050241e5f9ccd3a56e576613d8a29

SHA512
9bcf47b62ca8ffa578751008cae523d279cdb1699fd916754491899c31ace99f18007ed0e2cbe9902abf132d516259b5fb283379d2fead37c76b19e2e835e95a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\UserInfo.dll

Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\UserInfo.dll

Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\UserInfo.dll

Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\UserInfo.dll

Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\UserInfo.dll

Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\ioSpecial.ini

Filesize
1KB

MD5
557a8b54e6487080d54b80e1c2018f57

SHA1
889be2e26d056087dc315a53063b8bc4a0e85457

SHA256
20f2be393bbd33c1bc45cb0979dcdc846dd0ef9d078c6c74e4a50c4b7098a3f1

SHA512
adf3f10e5c33130ef180431e751434b7aef1261f4ec27d9c846a98a2f7e9e385dd3a459f432b188e1d26460e07180aea7dfc308219af960d08305c21e616059c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb16F4.tmp\ioSpecial.ini

Filesize
1KB

MD5
1080d93713b74a1f7b5afd3764e03707

SHA1
7a3b1bc4992fe94e5e24c09e3d3d081c4beaeeb5

SHA256
823979c9e2a1b2936a123bd48227f35f6408bd074e5bbd205a79f94de2b6ad3a

SHA512
cc9860494cd0e7ccf333bd7b52d35dca807cfcff70bf5985f28571cb6ed658e8dfb56d94333713cbb2ded20265173319fd9d9d31951281ab9c8e4a946fd18e7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn33A5.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn33A5.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Roaming\Bandicam Company\BANDICAM\version.ini

Filesize
524B

MD5
74a46fcbfb594e272c9c7c811da0bcd8

SHA1
65ac29b8c681269fdaff73af0948260f0ef069d6

SHA256
98cdce6db400680f92156fea0287e2f0c8ea60844fc2c54adf018ae538d07160

SHA512
4a32794e857620fea037a5b1ad8051b5bc1c46551d37d282ce8e21c24c6df4e2ea2cd6c7781c8d25c0fcb7d25ce498ef1660339f673da8c6355ab9fe3cc5a0f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
d9b65c0699ee1f32ca38e1c7fe1ad5cd

SHA1
6eb27d01383e8e73e1d4615eb7a3a6f4f5ca8abc

SHA256
7890add7dc155d6420f8914603b42623672f4000913822349854561ca2051afe

SHA512
e0ba5a71972dd7a3de448e5e9fda5edae9a82699cd9d3a66fc1458923cca7ae0f8fc929b08d837fd91b3dd689a1cbb5db070ccc21c5a50c95cd4153b1febabac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
6KB

MD5
5575cee210bb3c4ee0a4591737b5f28d

SHA1
2a9ddc572f47d43b70eeb195f57dd10ca6e9e61a

SHA256
23f718b1a7905302c31cdbff82c15a562cb1a039c95beab385d5b4c312cc2f7d

SHA512
a2fac99910bfca78b6ff80c03514d62758a009cff7e97b8d61ec702178da324a39464d17f90b344ead6b1c12efe9947c4009ed87b894a38fcd4ceb7550fe1e70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
6KB

MD5
f6adf329e5ac8f2471e4af45573f235f

SHA1
8cce014ab64f7c06b3ca8b6edf947627d9a9d933

SHA256
723708028571ede35534fa88b38e0b34242b2d8f65a57e1e5f829a20738218d2

SHA512
3931beafb5e03b1845ed752a0f737a38712819706ce39d8871bfe5b13ba45dcfb8d67943f3c5d44649305913fe158c6bc543f34b60e0c87ac9fd96cc14b30ef9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
6KB

MD5
5965ea21fc06b41516b2811e4aba2f1c

SHA1
25a189883104a3fe8bafc314d7a1a70bdb3b5a9b

SHA256
5553bdc016720adab6cfa961cf28d60781b4e3d5a8729023d28bf158f2d1f496

SHA512
15292c6164e2abb66fe10ad61e7b1a50917aae11e16f2955e4d242b781f30cf6109607f4d13c68cd7dff99d7306c2e8d8225a802b9c4030cba56799e58a6cb1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
7KB

