Analysis

  • max time kernel
    144s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240220-es
  • resource tags

    arch:x64arch:x86image:win7-20240220-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    22/02/2024, 20:50

General

  • Target

    bandicam-1-6-en.exe

  • Size

    5.0MB

  • MD5

    b3dda3747f13053c8d42651b898ae81b

  • SHA1

    04c3878ff05f1dd2a190ff7824bcfe6e64be70e0

  • SHA256

    e2bda9dd998cbfc495ad3c077b0340447ea325de375953fe7400b3044147730f

  • SHA512

    917d197afea2fc2320ed37ffe14b6eb9ade60d4b3bbbd062184c07c92444b13ae27f2e1df63728d335461b6e7d8139d147906102c0e102abc4e954dcfd77b8b5

  • SSDEEP

    98304:NPhahnEm71/Cs8awInQ9hBZ8XcoaRI5fRrZ8mO2zMQmhBhrqfDGi+4iVPcPx/:NPPmGawIBXcoaMRrZ8mz0Rrgii1jx/

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 42 IoCs
  • Registers COM server for autorun 1 TTPs 12 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in System32 directory 6 IoCs
  • Drops file in Program Files directory 28 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
  • Modifies registry class 56 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 39 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bandicam-1-6-en.exe
    "C:\Users\Admin\AppData\Local\Temp\bandicam-1-6-en.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE
      C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE /S
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1764
      • C:\Windows\SysWOW64\regsvr32.exe
        "regsvr32" /s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:816
        • C:\Windows\system32\regsvr32.exe
          /s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"
          4⤵
          • Loads dropped DLL
          • Registers COM server for autorun
          • Modifies registry class
          PID:344
    • C:\Program Files (x86)\Bandicam\bdcam.exe
      "C:\Program Files (x86)\Bandicam\bdcam.exe" /install
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:1828
    • C:\Program Files (x86)\Bandicam\bdcam.exe
      "C:\Program Files (x86)\Bandicam\bdcam.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:272
      • C:\Program Files (x86)\Bandicam\bdcam64.bin
        "C:\Program Files (x86)\Bandicam\bdcam64.bin"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetWindowsHookEx
        PID:1980
  • C:\Program Files (x86)\Bandicam\bdcam.exe
    "C:\Program Files (x86)\Bandicam\bdcam.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    PID:2328
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
    • Loads dropped DLL
    PID:2484
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-51-58-407.avi"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2132
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-51-58-407.avi"
    1⤵
      PID:948
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-51-58-407.avi"
      1⤵
        PID:2888
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-52-09-141.avi"
        1⤵
          PID:2764
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-52-09-141.avi"
          1⤵
            PID:2540
          • C:\Program Files\VideoLAN\VLC\vlc.exe
            "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-52-09-141.avi"
            1⤵
              PID:1900
            • C:\Program Files\VideoLAN\VLC\vlc.exe
              "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-52-09-141.avi"
              1⤵
                PID:2852
              • C:\Program Files\VideoLAN\VLC\vlc.exe
                "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-52-09-141.avi"
                1⤵
                  PID:3036

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll

                        Filesize

                        3.7MB

                        MD5

                        79dd4a67830c508079eccdd8c1332cc4

                        SHA1

                        f8a4fba282d40b8c1a9bf7339cec1e3d947d321d

                        SHA256

                        87c92d2e700f9a3bc62630be3a92e2df01d8d497afcf30d466d65f926a65f230

                        SHA512

                        2605d00cb14957384e1016a1f0e587e8c38a303814374ffeaf74504b8cd92d432c875b72d44b7a8565fa9c209d3d899560c4d47f7bf568a141b7100bd2525545

                      • C:\Program Files (x86)\Bandicam\bdcam.dll

                        Filesize

                        433KB

                        MD5

                        65e41d4d1b4026f613327bc8afa459ea

                        SHA1

                        bbb158ecfc93d345e3c64cd9ea7b5f1f0e875f20

                        SHA256

                        2ea45b8f233b61fc60058368eac9cec9f4f46f8cebc1f5ca4799a84a82e3e838

                        SHA512

                        aeb1177843aba73e7dc0f4672ee51c99d193aade7f88bab89adca12b2833f4420c01cb13424cda2061912df3afca4a1571e9090d44c9ec6ee5460156af558cdd

