We are hiring! Windows Kernel Developer (Remote), apply here!
flash

https://download.techsmith.com/camtasiastudio/releases/camtasia.exe

Status: finished
Submission Time: 2022-11-24 19:13:52 +01:00
Suspicious
Evader

Comments

Tags

Details

  • Analysis ID:
    753409
  • API (Web) ID:
    1120692
  • Analysis Started:
    2022-11-24 19:13:53 +01:00
  • Analysis Finished:
    2022-11-24 19:29:56 +01:00
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

suspicious
30/100

IPs

IP Country Detection
8.8.8.8
United States
23.205.232.22
United States

URLs

Name Detection
https://www.techsmith.com
http://www.marksimonson.comrK
http://foo/windows/selectlanguagedialog.xaml
Click to see the 83 hidden entries
https://www.techsmith.com/redirect.asp?target=
https://support.techsmith.com/hc/en-us/articles/203732668-TechSmith-Return-Policy
https://policies.google.com/privacy?hl=ja
http://foo/bar/install%20states/finishedusercontrol.baml
http://foo/bar/install%20states/modifyusercontrol.baml
http://foo/install%20states/finishedusercontrol.xaml
http://foo/bar/install%20states/changeusercontrol.baml
http://foo/bar/images/marketinganimation/camtasia2.png
http://wixtoolset.org/releases/
http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
http://foo/install%20states/uninstallusercontrol.xaml
https://assets.techsmith.com/Docs/Camtasia-2021-Deployment-Tool-Guide.pdf
http://schemas.xmlsoap.org/soap/encoding/
http://foo/bar/windows/selectlanguagedialog.baml
http://foo/bar/images/marketinganimation/camtasia1.png
http://foo/install%20states/changeusercontrol.xaml
https://support.techsmith.comd=
http://foo/Images/MarketingAnimation/desktop2.png
https://security.google.com/settings/security/permissions
http://wixtoolset.org/
http://appsyndication.org/2006/appsyn
http://foo/Images/MarketingAnimation/desktop6.png
http://foo/Fonts/proximanova-semibold.otf
http://defaultcontainer/CamtasiaBootstrapperApplication;component/Images/MarketingAnimation/cursor.p
http://www.marksimonson.comCopyright
http://foo/bar/install%20states/errormessageusercontrol.baml
https://policies.google.com/privacy?hl=pt-BR
http://foo/bar/images/marketinganimation/desktop2.png
https://policies.google.com/privacy
http://wixtoolset.org/telemetry/v
http://foo/Fonts/proximanova-regular.otf
http://www.marksimonson.com
http://schemas.xmlsoap.org/wsdl/
http://foo/bar/fonts/proximanova-regular.otf
http://www.marksimonson.comrV
http://www.marksimonson.comcomd
http://foo/install%20states/modifyusercontrol.xaml
http://foo/bar/usercontrols/featuresusercontrol.baml
http://defaultcontainer/CamtasiaBootstrapperApplication;component/Fonts/proximanova-regular.otf
http://foo/Images/MarketingAnimation/share-menu.png
http://foo/install%20states/installusercontrol.xaml
https://policies.google.com/privacy?hl=de
http://wixtoolset.org/news/
http://foo/install%20states/optionsusercontrol.xaml
https://www.youtube.com/t/terms
https://support.techsmith.com/hc/ja/articles/203732668-TechSmith-Return-Policy
https://www.techsmith.com/redirect.asp?target=systemrequirements&product=camtasiastudio&ver=
http://defaultcontainer/CamtasiaBootstrapperApplication;component/ResourceDictionary.xaml
https://www.techsmith.com/redirect.asp?target=windowsninstall&product=camtasiastudio&ver=22.
http://foo/install%20states/errormessageusercontrol.xaml
http://foo/bar/images/marketinganimation/cursor.png
https://download.techsmith.com/camtasiastudio/releases/camtasia.exe6
https://www.techsmith.com/redirect.asp?target=systemrequirements&product=camtasiastudio&ver=22.3.0&l
http://foo/Images/MarketingAnimation/desktop3.png
https://support.techsmith.com/hc/de/articles/203732668
https://www.techsmith.com/redirect.asp?target=windowsninstall&product=camtasiastudio&ver=22.3.0&lang
http://www.marksimonson.comq
http://www.josbuivenga.demon.nl
http://foo/bar/images/marketinganimation/desktop3.png
https://www.techsmith.comd=
http://foo/install%20states/csisrunningusercontrol.xaml
http://foo/Images/MarketingAnimation/camtasia2.png
http://wixtoolset.org
http://www.marksimonson.comProxima
http://foo/install%20states/progressusercontrol.xaml
http://foo/usercontrols/featuresusercontrol.xaml
http://foo/bar/install%20states/uninstallusercontrol.baml
http://www.josbuivenga.demon.nlCopyright
http://foo/bar/install%20states/csisrunningusercontrol.baml
http://foo/bar/images/marketinganimation/share-menu.png
http://foo/bar/images/marketinganimation/desktop6.png
http://defaultcontainer/CamtasiaBootstrapperApplication;component/usercontrols/featuresusercontrol.x
https://download.techsmith.com/camtasiastudio/releases/camtasia.exe
http://www.josbuivenga.demon.nlMuseo
http://foo/Images/MarketingAnimation/cursor.png
http://defaultcontainer/CamtasiaBootstrapperApplication;component/windows/selectlanguagedialog.xaml
http://appsyndication.org/2006/appsynapplicationc:
http://foo/bar/install%20states/installusercontrol.baml
http://foo/bar/fonts/proximanova-semibold.otf
http://defaultcontainer/CamtasiaBootstrapperApplication;component/Fonts/proximanova-semibold.otf
http://foo/bar/install%20states/progressusercontrol.baml
http://wixtoolset.org/releases/SCreating
http://foo/bar/install%20states/optionsusercontrol.baml

Dropped files

Name File Type Hashes Detection
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonControls.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.fr-FR.wxl
XML 1.0 document, Unicode text, UTF-8 text, with very long lines (348), with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.ja-JP.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
Click to see the 52 hidden entries
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.pt-BR.wxl
XML 1.0 document, Unicode text, UTF-8 text, with very long lines (318), with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.zh-CN.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperApplicationData.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (573), with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.config
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\CamtasiaBootstrapperApplication.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\EditionConstants.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Deployment.WindowsInstaller.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Expression.Interactions.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\System.Windows.Interactivity.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\TechSmith.Win32.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.es-ES.wxl
XML 1.0 document, Unicode text, UTF-8 text, with very long lines (312), with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonViewModel.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\de-DE\CamtasiaBootstrapperApplication.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\es-ES\CamtasiaBootstrapperApplication.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\fr-FR\CamtasiaBootstrapperApplication.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\ja-JP\CamtasiaBootstrapperApplication.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbahost.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.png
PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.thm
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.wxl
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\pt-BR\CamtasiaBootstrapperApplication.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\zh-CN\CamtasiaBootstrapperApplication.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1044\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Users\user\Desktop\download\camtasia.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1028\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1029\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1030\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1031\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1032\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1035\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1036\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1038\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1040\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1041\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1042\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1043\mbapreq.wxl
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\cmdline.out
ASCII text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1045\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1046\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1049\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1051\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1053\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1055\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1060\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\2052\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\2070\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\3082\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.de-DE.wxl
XML 1.0 document, Unicode text, UTF-8 text, with very long lines (336), with CRLF line terminators
#
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.en-US.wxl
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (302), with CRLF line terminators
#