MD5
80bfa22d360ebf9b750d01d00e7be699

SHA1
5f738f603d1bcafcf5ea0332e24c8e8d67fd6440

SHA256
409f80e26510ef3f48ffee2a4a635c9cf7a0f33093e880dbb9386f42a9060ab3

SHA512
111196f9568db85df1dec98fca2ed060022cb6f61fc911309c3ece602b107ac2f425f441f3c5a641c1191e488b4fe7e2db6e13cc6e9bff7d230da2913e89d9ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs.js

Filesize
6KB

MD5
fcd5f37e5e4066f7cffe8eb106b6ce19

SHA1
b0a1c4d3d5c96271429fb09cb71055d177c13402

SHA256
38dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67

SHA512
afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
700fe59d2eb10b8cd28525fcc46bc0cc

SHA1
339badf0e1eba5332bff317d7cf8a41d5860390d

SHA256
4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

SHA512
3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
83754dd16a1d7810d0594d3f42e6654c

SHA1
cf7f3c06e9abb8529f8e73c4f84f62890c601f46

SHA256
466570e99abd6b70bf88f77eb8c427450690da2e05401e625ca1503cf00f61ce

SHA512
6aea0d379c40b4134d566bae33be818a6f2742e7fc9420456cb215d1bbe9fe8f6e5a96232c21d78a9668f5faa013cdf6d6bc79ee99f6e150c1478fe20389d555

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
071eea027891f0b614875b3f32bbee7c

SHA1
94183d9282e90c4e6d1dd46b1ec39315d6f7cd0b

SHA256
6b7f84bbb7262f4aa319fd1dccde2de4b0049bf81f8f8d2b1268c3a4ea574ce1

SHA512
a030b77c7da6faa55af721c4fd822fa5edc038bc65e7d2bfe62f91bcfa8bf0bc1380a88bfaef3401976e0c7d89a4d3bf4b2dc98d05d2751fe0c995702cc868ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
ee4085ec948d1966887138b117f68f43

SHA1
8dfd5230eacac7c4c4aa0d2195d999e51f141b2d

SHA256
b6f790a28cd9380e89237e18d2497487ecb3da66860ee9dd073ee146031b3499

SHA512
aa422f5f73831fa0c9884e9236bea44c054e4401e80bbf4d39e4eb4b32b57e2420c10a3258b1d381766a70f0d87d320ce7fafef3aae5cc95db2f77260d6acd40

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
113B

MD5
466d70c171f2e0cb2e89842b8abcbf62

SHA1
c5eececf4a9fc90350cd75817326060b16693759

SHA256
11b5ff10e982c83d5f30bfe12e0af93b2ec09fd0d15829b4deccf833c31151fd

SHA512
b12f153182600cb5cb87367ea7e4850cefec37e72e72cee7535847489fc591b91dc59563faf2ffd5047781d34c390f4f831013c04ca1ec5b05df2a9767b27645

Download Submit
C:\Users\Admin\Documents\Bandicam\bandicam 2023-04-16 19-56-23-632.mp4

Filesize
233KB

MD5
0733351acb56cdf8d80da8335eb1ec4d

SHA1
e16d0871e158728ceb26239909888bdfcf177cbb

SHA256
cf7409fcf5041286d1ce3eb1368cde97c5ca57cf437523e29ea0a4bbf854ffd6

SHA512
a90c94a5b0c62b55e8623b985523b4696c3d6c4284ed98b42ec04843bf943f70617dae6566b52d29be8d870cf554f3dddd27e3cdff02fdc18bc1260b9574ff2d

Download Submit
C:\Users\Admin\Downloads\bdcamsetup.HzCYecir.exe.part

Filesize
30.8MB

MD5
911c2504a4654b67cce367ca046a8279

SHA1
ee522f5a780d6f240b9f4a1942da9dea21d82d68

SHA256
8e271c7ebbd96968fa4c0a335a2caf893ed9dd049dfaeb27e189d54d025d9950

SHA512
c4e7b044be3a912c63d9bb82ddefb76dfa7dd3c1c7c02a4570dce232cf398824a85bd975f37390c66d28a49704837a499971bec67a094b72dd91492eac820601

