Overview
overview
7Static
static
3bandicam-1-6-en.exe
windows7-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$TEMP/BDMP...UP.exe
windows7-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$SYSDIR/bdmjpeg.dll
windows7-x64
1$SYSDIR/bdmjpeg64.dll
windows7-x64
1$SYSDIR/bdmpega.dll
windows7-x64
1$SYSDIR/bdmpega64.dll
windows7-x64
1$SYSDIR/bdmpegv.dll
windows7-x64
1$SYSDIR/bdmpegv64.dll
windows7-x64
1$TEMP/bdfilters.dll
windows7-x64
1bdfilters.dll
windows7-x64
1bdfilters64.dll
windows7-x64
7bdcam.dll
windows7-x64
1bdcam.exe
windows7-x64
1bdcam64.exe
windows7-x64
1bdcam64.dll
windows7-x64
1bdcamih.dll
windows7-x64
1bdcap32.dll
windows7-x64
1bdcap64.dll
windows7-x64
1bdfix.exe
windows7-x64
1Analysis
-
max time kernel
144s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240220-es -
resource tags
arch:x64arch:x86image:win7-20240220-eslocale:es-esos:windows7-x64systemwindows -
submitted
22/02/2024, 20:50
Static task
static1
Behavioral task
behavioral1
Sample
bandicam-1-6-en.exe
Resource
win7-20240220-es
Behavioral task
behavioral2
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-es
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240221-es
Behavioral task
behavioral4
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240215-es
Behavioral task
behavioral5
Sample
$TEMP/BDMPEG1SETUP.exe
Resource
win7-20240221-es
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-es
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-es
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240220-es
Behavioral task
behavioral9
Sample
$SYSDIR/bdmjpeg.dll
Resource
win7-20240221-es
Behavioral task
behavioral10
Sample
$SYSDIR/bdmjpeg64.dll
Resource
win7-20240221-es
Behavioral task
behavioral11
Sample
$SYSDIR/bdmpega.dll
Resource
win7-20240221-es
Behavioral task
behavioral12
Sample
$SYSDIR/bdmpega64.dll
Resource
win7-20240221-es
Behavioral task
behavioral13
Sample
$SYSDIR/bdmpegv.dll
Resource
win7-20240221-es
Behavioral task
behavioral14
Sample
$SYSDIR/bdmpegv64.dll
Resource
win7-20240220-es
Behavioral task
behavioral15
Sample
$TEMP/bdfilters.dll
Resource
win7-20240221-es
Behavioral task
behavioral16
Sample
bdfilters.dll
Resource
win7-20240221-es
Behavioral task
behavioral17
Sample
bdfilters64.dll
Resource
win7-20240215-es
Behavioral task
behavioral18
Sample
bdcam.dll
Resource
win7-20240221-es
Behavioral task
behavioral19
Sample
bdcam.exe
Resource
win7-20240221-es
Behavioral task
behavioral20
Sample
bdcam64.exe
Resource
win7-20240221-es
Behavioral task
behavioral21
Sample
bdcam64.dll
Resource
win7-20240221-es
Behavioral task
behavioral22
Sample
bdcamih.dll
Resource
win7-20240221-es
Behavioral task
behavioral23
Sample
bdcap32.dll
Resource
win7-20240221-es
Behavioral task
behavioral24
Sample
bdcap64.dll
Resource
win7-20240221-es
Behavioral task
behavioral25
Sample
bdfix.exe
Resource
win7-20240221-es
General
-
Target
bandicam-1-6-en.exe
-
Size
5.0MB
-
MD5
b3dda3747f13053c8d42651b898ae81b
-
SHA1
04c3878ff05f1dd2a190ff7824bcfe6e64be70e0
-
SHA256
e2bda9dd998cbfc495ad3c077b0340447ea325de375953fe7400b3044147730f
-
SHA512
917d197afea2fc2320ed37ffe14b6eb9ade60d4b3bbbd062184c07c92444b13ae27f2e1df63728d335461b6e7d8139d147906102c0e102abc4e954dcfd77b8b5
-
SSDEEP
98304:NPhahnEm71/Cs8awInQ9hBZ8XcoaRI5fRrZ8mO2zMQmhBhrqfDGi+4iVPcPx/:NPPmGawIBXcoaMRrZ8mz0Rrgii1jx/
Malware Config
Signatures
-
Executes dropped EXE 5 IoCs
pid Process 1764 BDMPEG1SETUP.EXE 1828 bdcam.exe 272 bdcam.exe 1980 bdcam64.bin 2328 bdcam.exe -
Loads dropped DLL 42 IoCs