                      • C:\Program Files (x86)\Bandicam\bdcam64.dll

                        Filesize

                        527KB

                        MD5

                        6735e157c2dd2f016544d263e8eb5165

                        SHA1

                        b7e6d8cb10f99b216c87b08660e3cd6a674220f1

                        SHA256

                        d78eeab3e08f311f276364c2c0327cf3992b15014b2bb9abcbbf683faa51e2a4

                        SHA512

                        b7035578e97fdbb42e75348974f901871faeea7a9f6a864489b37952fa4967b714db810bd1f86dbe266028675894c1ad427b499accea339bd1f5514e825ad90a

                      • C:\Program Files (x86)\Bandicam\bdcap32.dll

                        Filesize

                        7.3MB

                        MD5

                        dbd6094a7248f7a4bd755adc55f095da

                        SHA1

                        cee1d24d3d5ccee5523599eee6d7dd2bdbc98d95

                        SHA256

                        6939ff90e3e7f582b566fdf752e97ec4a345b5f90e6c957fafc73b493c997659

                        SHA512

                        ee19b29ae0050a2ffd1921d81b1e0b5411d19601cc06acf7d17e4eee27c007fe7fe69d12fe9adc9eff04a8e90caffdef37ac835b4d13abc3b745e4f0ce7eefb7

                      • C:\Program Files (x86)\Bandicam\bdcap64.dll

                        Filesize

                        8.1MB

                        MD5

                        f4421e989622a0c2e4c0bd77a179c854

                        SHA1

                        cee242a535f59d8ca8f470116518d4c80ba9afad

                        SHA256

                        e0e958b9e002028900e48236041fe9a515e64d65d452fb541ae18fc93a482254

                        SHA512

                        cb8a85b3ed4e88ec565bbc33829992922ffc52fa9a71f9c91d6d10d212ef3da215f360c9483bee8cc620d9777b63b06904064db1440a0e75b91e12b60d68b110

                      • C:\Program Files (x86)\Bandicam\lang\English.ini

                        Filesize

                        22KB

                        MD5

                        e85add0df008c9d0c8558d5f3025226b

                        SHA1

                        94b411c91a05a98764a8201999bb9a6e9df435b7

                        SHA256

                        b4a147b0b33c794965773431dd9ecb04bb124ebe0787f7ab35e4c1ed6f931af2

                        SHA512

                        35298e335984a74a888287203f7089a72c92d47cabe0fcf39098b76bc77617dc80b99534d13eed80f1c8bf99b084d09f0d3d36b9032433b71fddc602bfc00476

                      • C:\Program Files (x86)\Bandicam\language.dat

                        Filesize

                        14KB

                        MD5

                        f7f4b925ca5d5a0caad2d3aebdf076c0

                        SHA1

                        fd3bf0ff4e2575ec6f3be0d248189139537fe676

                        SHA256

                        2ef96c05560a59dcd27dd11b8de0e3f6840618e4887ba78dcd3903128d731783

                        SHA512

                        a7942b5351c5f4370db496cb114310a541e97f3789231f0cc550e0c8b0aebc76f5be7ac429683a61180f2473ae03a85c00800d3749cd993531e6d8bc4c39fb0e

                      • C:\Program Files (x86)\Bandicam\skin\btn_black.png

                        Filesize

                        2KB

                        MD5

                        f56be1f9a60af16d43dc4e9f0e509c26

                        SHA1

                        32b29025eacf69da76c4bd2c094afeee9155e1b0

                        SHA256

                        305e4491539d98b8553ec50e3ef5a117b4aeb4a69f783dfe726ea00a5079768b

                        SHA512

                        2f5226c687d63e78e7f974e65a76164294690ac35b1ff493fa7dcbe600151e778e8a8da92c4e98d06ad9d7923716910f3129cac2535da9703b735f2e0c2a40c1

                      • C:\Program Files (x86)\Bandicam\skin\btn_fullscreen.png

                        Filesize

                        2KB

                        MD5

                        9357ab0462e77810c4a25d78c5ce9755

                        SHA1

                        2d2df27fe96f1455dbc8cd6ae648b9e7ee5ae5ec

                        SHA256

                        f3b09cc3d4ce6c19e55e5533d5901b2530bfe97cf738d43ecb30be25c241dd44

                        SHA512

                        c27728570f5615ccaec397b41fbfb8d54939294f97be84485bcf464202a05ed00a0e0f8b41ca3d5620722d17893707b3e8b4458bb87a5215284393ff5d6a9119