Download Submit
C:\Users\Admin\Downloads\bdcamsetup.exe

Filesize
30.8MB

MD5
911c2504a4654b67cce367ca046a8279

SHA1
ee522f5a780d6f240b9f4a1942da9dea21d82d68

SHA256
8e271c7ebbd96968fa4c0a335a2caf893ed9dd049dfaeb27e189d54d025d9950

SHA512
c4e7b044be3a912c63d9bb82ddefb76dfa7dd3c1c7c02a4570dce232cf398824a85bd975f37390c66d28a49704837a499971bec67a094b72dd91492eac820601

Download Submit
C:\Users\Admin\Downloads\bdcamsetup.exe

Filesize
30.8MB

MD5
911c2504a4654b67cce367ca046a8279

SHA1
ee522f5a780d6f240b9f4a1942da9dea21d82d68

SHA256
8e271c7ebbd96968fa4c0a335a2caf893ed9dd049dfaeb27e189d54d025d9950

SHA512
c4e7b044be3a912c63d9bb82ddefb76dfa7dd3c1c7c02a4570dce232cf398824a85bd975f37390c66d28a49704837a499971bec67a094b72dd91492eac820601

Download Submit
memory/380-1953-0x00007FFD047E0000-0x00007FFD047F1000-memory.dmp

Filesize
68KB

Download
memory/380-1968-0x00007FFD01970000-0x00007FFD019B2000-memory.dmp

Filesize
264KB

Download
memory/380-1981-0x00007FFD024E0000-0x00007FFD0250F000-memory.dmp

Filesize
188KB

Download
memory/380-1983-0x00007FFD01550000-0x00007FFD01566000-memory.dmp

Filesize
88KB

Download
memory/380-1982-0x00007FFD018A0000-0x00007FFD018B1000-memory.dmp

Filesize
68KB

Download
memory/380-1980-0x00007FFD05DF0000-0x00007FFD05E00000-memory.dmp

Filesize
64KB

Download
memory/380-1979-0x00007FFCF64E0000-0x00007FFCF7C90000-memory.dmp

Filesize
23.7MB

Download
memory/380-1961-0x00007FFD03C20000-0x00007FFD03C8F000-memory.dmp

Filesize
444KB

Download
memory/380-1973-0x00007FFCF7C90000-0x00007FFCF7EDB000-memory.dmp

Filesize
2.3MB

Download
memory/380-1972-0x00007FFD018C0000-0x00007FFD01917000-memory.dmp

Filesize
348KB

Download
memory/380-1959-0x00007FFD04410000-0x00007FFD04440000-memory.dmp

Filesize
192KB

Download
memory/380-1950-0x00007FFD048A0000-0x00007FFD048DF000-memory.dmp

Filesize
252KB

Download
memory/380-1951-0x00007FFD04820000-0x00007FFD04841000-memory.dmp

Filesize
132KB

Download
memory/380-1952-0x00007FFD04800000-0x00007FFD04818000-memory.dmp

Filesize
96KB

Download
memory/380-1936-0x00007FF7E8710000-0x00007FF7E8808000-memory.dmp

Filesize
992KB

Download
memory/380-1937-0x00007FFD051A0000-0x00007FFD051D4000-memory.dmp

Filesize
208KB

Download
memory/380-1938-0x00007FFCFF590000-0x00007FFCFF844000-memory.dmp

Filesize
2.7MB

Download
memory/380-1945-0x00007FFD04A80000-0x00007FFD04A91000-memory.dmp

Filesize
68KB

Download
memory/380-1946-0x00007FFD04900000-0x00007FFD0491D000-memory.dmp

Filesize
116KB

Download
memory/380-1947-0x00007FFD048E0000-0x00007FFD048F1000-memory.dmp

Filesize
68KB

Download
memory/380-1948-0x00007FFCFE9A0000-0x00007FFCFEBA0000-memory.dmp

Filesize
2.0MB

Download
memory/380-1944-0x00007FFD050F0000-0x00007FFD05107000-memory.dmp

Filesize
92KB

Download
memory/380-1943-0x00007FFD05110000-0x00007FFD05121000-memory.dmp

Filesize
68KB

Download