pid Process 2808 bandicam-1-6-en.exe 2808 bandicam-1-6-en.exe 2808 bandicam-1-6-en.exe 2808 bandicam-1-6-en.exe 2808 bandicam-1-6-en.exe 1764 BDMPEG1SETUP.EXE 1764 BDMPEG1SETUP.EXE 1764 BDMPEG1SETUP.EXE 1764 BDMPEG1SETUP.EXE 1764 BDMPEG1SETUP.EXE 1764 BDMPEG1SETUP.EXE 816 regsvr32.exe 344 regsvr32.exe 1764 BDMPEG1SETUP.EXE 2808 bandicam-1-6-en.exe 1828 bdcam.exe 1828 bdcam.exe 1828 bdcam.exe 2808 bandicam-1-6-en.exe 2808 bandicam-1-6-en.exe 2808 bandicam-1-6-en.exe 2808 bandicam-1-6-en.exe 2808 bandicam-1-6-en.exe 2808 bandicam-1-6-en.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 1980 bdcam64.bin 1184 Process not Found 1952 Process not Found 844 Process not Found 2364 Process not Found 272 bdcam.exe 272 bdcam.exe 2484 explorer.exe 2916 Process not Found 1112 Process not Found 1112 Process not Found 1112 Process not Found 1112 Process not Found 2132 vlc.exe 1436 Process not Found -
Registers COM server for autorun 1 TTPs 12 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32 regsvr32.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 6 IoCs
description ioc Process File created C:\Windows\system32\bdmjpeg64.dll BDMPEG1SETUP.EXE File created C:\Windows\system32\bdmpegv64.dll BDMPEG1SETUP.EXE File created C:\Windows\system32\bdmpega64.acm BDMPEG1SETUP.EXE File created C:\Windows\SysWOW64\bdmjpeg.dll BDMPEG1SETUP.EXE File created C:\Windows\SysWOW64\bdmpegv.dll BDMPEG1SETUP.EXE File created C:\Windows\SysWOW64\bdmpega.acm BDMPEG1SETUP.EXE -
Drops file in Program Files directory 28 IoCs
description ioc Process File created C:\Program Files (x86)\Bandicam\skin\btn_black.png bandicam-1-6-en.exe File created C:\Program Files (x86)\BandiMPEG1\uninstall.exe BDMPEG1SETUP.EXE File created C:\Program Files (x86)\Bandicam\bdfix.exe bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\lang\Simplified_Chinese.ini bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\skin\btn_fullscreen.png bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\bdcam.exe bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\bdcamih.dll bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\skin\target.xml bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\bdcam64.bin bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\skin\btn_rec_start.png bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\skin\btn_rec_stop.png bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\sample.png bandicam-1-6-en.exe File created C:\Program Files (x86)\BandiMPEG1\bdfilters.dll BDMPEG1SETUP.EXE File created C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll BDMPEG1SETUP.EXE File created C:\Program Files (x86)\Bandicam\language.dat bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\uninstall.exe bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\bdcap32.dll bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\bandicam.ini bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\bdcam.dll bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\skin\btn_img_start.png bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\bdcap64.dll bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\bdcam64.dll bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\skin\btn_default.png bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\skin\btn_rec_paused.png bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\skin\btn_restore.png bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\lang\English.ini bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\skin\btn_img_stop.png bandicam-1-6-en.exe File created C:\Program Files (x86)\Bandicam\skin\btn_rec_pause.png bandicam-1-6-en.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 2 IoCs