                      • C:\Program Files (x86)\Bandicam\skin\btn_img_start.png

                        Filesize

                        2KB

                        MD5

                        be10a75439d9ecc7dabcf025d0af43f9

                        SHA1

                        5c736b01aaa77c3e58bf3373e92bf31e1f8b44dd

                        SHA256

                        3560b58def1255d7bf545cac5140a9015b8d1f22a7cefd5cf46fa4919a5fb8a9

                        SHA512

                        3917da9c3afe5045719daf5d3b187d5e82ba4486392dc8d80641f9b0fa7986bab96a3227d8f4af8cc4ed49785145b90ce44cd7dbdeac54cb7502cd2f8df61bb5

                      • C:\Program Files (x86)\Bandicam\skin\btn_img_stop.png

                        Filesize

                        2KB

                        MD5

                        3b3b6959d370c94b7c204b20c4ab5e78

                        SHA1

                        1a13e189cee8fc1202813c9c96b43b54ba3db692

                        SHA256

                        7f9350648c84d8b1957d246ded796b244d084cabfa97e171f286c45041ef53a4

                        SHA512

                        e64ee2e46f4a66ab8c36a7cd9e224e7d381aad5c1339d18c5679ac7893c6a04b53f1f10f0a97666dd8cf8294be89c07140dbcd945666e13705d82cfc4e412ae7

                      • C:\Program Files (x86)\Bandicam\skin\btn_rec_pause.png

                        Filesize

                        2KB

                        MD5

                        20477bad4983be7372dc80cac88bac2a

                        SHA1

                        565c00ba58660545b4ba784fa822bf201c41c8fa

                        SHA256

                        79081a7e2c77e47b81641091e9f72f852795b788367f8a4726649403a1b62b40

                        SHA512

                        6ba3112a7144e359f9a4bd9857de7077f4364461872e70f2054304aa402533d78066ec9d39273f2a68a68cf082ef2ac2fef9e043d4bc2a55e11d11b0aa7692eb

                      • C:\Program Files (x86)\Bandicam\skin\btn_rec_paused.png

                        Filesize

                        224B

                        MD5

                        f1c6f50b22f7bea4ed38f45ff528225f

                        SHA1

                        9b39a3aeacbc30b67a8214fd4ed88a8b8cfd4fae

                        SHA256

                        ecf474c46cff1c2798ba7ba982741d09dc626f84463806400ed8404e50391fa8

                        SHA512

                        9d97d4af2f854df325e79e6f173fafabbf6b57cefb14f928fe54231f9c23fa7583c15b6d4def1ca896d26a8df20d7c9c1799175d6da3cd62732af63e050dc4fc

                      • C:\Program Files (x86)\Bandicam\skin\btn_rec_start.png

                        Filesize

                        3KB

                        MD5

                        dacfdfadd1a6c653315fb75dbb2d551d

                        SHA1

                        5d11b7562fccbe493956260fb608554f0ee45c51

                        SHA256

                        998667978fb8a537daab043f3241a8f66ef13918e9d423b3844a275878737510

                        SHA512

                        c39dba12fb99b588ebc3b5717a3442f7d9fcd8f2e31df3659ad774341b8d5a94dc9a92ea1fbe01af5dbe348a2fd5c7e9343144f28515d6b58b2d89877c6bba81

                      • C:\Program Files (x86)\Bandicam\skin\btn_rec_stop.png

                        Filesize

                        2KB

                        MD5

                        d221ec5e349525dab88addb140f4d30c

                        SHA1

                        fbb545954a0bcb0df2095618a4b2857296a46e6b

                        SHA256

                        04675081ca3c58fb681e93e88eb3161d60ad227906dc6cd84cf8b3c3bacea36f

                        SHA512

                        decd2e5d00fafc6feda7949ac2e001e0c3a263d09f6e3cdbce401567a99ab85f884e84bfe57a87ba29b01f55b45135473a6136065e90664e4adf7c6784461910

                      • C:\Program Files (x86)\Bandicam\skin\btn_restore.png

                        Filesize

                        2KB

                        MD5

                        29f2fdb760b7c32223a6f34a5abd68f8

                        SHA1

                        b7032f967240811359e43b7774eb6ce4b1339fcd

                        SHA256

                        98b8a57cea1367ff842442ff279f7a6625a885f02f2e4f3872d56748c0d9d58e

                        SHA512

                        957f1cfdb11713ec646d2be16e73c380d7240320b61c15e7a90e34d0b5edc3b6d9c7048cf143e0ff49629a28749735b984f76111060632bfca3f476685ad5d05