memory/380-1942-0x00007FFD05130000-0x00007FFD05147000-memory.dmp

Filesize
92KB

Download
memory/380-1941-0x00007FFD05150000-0x00007FFD05168000-memory.dmp

Filesize
96KB

Download
memory/380-1949-0x00007FFCF8050000-0x00007FFCF90FB000-memory.dmp

Filesize
16.7MB

Download
memory/380-1969-0x00007FFD01920000-0x00007FFD0196C000-memory.dmp

Filesize
304KB

Download
memory/380-1970-0x00007FFCF7EE0000-0x00007FFCF804B000-memory.dmp

Filesize
1.4MB

Download
memory/380-1955-0x00007FFD047A0000-0x00007FFD047B1000-memory.dmp

Filesize
68KB

Download
memory/380-1962-0x00007FFD04140000-0x00007FFD04151000-memory.dmp

Filesize
68KB

Download
memory/380-1963-0x00007FFD019C0000-0x00007FFD01A16000-memory.dmp

Filesize
344KB

Download
memory/380-1960-0x00007FFD04160000-0x00007FFD041C7000-memory.dmp

Filesize
412KB

Download
memory/380-1965-0x00007FFD03C00000-0x00007FFD03C17000-memory.dmp

Filesize
92KB

Download
memory/380-1966-0x00007FFCFE830000-0x00007FFCFE9A0000-memory.dmp

Filesize
1.4MB

Download
memory/380-1967-0x00007FFD029F0000-0x00007FFD02A02000-memory.dmp

Filesize
72KB

Download
memory/380-1964-0x00007FFD010C0000-0x00007FFD01238000-memory.dmp

Filesize
1.5MB

Download
memory/380-1958-0x00007FFD04440000-0x00007FFD04458000-memory.dmp

Filesize
96KB

Download
memory/380-1957-0x00007FFD04500000-0x00007FFD04511000-memory.dmp

Filesize
68KB

Download
memory/380-1956-0x00007FFD04780000-0x00007FFD0479B000-memory.dmp

Filesize
108KB

Download
memory/380-1954-0x00007FFD047C0000-0x00007FFD047D1000-memory.dmp

Filesize
68KB

Download
memory/2804-1918-0x000001DE64DC0000-0x000001DE65517000-memory.dmp

Filesize
7.3MB

Download
memory/2804-1910-0x00007FF6210D0000-0x00007FF621DEC000-memory.dmp

Filesize
13.1MB

Download
memory/2804-1920-0x000001E66C350000-0x000001E66C351000-memory.dmp

Filesize
4KB

Download
memory/2804-1921-0x00007FFCF95A0000-0x00007FFCFAA90000-memory.dmp

Filesize
20.9MB

Download
memory/3824-135-0x0000000000400000-0x0000000000419710-memory.dmp

Filesize
101KB

Download
memory/3824-134-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/3824-133-0x0000000000400000-0x0000000000419710-memory.dmp

Filesize
101KB

Download
memory/5160-1906-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/5160-1907-0x0000000000400000-0x0000000000419710-memory.dmp

Filesize
101KB

Download
memory/5160-1905-0x0000000000400000-0x0000000000419710-memory.dmp

Filesize
101KB

Download
memory/5412-1036-0x00007FF6210D0000-0x00007FF621DEC000-memory.dmp

Filesize
13.1MB

Download
memory/5412-1035-0x00007FFD22A70000-0x00007FFD22A72000-memory.dmp

Filesize
8KB

Download
memory/6828-1322-0x00007FF6210D0000-0x00007FF621DEC000-memory.dmp

Filesize
13.1MB

Download
memory/6828-1904-0x0000022F11F80000-0x0000022F126D7000-memory.dmp

Filesize
7.3MB

Download
memory/6828-1717-0x0000022F11F80000-0x0000022F126D7000-memory.dmp

Filesize
7.3MB

Download