resource yara_rule behavioral1/files/0x003500000001342e-95.dat nsis_installer_1 behavioral1/files/0x003500000001342e-95.dat nsis_installer_2 -
Modifies registry class 56 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32 BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll" BDMPEG1SETUP.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05} BDMPEG1SETUP.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\ = "Bandisoft MPEG-1 Audio Property" regsvr32.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FilterData = 02000000010080ff02000000000000003070693300000000000000000200000000000000000000003074793300000000700000008000000031747933000000007000000090000000317069330800000000000000010000000000000000000000307479330000000070000000a00000007669647300001000800000aa00389b714d50454700001000800000aa00389b714d50473100001000800000aa00389b7100000000000000000000000000000000 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\ = "Bandisoft MPEG-1 Video Decoder" BDMPEG1SETUP.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F} BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ThreadingModel = "Both" BDMPEG1SETUP.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FilterData = 02000000010080ff020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000aa00389b715000000000001000800000aa00389b710100000000001000800000aa00389b71 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32 BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll" BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll" BDMPEG1SETUP.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\ = "Bandisoft MPEG-1 Audio Decoder" BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ThreadingModel = "Both" BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FriendlyName = "Bandisoft MPEG-1 Audio Decoder" BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\CLSID = "{E2E7539A-CECF-4A6A-B187-939943ECEF05}" BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ThreadingModel = "Both" BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ThreadingModel = "Both" BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\CLSID = "{89C4B786-A490-4A3E-AA70-E6A8C61D3689}" BDMPEG1SETUP.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32 BDMPEG1SETUP.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05} BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32 BDMPEG1SETUP.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689} BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FriendlyName = "Bandisoft MPEG-1 Video Decoder" BDMPEG1SETUP.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FilterData = 02000000010080ff02000000000000003070693300000000000000000200000000000000000000003074793300000000700000008000000031747933000000007000000090000000317069330800000000000000010000000000000000000000307479330000000070000000a00000007669647300001000800000aa00389b714d50454700001000800000aa00389b714d50473100001000800000aa00389b7100000000000000000000000000000000 BDMPEG1SETUP.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FriendlyName = "Bandisoft MPEG-1 Video Decoder" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\ = "Bandisoft MPEG-1 Audio Property" BDMPEG1SETUP.