                      • C:\Program Files (x86)\Bandicam\skin\target.xml

                        Filesize

                        2KB

                        MD5

                        f2285f41b171567438ddde7e9158c26a

                        SHA1

                        cdfd44936bda119763bde9f24ac6607bc58b5d26

                        SHA256

                        5a521902edefc55ce042befb427e8c8d8cb069889af714c51403b5251350f9a5

                        SHA512

                        23a38cd1ccc946ce9b50111e4cca2d537f19b699ae1765ebc690dda770406ebc4ab8e786f2d422c0d3f8047b22a1bebc0ba2c8402227e2eb679c0f1e55e04e93

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        4073b984b589a06bed959178bd93098a

                        SHA1

                        5e1c458e7ea3148860f92bf7de074ddd5a88a278

                        SHA256

                        6663ce51ff0a05bf288ad0438bac088edf0178d556e5f6f0932fdbed9ef14883

                        SHA512

                        d83ead8afe9e5abe6ae68f95d7811556412e62e195b0a3e55ee592d1df0cca82440d970d1949e2dd2b3a5f2060c24a05a91f987ba3ceffc30ead4308d29e4c42

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        5515c85a5c2707c44e10585fd48699bd

                        SHA1

                        75c04707623359a730a5e4792289cdd30312915b

                        SHA256

                        c7086b9ee9a2b35e1bd0e3ee3881a8b3f2650fa39d7fec53b398c82a47252ebf

                        SHA512

                        3aa8b824aa0425a765c45a439ddfc731847f1b1b0277968f424d77e39933994a0ff83bd3911b98556806ee065624272d390dc8265a866b5f2def1ab0f6437583

                      • C:\Users\Admin\AppData\Local\Temp\Cab92A1.tmp

                        Filesize

                        65KB

                        MD5

                        ac05d27423a85adc1622c714f2cb6184

                        SHA1

                        b0fe2b1abddb97837ea0195be70ab2ff14d43198

                        SHA256

                        c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                        SHA512

                        6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                      • C:\Users\Admin\AppData\Local\Temp\Tar92C3.tmp

                        Filesize

                        171KB

                        MD5

                        9c0c641c06238516f27941aa1166d427

                        SHA1

                        64cd549fb8cf014fcd9312aa7a5b023847b6c977

                        SHA256

                        4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

                        SHA512

                        936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

                      • C:\Users\Admin\AppData\Local\Temp\nsoDE7.tmp\ioSpecial.ini

                        Filesize

                        1KB

                        MD5

                        d37776c31a8b93d2265ac0034845367d

                        SHA1

                        84499d98ee6474d901fd19de5d9a8632856f5ee6

                        SHA256

                        fc70bdaa453ef99c83577f7510f700d7c53d1a5229aacfb590d6aa3dc7705800

                        SHA512

                        effc1c7c0c60b3b6ef0c5c0dfdc01e6ec1136a9c2967d6f0af757f50bea1a3004ff086dfeca50d7f75423e69f0b665725e1e5854e4d357911655945a1309d759

                      • C:\Users\Admin\AppData\Local\Temp\nsoDE7.tmp\ioSpecial.ini

                        Filesize

                        1KB

                        MD5

                        7fe7cf7235beb5f6a68871062c168d2b

                        SHA1

                        27518a1a4fc6004393c66eade8780e6baa293973

                        SHA256

                        fdd43e9492775de2a4a5e74980f6ba39131df3f3005ef95bbcc49b9fc1ee1f5e

                        SHA512

                        768b907dc8af11d2a645a32647c15a99256ee5cfc471f2eed88db6914e8ba904ba83c9a5ca8f29d7fa7b562de340078802c027719ed193ad83ee2adf2eeec432

                      • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

                        Filesize

                        110B

                        MD5

                        9cdbedcfbe18e2c032e46d1a315d1c87

                        SHA1

                        c712944782a512d63fee5357d2e623a3ad546622

                        SHA256

                        007e21a3591c6553c5c0f6ff39949bdf7aa1b2e18f4c61295c2b32a67ca60346

                        SHA512

                        aba9442c4920688c2d5336160e1fe12fc1647438358c8ab86aa3911fa31b2a0f681426910648c0c946da2992f70c9755ed6363932e1c5f4eea0ebaba78f8d83a