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FilterData = 02000000010080ff020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000aa00389b715000000000001000800000aa00389b710100000000001000800000aa00389b71 BDMPEG1SETUP.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689} BDMPEG1SETUP.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188} BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\ = "Bandisoft MPEG-1 Video Property" BDMPEG1SETUP.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll" BDMPEG1SETUP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\ = "Bandisoft MPEG-1 Video Decoder" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\ = "Bandisoft MPEG-1 Video Property" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\ = "Bandisoft MPEG-1 Audio Decoder" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\CLSID = "{89C4B786-A490-4A3E-AA70-E6A8C61D3689}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FriendlyName = "Bandisoft MPEG-1 Audio Decoder" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\CLSID = "{E2E7539A-CECF-4A6A-B187-939943ECEF05}" regsvr32.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 bdcam.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e bdcam.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e bdcam.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2132 vlc.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 272 bdcam.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2132 vlc.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
description pid Process Token: SeRestorePrivilege 1764 BDMPEG1SETUP.EXE Token: SeBackupPrivilege 1764 BDMPEG1SETUP.EXE Token: SeRestorePrivilege 2808 bandicam-1-6-en.exe Token: SeBackupPrivilege 2808 bandicam-1-6-en.exe Token: 33 272 bdcam.exe Token: SeIncBasePriorityPrivilege 272 bdcam.exe Token: 33 2132 vlc.exe Token: SeIncBasePriorityPrivilege 2132 vlc.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe 272 bdcam.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 272 bdcam.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 272 bdcam.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe 2132 vlc.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 1828 bdcam.exe 272 bdcam.exe 272 bdcam.exe 1980 bdcam64.bin 1980 bdcam64.bin 1980 bdcam64.bin 1980 bdcam64.bin 272 bdcam.exe 272 bdcam.exe 2328 bdcam.exe 272 bdcam.exe 272 bdcam.exe 2132 vlc.exe -
Suspicious use of WriteProcessMemory 39 IoCs
description pid Process procid_target PID 2808 wrote to memory of 1764 2808 bandicam-1-6-en.exe 28 PID 2808 wrote to memory of 1764 2808 bandicam-1-6-en.exe 28 PID 2808 wrote to memory of 1764 2808 bandicam-1-6-en.exe 28 PID 2808 wrote to memory of 1764 2808 bandicam-1-6-en.exe 28 PID 2808 wrote to memory of 1764 2808 bandicam-1-6-en.exe 28 PID 2808 wrote to memory of 1764 2808 bandicam-1-6-en.exe 28 PID 2808 wrote to memory of 1764 2808 bandicam-1-6-en.exe 28 PID 1764 wrote to memory of 816 1764 BDMPEG1SETUP.EXE 29 PID 1764 wrote to memory of 816 1764 BDMPEG1SETUP.EXE 29 PID 1764 wrote to memory of 816 1764 BDMPEG1SETUP.EXE 29 PID 1764 wrote to memory of 816 1764 BDMPEG1SETUP.EXE 29 PID 1764 wrote to memory of 816 1764 BDMPEG1SETUP.EXE 29 PID 1764 wrote to memory of 816 1764 BDMPEG1SETUP.EXE 29 PID 1764 wrote to memory of 816 1764 BDMPEG1SETUP.EXE 29 PID 816 wrote to memory of 344 816 regsvr32.exe 30 PID 816 wrote to memory of 344 816 regsvr32.exe 30 PID 816 wrote to memory of 344 816 regsvr32.exe 30 PID 816 wrote to memory of 344 816 regsvr32.exe 30 PID 816 wrote to memory of 344 816 regsvr32.exe 30 PID 816 wrote to memory of 344 816 regsvr32.exe 30 PID 816 wrote to memory of 344 816 regsvr32.exe 30 PID 2808 wrote to memory of 1828 2808 bandicam-1-6-en.exe 31 PID 2808 wrote to memory of 1828 2808 bandicam-1-6-en.exe 31 PID 2808 wrote to memory of 1828 2808 bandicam-1-6-en.exe 31 PID 2808 wrote to memory of 1828 2808 bandicam-1-6-en.exe 31 PID 2808 wrote to memory of 1828 2808 bandicam-1-6-en.exe 31 PID 2808 wrote to memory of 1828 2808 bandicam-1-6-en.exe 31 PID 2808 wrote to memory of 1828 2808 bandicam-1-6-en.exe 31 PID 2808 wrote to memory of 272 2808 bandicam-1-6-en.exe 33 PID 2808 wrote to memory of 272 2808 bandicam-1-6-en.exe 33 PID 2808 wrote to memory of 272 2808 bandicam-1-6-en.exe 33 PID 2808 wrote to memory of 272 2808 bandicam-1-6-en.exe 33 PID 2808 wrote to memory of 272 2808 bandicam-1-6-en.exe 33 PID 2808 wrote to memory of 272 2808 bandicam-1-6-en.exe 33 PID 2808 wrote to memory of 272 2808 bandicam-1-6-en.exe 33 PID 272 wrote to memory of 1980 272 bdcam.exe 34 PID 272 wrote to memory of 1980 272 bdcam.exe 34 PID 272 wrote to memory of 1980 272 bdcam.exe 34 PID 272 wrote to memory of 1980 272 bdcam.exe 34
Processes
-
C:\Users\Admin\AppData\Local\Temp\bandicam-1-6-en.exe"C:\Users\Admin\AppData\Local\Temp\bandicam-1-6-en.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2808 -
C:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXEC:\Users\Admin\AppData\Local\Temp\BDMPEG1SETUP.EXE /S2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1764 -
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" /s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:816 -
C:\Windows\system32\regsvr32.exe/s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"4⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:344
-
-
-
-
C:\Program Files (x86)\Bandicam\bdcam.exe"C:\Program Files (x86)\Bandicam\bdcam.exe" /install2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1828
-
-
C:\Program Files (x86)\Bandicam\bdcam.exe"C:\Program Files (x86)\Bandicam\bdcam.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:272 -
C:\Program Files (x86)\Bandicam\bdcam64.bin"C:\Program Files (x86)\Bandicam\bdcam64.bin"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1980
-
-
-
C:\Program Files (x86)\Bandicam\bdcam.exe"C:\Program Files (x86)\Bandicam\bdcam.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
- Loads dropped DLL
PID:2484
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-51-58-407.avi"1⤵
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2132
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-51-58-407.avi"1⤵PID:948
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-51-58-407.avi"1⤵PID:2888
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-52-09-141.avi"1⤵PID:2764
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-52-09-141.avi"1⤵PID:2540
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-52-09-141.avi"1⤵PID:1900
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-52-09-141.avi"1⤵PID:2852
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Documents\Bandicam\bdcam 2024-02-22 20-52-09-141.avi"1⤵PID:3036
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.7MB
MD579dd4a67830c508079eccdd8c1332cc4
SHA1f8a4fba282d40b8c1a9bf7339cec1e3d947d321d
SHA25687c92d2e700f9a3bc62630be3a92e2df01d8d497afcf30d466d65f926a65f230
SHA5122605d00cb14957384e1016a1f0e587e8c38a303814374ffeaf74504b8cd92d432c875b72d44b7a8565fa9c209d3d899560c4d47f7bf568a141b7100bd2525545
-
Filesize
433KB