                      • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Ya2132

                        Filesize

                        109B

                        MD5

                        5edb9e8849bb9e705f1ebab12b7baa65

                        SHA1

                        b7fbd4407e0c5b254f72b39b4ab0c672cbadd527

                        SHA256

                        3b396c2f48ea2a007f7413d43a9dc7be796138443cd2f8bc4d7d52e5ff6fa80d

                        SHA512

                        e3389c9e07fe2de0e684410c6c70870d86c274b79e24dad4cb7597226729bb59973749ff6610c27591612d9ff64f57b1379b3e7c657052e882104b43a2461f59

                      • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.if2132

                        Filesize

                        193B

                        MD5

                        65ed24a11c9f5b04ac0ce86b4c6e101d

                        SHA1

                        a0ee450e1b01414de6babe3c0a479a15ae564bb3

                        SHA256

                        7231e2456a770ce90f06192829a102424c7fdafd6855e3a35f58e5513add1ff4

                        SHA512

                        1bdd36f1a2cd2b989c5a59e44b464dca6b1abf9b6e694c80572e5544e5351a7a3f9f09d7bf0c7cca4a3e20800bdd8265f2a1c8b57b6f2b2513049f7550bb5e00

                      • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

                        Filesize

                        18B

                        MD5

                        7f293cac32fc16482a32c6278049f5f6

                        SHA1

                        589c983bf2717315a7b2ea56b7d53c5719a4e040

                        SHA256

                        dfd31a6c22504ee227680dff1eb84484603120ac49bc626406022c613897e1fb

                        SHA512

                        15a6a10b8cea3d435612bd8518b700f202c52a86ce2898baa98c1eca1819aa048c4a1d374053226e78bdd1bf59ed059f0c9d07f850bfe4a79e77fabfe93a7fec

                      • \Program Files (x86)\Bandicam\bdcam.exe

                        Filesize

                        975KB

                        MD5

                        907a27105e6792d926220de1d69f9a90

                        SHA1

                        d512f68501ace290604e4ab6f45bfd4361045301

                        SHA256

                        c6700c69f3430da3fe9548d116e18b312ede6746eedf24dfd20aa42b6f70e249

                        SHA512

                        779d5a0f41ded1cc3b6ab9d8c04d7ce4c2f5bf4207aa56ebf1ae530ac828fd6d953c9d623e815fdaddfba00c7a9da7678cfdaebe3e23e9e8d4538cae7c276a1b

                      • \Program Files (x86)\Bandicam\bdcam64.bin

                        Filesize

                        343KB

                        MD5

                        2fc6fd53536961b070df7ba5caebf10b

                        SHA1

                        224a957cbcc956d2243691a2fca06b233e01b5e4

                        SHA256

                        58f7639fc9cfdb8266e48b743cd574c0a371e4286d75f50f8338305824f3dc84

                        SHA512

                        6e5cde246eb8a6e86fac139fdbd9d8f58a7d000d60027cf214149bf1544324a0ba56fd822ba0c5a652b095c046d0582f4a71429e20877a8f0325fbb3d05edf62

                      • \Program Files (x86)\Bandicam\bdfix.exe

                        Filesize

                        440KB

                        MD5

                        eeed3bd6972c1be2ed04886688db3e60

                        SHA1

                        3cb808d109349d5e6612012746a66e259880d0ce

                        SHA256

                        95e172c0359f8471d4f538053fe48a54a33cb7f5e64355692ed41e04d21cdeaa

                        SHA512

                        c6e1c147ea7e4e3e6fe3e8225342e3a392841eca1a1262e128c1502e75111c6124b7811f8c66aca046bdd8354cb47c536948668ef7b4aee2d2fc21bb52a86bd5

                      • \Program Files (x86)\Bandicam\uninstall.exe

                        Filesize

                        50KB

                        MD5

                        40c88c648a1be28d1492a61aef691b89

                        SHA1

                        50c001c2cf5b45e10f000ccdaff1b8e830aec41f

                        SHA256

                        0f23050433a14ef76b155a35b6bfda26b3c0b2ca58f5668455bad884de7ad7ce

                        SHA512

                        fd009303d4c684186ce3d5ae4e34c9507137e6cafaedf5c46797c0265d4225bb715b6cfbef5229bb8774f299ef3ac0c78b67451e59258190f17cee7fa6cb8aaa

                      • \Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE

                        Filesize

                        1.2MB

                        MD5

                        0589ff5a72fe0c792e804734792694f9

                        SHA1

                        e27158e3e714625f2adcc27afd83b182e83b037b

                        SHA256

                        2705379fddf8dd2841cfd384f48fda20d7012d1524ddc529efcd0631f68db70f

                        SHA512

                        ea385c072de2d01a6e5b46dfcb7b7c12011d6138e837fab8fc147bbd0869e251452e645239a4b88cb675e525eb4abff76386d16ec4cb21ffeac6c5e5cdbea7a3

                      • \Users\Admin\AppData\Local\Temp\bdfilters.dll

                        Filesize

                        3.1MB

                        MD5

                        ce7771d46984248bdda017f5c6f608f7

                        SHA1

                        1dc0f86c9b4752463b59d5070f59f99f63cc5ee5

                        SHA256

                        a8e95fede4a8df0bb8881d19f2d81fd87f37118c8e93004e0857cebb996f44a3

                        SHA512

                        b1e267f91c05544b4a02e57601e021934ba884eebfc51277cefa917383a1c1ec85ddeb3b5f927885967e46a0cb97adceae81443a6423fbbc2a598e717d279fb3

                      • \Users\Admin\AppData\Local\Temp\nso7226.tmp\System.dll

                        Filesize

                        11KB

                        MD5

                        c17103ae9072a06da581dec998343fc1

                        SHA1

                        b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

                        SHA256

                        dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

                        SHA512

                        d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

                      • \Users\Admin\AppData\Local\Temp\nsoDE7.tmp\InstallOptions.dll

                        Filesize

                        15KB

                        MD5

                        6e663f1a0de94bc05d64d020da5d6f36

                        SHA1

                        c5abb0033776d6ab1f07e5b3568f7d64f90e5b04

                        SHA256

                        458b70e1745dc6e768d2338ccf3e6e86436488954ca3763472d8ffec4e7177e4

                        SHA512

                        2a037c39f3a08d4a80494227990f36c4fef2f73c4a6ad74dcc334317a1372234c25d08d8b80d79e126881a49fa4b3f2fffe3604c959d9ceceb47acc7192cc6a5

                      • \Users\Admin\AppData\Local\Temp\nsoDE7.tmp\LangDLL.dll

                        Filesize

                        5KB

                        MD5

                        8e806ea2e205dc508a2fb5adda3419db

                        SHA1

                        21beab4e309b139fdcca7dd708df8dbbfd2dd5a3

                        SHA256

                        86a55734b8802051bbbd0e8c9c506d0ca985bc5c99113e99b309469046133937

                        SHA512

                        6b362bdadd6801ceb6106485015a4ae6d227dc04c1397a730ac8fd44b00649876ee7cbd0d7690b41dcaa8451c94e9f5838daa9fbc21f7306740de89667468cc1

                      • \Users\Admin\AppData\Local\Temp\nsoDE7.tmp\UserInfo.dll

                        Filesize

                        4KB

                        MD5

                        351b802508ee5462cbf7f35454a9dca6

                        SHA1

                        7b9a1bc758e10af02124143680f636853b421da1

                        SHA256

                        39275ee1767aac3ae0929a3e67a84a921610b45d5cfff3db1641893504d5c78d

                        SHA512

                        6b0a4a500597fefaceb5eab79737d4f8dd253bb6bf8c263699314deda417763857b4407457d877b28f7a9c1f40a241d378ccae80c68541ff3f102eac8a6ff8d2

                      • \Windows\System32\bdmpega64.acm

                        Filesize

                        61KB

                        MD5

                        15f294a30095669856f7ba556af0b679

                        SHA1

                        991dd83adf483624c7e34b1ff02e6d3855a51282

                        SHA256

                        64c8b2367272b8947163b359fca4353412b84e56540b1971bac3a867a1da3c9d

                        SHA512

                        f56ce8a68017b7ed27df82000bc4b083c52b4e3bed4b641d79b6cc685fb3568ad0e7d1223d8a9c417d263ae0782a76ff0f263ab87b75d98cf19a70b8b04a595a