MD565e41d4d1b4026f613327bc8afa459ea
SHA1bbb158ecfc93d345e3c64cd9ea7b5f1f0e875f20
SHA2562ea45b8f233b61fc60058368eac9cec9f4f46f8cebc1f5ca4799a84a82e3e838
SHA512aeb1177843aba73e7dc0f4672ee51c99d193aade7f88bab89adca12b2833f4420c01cb13424cda2061912df3afca4a1571e9090d44c9ec6ee5460156af558cdd
-
Filesize
527KB
MD56735e157c2dd2f016544d263e8eb5165
SHA1b7e6d8cb10f99b216c87b08660e3cd6a674220f1
SHA256d78eeab3e08f311f276364c2c0327cf3992b15014b2bb9abcbbf683faa51e2a4
SHA512b7035578e97fdbb42e75348974f901871faeea7a9f6a864489b37952fa4967b714db810bd1f86dbe266028675894c1ad427b499accea339bd1f5514e825ad90a
-
Filesize
7.3MB
MD5dbd6094a7248f7a4bd755adc55f095da
SHA1cee1d24d3d5ccee5523599eee6d7dd2bdbc98d95
SHA2566939ff90e3e7f582b566fdf752e97ec4a345b5f90e6c957fafc73b493c997659
SHA512ee19b29ae0050a2ffd1921d81b1e0b5411d19601cc06acf7d17e4eee27c007fe7fe69d12fe9adc9eff04a8e90caffdef37ac835b4d13abc3b745e4f0ce7eefb7
-
Filesize
8.1MB
MD5f4421e989622a0c2e4c0bd77a179c854
SHA1cee242a535f59d8ca8f470116518d4c80ba9afad
SHA256e0e958b9e002028900e48236041fe9a515e64d65d452fb541ae18fc93a482254
SHA512cb8a85b3ed4e88ec565bbc33829992922ffc52fa9a71f9c91d6d10d212ef3da215f360c9483bee8cc620d9777b63b06904064db1440a0e75b91e12b60d68b110
-
Filesize
22KB
MD5e85add0df008c9d0c8558d5f3025226b
SHA194b411c91a05a98764a8201999bb9a6e9df435b7
SHA256b4a147b0b33c794965773431dd9ecb04bb124ebe0787f7ab35e4c1ed6f931af2
SHA51235298e335984a74a888287203f7089a72c92d47cabe0fcf39098b76bc77617dc80b99534d13eed80f1c8bf99b084d09f0d3d36b9032433b71fddc602bfc00476
-
Filesize
14KB
MD5f7f4b925ca5d5a0caad2d3aebdf076c0
SHA1fd3bf0ff4e2575ec6f3be0d248189139537fe676
SHA2562ef96c05560a59dcd27dd11b8de0e3f6840618e4887ba78dcd3903128d731783
SHA512a7942b5351c5f4370db496cb114310a541e97f3789231f0cc550e0c8b0aebc76f5be7ac429683a61180f2473ae03a85c00800d3749cd993531e6d8bc4c39fb0e
-
Filesize
2KB
MD5f56be1f9a60af16d43dc4e9f0e509c26
SHA132b29025eacf69da76c4bd2c094afeee9155e1b0
SHA256305e4491539d98b8553ec50e3ef5a117b4aeb4a69f783dfe726ea00a5079768b
SHA5122f5226c687d63e78e7f974e65a76164294690ac35b1ff493fa7dcbe600151e778e8a8da92c4e98d06ad9d7923716910f3129cac2535da9703b735f2e0c2a40c1
-
Filesize
2KB
MD59357ab0462e77810c4a25d78c5ce9755
SHA12d2df27fe96f1455dbc8cd6ae648b9e7ee5ae5ec
SHA256f3b09cc3d4ce6c19e55e5533d5901b2530bfe97cf738d43ecb30be25c241dd44
SHA512c27728570f5615ccaec397b41fbfb8d54939294f97be84485bcf464202a05ed00a0e0f8b41ca3d5620722d17893707b3e8b4458bb87a5215284393ff5d6a9119
-
Filesize
2KB
MD5be10a75439d9ecc7dabcf025d0af43f9
SHA15c736b01aaa77c3e58bf3373e92bf31e1f8b44dd
SHA2563560b58def1255d7bf545cac5140a9015b8d1f22a7cefd5cf46fa4919a5fb8a9
SHA5123917da9c3afe5045719daf5d3b187d5e82ba4486392dc8d80641f9b0fa7986bab96a3227d8f4af8cc4ed49785145b90ce44cd7dbdeac54cb7502cd2f8df61bb5
-
Filesize
2KB
MD53b3b6959d370c94b7c204b20c4ab5e78
SHA11a13e189cee8fc1202813c9c96b43b54ba3db692
SHA2567f9350648c84d8b1957d246ded796b244d084cabfa97e171f286c45041ef53a4
SHA512e64ee2e46f4a66ab8c36a7cd9e224e7d381aad5c1339d18c5679ac7893c6a04b53f1f10f0a97666dd8cf8294be89c07140dbcd945666e13705d82cfc4e412ae7
-
Filesize
2KB
MD520477bad4983be7372dc80cac88bac2a
SHA1565c00ba58660545b4ba784fa822bf201c41c8fa
SHA25679081a7e2c77e47b81641091e9f72f852795b788367f8a4726649403a1b62b40
SHA5126ba3112a7144e359f9a4bd9857de7077f4364461872e70f2054304aa402533d78066ec9d39273f2a68a68cf082ef2ac2fef9e043d4bc2a55e11d11b0aa7692eb
-
Filesize
224B
MD5f1c6f50b22f7bea4ed38f45ff528225f
SHA19b39a3aeacbc30b67a8214fd4ed88a8b8cfd4fae
SHA256ecf474c46cff1c2798ba7ba982741d09dc626f84463806400ed8404e50391fa8