                      • memory/2132-685-0x000007FEF4030000-0x000007FEF4041000-memory.dmp

                        Filesize

                        68KB

                      • memory/2132-712-0x000007FEF35D0000-0x000007FEF35E1000-memory.dmp

                        Filesize

                        68KB

                      • memory/2132-672-0x000007FEF5470000-0x000007FEF5487000-memory.dmp

                        Filesize

                        92KB

                      • memory/2132-673-0x000007FEF5450000-0x000007FEF5461000-memory.dmp

                        Filesize

                        68KB

                      • memory/2132-674-0x000007FEF5430000-0x000007FEF544D000-memory.dmp

                        Filesize

                        116KB

                      • memory/2132-676-0x000007FEF5210000-0x000007FEF5410000-memory.dmp

                        Filesize

                        2.0MB

                      • memory/2132-675-0x000007FEF5410000-0x000007FEF5421000-memory.dmp

                        Filesize

                        68KB

                      • memory/2132-677-0x000007FEF4160000-0x000007FEF520B000-memory.dmp

                        Filesize

                        16.7MB

                      • memory/2132-679-0x000007FEF40F0000-0x000007FEF4111000-memory.dmp

                        Filesize

                        132KB

                      • memory/2132-682-0x000007FEF4090000-0x000007FEF40A1000-memory.dmp

                        Filesize

                        68KB

                      • memory/2132-681-0x000007FEF40B0000-0x000007FEF40C1000-memory.dmp

                        Filesize

                        68KB

                      • memory/2132-680-0x000007FEF40D0000-0x000007FEF40E8000-memory.dmp

                        Filesize

                        96KB

                      • memory/2132-678-0x000007FEF4120000-0x000007FEF415F000-memory.dmp

                        Filesize

                        252KB

                      • memory/2132-683-0x000007FEF4070000-0x000007FEF4081000-memory.dmp

                        Filesize

                        68KB

                      • memory/2132-670-0x000007FEF7A50000-0x000007FEF7A67000-memory.dmp

                        Filesize

                        92KB

                      • memory/2132-687-0x000007FEF3FE0000-0x000007FEF4010000-memory.dmp

                        Filesize

                        192KB

                      • memory/2132-689-0x000007FEF3F00000-0x000007FEF3F6F000-memory.dmp

                        Filesize

                        444KB

                      • memory/2132-690-0x000007FEF3EE0000-0x000007FEF3EF1000-memory.dmp

                        Filesize

                        68KB

                      • memory/2132-697-0x000007FEF3E80000-0x000007FEF3ED6000-memory.dmp

                        Filesize

                        344KB

                      • memory/2132-698-0x000007FEF3E50000-0x000007FEF3E78000-memory.dmp

                        Filesize

                        160KB

                      • memory/2132-699-0x000007FEF3CD0000-0x000007FEF3E48000-memory.dmp

                        Filesize

                        1.5MB

                      • memory/2132-688-0x000007FEF3F70000-0x000007FEF3FD7000-memory.dmp

                        Filesize

                        412KB

                      • memory/2132-700-0x000007FEF3CB0000-0x000007FEF3CC7000-memory.dmp

                        Filesize

                        92KB

                      • memory/2132-686-0x000007FEF4010000-0x000007FEF4028000-memory.dmp

                        Filesize

                        96KB

                      • memory/2132-684-0x000007FEF4050000-0x000007FEF406B000-memory.dmp

                        Filesize

                        108KB

                      • memory/2132-702-0x000007FEF3B20000-0x000007FEF3B32000-memory.dmp

                        Filesize

                        72KB

                      • memory/2132-701-0x000007FEF3B40000-0x000007FEF3CB0000-memory.dmp

                        Filesize

                        1.4MB

                      • memory/2132-703-0x000007FEF3AD0000-0x000007FEF3B12000-memory.dmp

                        Filesize

                        264KB

                      • memory/2132-704-0x000007FEF3A80000-0x000007FEF3ACC000-memory.dmp

                        Filesize

                        304KB

                      • memory/2132-705-0x000007FEF3910000-0x000007FEF3A7B000-memory.dmp

                        Filesize

                        1.4MB

                      • memory/2132-706-0x000007FEF38B0000-0x000007FEF3907000-memory.dmp

                        Filesize

                        348KB

                      • memory/2132-707-0x000007FEF3660000-0x000007FEF38AB000-memory.dmp

                        Filesize

                        2.3MB

                      • memory/2132-709-0x000007FEF3640000-0x000007FEF3651000-memory.dmp

                        Filesize

                        68KB