SHA5129d97d4af2f854df325e79e6f173fafabbf6b57cefb14f928fe54231f9c23fa7583c15b6d4def1ca896d26a8df20d7c9c1799175d6da3cd62732af63e050dc4fc
-
Filesize
3KB
MD5dacfdfadd1a6c653315fb75dbb2d551d
SHA15d11b7562fccbe493956260fb608554f0ee45c51
SHA256998667978fb8a537daab043f3241a8f66ef13918e9d423b3844a275878737510
SHA512c39dba12fb99b588ebc3b5717a3442f7d9fcd8f2e31df3659ad774341b8d5a94dc9a92ea1fbe01af5dbe348a2fd5c7e9343144f28515d6b58b2d89877c6bba81
-
Filesize
2KB
MD5d221ec5e349525dab88addb140f4d30c
SHA1fbb545954a0bcb0df2095618a4b2857296a46e6b
SHA25604675081ca3c58fb681e93e88eb3161d60ad227906dc6cd84cf8b3c3bacea36f
SHA512decd2e5d00fafc6feda7949ac2e001e0c3a263d09f6e3cdbce401567a99ab85f884e84bfe57a87ba29b01f55b45135473a6136065e90664e4adf7c6784461910
-
Filesize
2KB
MD529f2fdb760b7c32223a6f34a5abd68f8
SHA1b7032f967240811359e43b7774eb6ce4b1339fcd
SHA25698b8a57cea1367ff842442ff279f7a6625a885f02f2e4f3872d56748c0d9d58e
SHA512957f1cfdb11713ec646d2be16e73c380d7240320b61c15e7a90e34d0b5edc3b6d9c7048cf143e0ff49629a28749735b984f76111060632bfca3f476685ad5d05
-
Filesize
2KB
MD5f2285f41b171567438ddde7e9158c26a
SHA1cdfd44936bda119763bde9f24ac6607bc58b5d26
SHA2565a521902edefc55ce042befb427e8c8d8cb069889af714c51403b5251350f9a5
SHA51223a38cd1ccc946ce9b50111e4cca2d537f19b699ae1765ebc690dda770406ebc4ab8e786f2d422c0d3f8047b22a1bebc0ba2c8402227e2eb679c0f1e55e04e93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54073b984b589a06bed959178bd93098a
SHA15e1c458e7ea3148860f92bf7de074ddd5a88a278
SHA2566663ce51ff0a05bf288ad0438bac088edf0178d556e5f6f0932fdbed9ef14883
SHA512d83ead8afe9e5abe6ae68f95d7811556412e62e195b0a3e55ee592d1df0cca82440d970d1949e2dd2b3a5f2060c24a05a91f987ba3ceffc30ead4308d29e4c42
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55515c85a5c2707c44e10585fd48699bd
SHA175c04707623359a730a5e4792289cdd30312915b
SHA256c7086b9ee9a2b35e1bd0e3ee3881a8b3f2650fa39d7fec53b398c82a47252ebf
SHA5123aa8b824aa0425a765c45a439ddfc731847f1b1b0277968f424d77e39933994a0ff83bd3911b98556806ee065624272d390dc8265a866b5f2def1ab0f6437583
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
1KB
MD5d37776c31a8b93d2265ac0034845367d
SHA184499d98ee6474d901fd19de5d9a8632856f5ee6
SHA256fc70bdaa453ef99c83577f7510f700d7c53d1a5229aacfb590d6aa3dc7705800
SHA512effc1c7c0c60b3b6ef0c5c0dfdc01e6ec1136a9c2967d6f0af757f50bea1a3004ff086dfeca50d7f75423e69f0b665725e1e5854e4d357911655945a1309d759
-
Filesize
1KB
MD57fe7cf7235beb5f6a68871062c168d2b
SHA127518a1a4fc6004393c66eade8780e6baa293973
SHA256fdd43e9492775de2a4a5e74980f6ba39131df3f3005ef95bbcc49b9fc1ee1f5e
SHA512768b907dc8af11d2a645a32647c15a99256ee5cfc471f2eed88db6914e8ba904ba83c9a5ca8f29d7fa7b562de340078802c027719ed193ad83ee2adf2eeec432
-
Filesize
110B
MD59cdbedcfbe18e2c032e46d1a315d1c87
SHA1c712944782a512d63fee5357d2e623a3ad546622
SHA256007e21a3591c6553c5c0f6ff39949bdf7aa1b2e18f4c61295c2b32a67ca60346
SHA512aba9442c4920688c2d5336160e1fe12fc1647438358c8ab86aa3911fa31b2a0f681426910648c0c946da2992f70c9755ed6363932e1c5f4eea0ebaba78f8d83a
-
Filesize
109B
MD55edb9e8849bb9e705f1ebab12b7baa65
SHA1b7fbd4407e0c5b254f72b39b4ab0c672cbadd527
SHA2563b396c2f48ea2a007f7413d43a9dc7be796138443cd2f8bc4d7d52e5ff6fa80d
SHA512e3389c9e07fe2de0e684410c6c70870d86c274b79e24dad4cb7597226729bb59973749ff6610c27591612d9ff64f57b1379b3e7c657052e882104b43a2461f59
-
Filesize
193B
MD565ed24a11c9f5b04ac0ce86b4c6e101d
SHA1a0ee450e1b01414de6babe3c0a479a15ae564bb3
SHA2567231e2456a770ce90f06192829a102424c7fdafd6855e3a35f58e5513add1ff4
SHA5121bdd36f1a2cd2b989c5a59e44b464dca6b1abf9b6e694c80572e5544e5351a7a3f9f09d7bf0c7cca4a3e20800bdd8265f2a1c8b57b6f2b2513049f7550bb5e00
-
Filesize
18B
MD57f293cac32fc16482a32c6278049f5f6
SHA1589c983bf2717315a7b2ea56b7d53c5719a4e040
SHA256dfd31a6c22504ee227680dff1eb84484603120ac49bc626406022c613897e1fb
SHA51215a6a10b8cea3d435612bd8518b700f202c52a86ce2898baa98c1eca1819aa048c4a1d374053226e78bdd1bf59ed059f0c9d07f850bfe4a79e77fabfe93a7fec
-
Filesize
975KB
MD5907a27105e6792d926220de1d69f9a90
SHA1d512f68501ace290604e4ab6f45bfd4361045301
SHA256c6700c69f3430da3fe9548d116e18b312ede6746eedf24dfd20aa42b6f70e249
SHA512779d5a0f41ded1cc3b6ab9d8c04d7ce4c2f5bf4207aa56ebf1ae530ac828fd6d953c9d623e815fdaddfba00c7a9da7678cfdaebe3e23e9e8d4538cae7c276a1b
-
Filesize
343KB
MD52fc6fd53536961b070df7ba5caebf10b
SHA1224a957cbcc956d2243691a2fca06b233e01b5e4
SHA25658f7639fc9cfdb8266e48b743cd574c0a371e4286d75f50f8338305824f3dc84
SHA5126e5cde246eb8a6e86fac139fdbd9d8f58a7d000d60027cf214149bf1544324a0ba56fd822ba0c5a652b095c046d0582f4a71429e20877a8f0325fbb3d05edf62
-
Filesize
440KB
MD5eeed3bd6972c1be2ed04886688db3e60
SHA13cb808d109349d5e6612012746a66e259880d0ce
SHA25695e172c0359f8471d4f538053fe48a54a33cb7f5e64355692ed41e04d21cdeaa
SHA512c6e1c147ea7e4e3e6fe3e8225342e3a392841eca1a1262e128c1502e75111c6124b7811f8c66aca046bdd8354cb47c536948668ef7b4aee2d2fc21bb52a86bd5
-
Filesize
50KB
MD540c88c648a1be28d1492a61aef691b89
SHA150c001c2cf5b45e10f000ccdaff1b8e830aec41f
SHA2560f23050433a14ef76b155a35b6bfda26b3c0b2ca58f5668455bad884de7ad7ce
SHA512fd009303d4c684186ce3d5ae4e34c9507137e6cafaedf5c46797c0265d4225bb715b6cfbef5229bb8774f299ef3ac0c78b67451e59258190f17cee7fa6cb8aaa
-
Filesize
1.2MB
MD50589ff5a72fe0c792e804734792694f9
SHA1e27158e3e714625f2adcc27afd83b182e83b037b
SHA2562705379fddf8dd2841cfd384f48fda20d7012d1524ddc529efcd0631f68db70f
SHA512ea385c072de2d01a6e5b46dfcb7b7c12011d6138e837fab8fc147bbd0869e251452e645239a4b88cb675e525eb4abff76386d16ec4cb21ffeac6c5e5cdbea7a3
-
Filesize
3.1MB
MD5ce7771d46984248bdda017f5c6f608f7
SHA11dc0f86c9b4752463b59d5070f59f99f63cc5ee5
SHA256a8e95fede4a8df0bb8881d19f2d81fd87f37118c8e93004e0857cebb996f44a3
SHA512b1e267f91c05544b4a02e57601e021934ba884eebfc51277cefa917383a1c1ec85ddeb3b5f927885967e46a0cb97adceae81443a6423fbbc2a598e717d279fb3
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
15KB
MD56e663f1a0de94bc05d64d020da5d6f36
SHA1c5abb0033776d6ab1f07e5b3568f7d64f90e5b04
SHA256458b70e1745dc6e768d2338ccf3e6e86436488954ca3763472d8ffec4e7177e4
SHA5122a037c39f3a08d4a80494227990f36c4fef2f73c4a6ad74dcc334317a1372234c25d08d8b80d79e126881a49fa4b3f2fffe3604c959d9ceceb47acc7192cc6a5
-
Filesize
5KB
MD58e806ea2e205dc508a2fb5adda3419db
SHA121beab4e309b139fdcca7dd708df8dbbfd2dd5a3
SHA25686a55734b8802051bbbd0e8c9c506d0ca985bc5c99113e99b309469046133937
SHA5126b362bdadd6801ceb6106485015a4ae6d227dc04c1397a730ac8fd44b00649876ee7cbd0d7690b41dcaa8451c94e9f5838daa9fbc21f7306740de89667468cc1
-
Filesize
4KB
MD5351b802508ee5462cbf7f35454a9dca6
SHA17b9a1bc758e10af02124143680f636853b421da1
SHA25639275ee1767aac3ae0929a3e67a84a921610b45d5cfff3db1641893504d5c78d
SHA5126b0a4a500597fefaceb5eab79737d4f8dd253bb6bf8c263699314deda417763857b4407457d877b28f7a9c1f40a241d378ccae80c68541ff3f102eac8a6ff8d2
-
Filesize
61KB
MD515f294a30095669856f7ba556af0b679
SHA1991dd83adf483624c7e34b1ff02e6d3855a51282
SHA25664c8b2367272b8947163b359fca4353412b84e56540b1971bac3a867a1da3c9d
SHA512f56ce8a68017b7ed27df82000bc4b083c52b4e3bed4b641d79b6cc685fb3568ad0e7d1223d8a9c417d263ae0782a76ff0f263ab87b75d98cf19a70b8b04a595a