                      • memory/2132-671-0x000007FEF6DF0000-0x000007FEF6E01000-memory.dmp

                        Filesize

                        68KB

                      • memory/2132-711-0x000007FEF35F0000-0x000007FEF3603000-memory.dmp

                        Filesize

                        76KB

                      • memory/2132-710-0x000007FEF3610000-0x000007FEF363F000-memory.dmp

                        Filesize

                        188KB

                      • memory/2132-708-0x000007FEEEF60000-0x000007FEF0710000-memory.dmp

                        Filesize

                        23.7MB

                      • memory/2132-716-0x000007FEF34A0000-0x000007FEF34B4000-memory.dmp

                        Filesize

                        80KB

                      • memory/2132-719-0x000007FEF3440000-0x000007FEF345E000-memory.dmp

                        Filesize

                        120KB

                      • memory/2132-720-0x000007FEF3420000-0x000007FEF3436000-memory.dmp

                        Filesize

                        88KB

                      • memory/2132-718-0x000007FEF3460000-0x000007FEF3474000-memory.dmp

                        Filesize

                        80KB

                      • memory/2132-717-0x000007FEF3480000-0x000007FEF3492000-memory.dmp

                        Filesize

                        72KB

                      • memory/2132-722-0x000007FEF33E0000-0x000007FEF33F4000-memory.dmp

                        Filesize

                        80KB

                      • memory/2132-723-0x000007FEF33B0000-0x000007FEF33DC000-memory.dmp

                        Filesize

                        176KB

                      • memory/2132-724-0x000007FEF3390000-0x000007FEF33A2000-memory.dmp

                        Filesize

                        72KB

                      • memory/2132-725-0x000007FEF3360000-0x000007FEF3390000-memory.dmp

                        Filesize

                        192KB

                      • memory/2132-728-0x000007FEF3300000-0x000007FEF3312000-memory.dmp

                        Filesize

                        72KB

                      • memory/2132-730-0x000007FEF32E0000-0x000007FEF32F6000-memory.dmp

                        Filesize

                        88KB

                      • memory/2132-729-0x000007FEF7BC0000-0x000007FEF7BD0000-memory.dmp

                        Filesize

                        64KB

                      • memory/2132-727-0x000007FEF3320000-0x000007FEF3331000-memory.dmp

                        Filesize

                        68KB

                      • memory/2132-726-0x000007FEF3340000-0x000007FEF3357000-memory.dmp

                        Filesize

                        92KB

                      • memory/2132-721-0x000007FEF3400000-0x000007FEF3415000-memory.dmp

                        Filesize

                        84KB

                      • memory/2132-731-0x000007FEF3260000-0x000007FEF32D5000-memory.dmp

                        Filesize

                        468KB

                      • memory/2132-715-0x000007FEF34C0000-0x000007FEF34D1000-memory.dmp

                        Filesize

                        68KB

                      • memory/2132-714-0x000007FEF34E0000-0x000007FEF34F2000-memory.dmp

                        Filesize

                        72KB

                      • memory/2132-732-0x000007FEF31F0000-0x000007FEF3252000-memory.dmp

                        Filesize

                        392KB

                      • memory/2132-734-0x000007FEF3160000-0x000007FEF3175000-memory.dmp

                        Filesize

                        84KB

                      • memory/2132-733-0x000007FEF3180000-0x000007FEF31ED000-memory.dmp

                        Filesize

                        436KB

                      • memory/2132-713-0x000007FEF3500000-0x000007FEF35C5000-memory.dmp

                        Filesize

                        788KB

                      • memory/2132-735-0x000007FEF2F40000-0x000007FEF315D000-memory.dmp

                        Filesize

                        2.1MB

                      • memory/2132-765-0x000007FEF2490000-0x000007FEF25AD000-memory.dmp

                        Filesize

                        1.1MB

                      • memory/2132-669-0x000007FEF7B60000-0x000007FEF7B78000-memory.dmp

                        Filesize

                        96KB

                      • memory/2132-668-0x000007FEF5600000-0x000007FEF58B4000-memory.dmp

                        Filesize

                        2.7MB

                      • memory/2132-790-0x000007FEF2490000-0x000007FEF25AD000-memory.dmp

                        Filesize

                        1.1MB

                      • memory/2132-667-0x000007FEF58C0000-0x000007FEF58F4000-memory.dmp

                        Filesize

                        208KB

                      • memory/2132-666-0x000000013FAE0000-0x000000013FBD8000-memory.dmp

                        Filesize

                        992KB