Windows Analysis Report
https://download.techsmith.com/camtasiastudio/releases/camtasia.exe

Overview

General Information

Sample URL: https://download.techsmith.com/camtasiastudio/releases/camtasia.exe
Analysis ID: 753409
Infos:

Detection

Score: 30
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

.NET source code references suspicious native API functions
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Found dropped PE file which has not been started or loaded
Uses the system / local time for branch decision (may execute only at specific dates)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Abnormal high CPU Usage
Is looking for software installed on the system
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011A9F8F DecryptFileW, 5_2_011A9F8F
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008D9F8F DecryptFileW, 6_2_008D9F8F
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008FF340 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError, 6_2_008FF340
Source: Binary string: d:\BuildAgent2\work\332abf23d6adde7e\WPFCommonControls\obj\Release\WPFCommonControls.pdbx source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.dr
Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: camtasia.exe, 00000006.00000002.758526854.0000000005E72000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: d:\BuildAgent2\work\332abf23d6adde7e\WPFCommonControls\obj\Release\WPFCommonControls.pdb source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.dr
Source: Binary string: d:\BuildAgent\work\e5c4efd8f9fde200\WPFCommonViewModel\obj\Release\WPFCommonViewModel.pdb source: camtasia.exe, 00000006.00000002.756599449.0000000005852000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: E:\DTLTMP160133615\work\b8074b7c5534a0bd\EditionConstants\obj\Release\EditionConstants.pdb source: camtasia.exe, 00000006.00000002.756548919.00000000057D2000.00000002.00000001.01000000.0000000B.sdmp, EditionConstants.dll.6.dr
Source: Binary string: d:\BuildAgent\work\e5c4efd8f9fde200\WPFCommonViewModel\obj\Release\WPFCommonViewModel.pdbd5~5 p5_CorDllMainmscoree.dll source: camtasia.exe, 00000006.00000002.756599449.0000000005852000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\mbahost.pdb source: camtasia.exe, 00000006.00000002.764310520.000000006FF34000.00000002.00000001.01000000.00000006.sdmp, mbahost.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: Microsoft.Deployment.WindowsInstaller.dll.6.dr
Source: Binary string: E:\DTLTMP160133615\work\b8074b7c5534a0bd\setup\WIX\CamtasiaBootstrapperApplication\obj\Release\CamtasiaBootstrapperApplication.pdb source: camtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\burn.pdb source: camtasia.exe, 00000005.00000000.489737589.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000006.00000000.490838479.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe, 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\core\BootstrapperCore.pdb source: camtasia.exe, camtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: Microsoft.Deployment.WindowsInstaller.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\WixStdBA.pdb source: mbapreq.dll.6.dr
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_01193D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 5_2_01193D4E
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011D3C72 FindFirstFileW,FindClose, 5_2_011D3C72
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_00903C72 FindFirstFileW,FindClose, 6_2_00903C72
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008C3D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 6_2_008C3D4E
Source: CamtasiaBootstrapperApplication.resources.dll0.6.dr String found in binary or memory: \pard\widctlpar\sa160\sl252\slmult1\cf0\b0\fs22 Das Teilen von Inhalten auf YouTube unterliegt den Nutzungsbedingungen von YouTube {{\field{\*\fldinst{HYPERLINK https://www.youtube.com/t/terms }}{\fldrslt{https://www.youtube.com/t/terms\ul0\cf0}}}}\f0\fs22 . Weitere Informationen zum Datenschutz auf YouTube finden Sie unter {{\field{\*\fldinst{HYPERLINK https://policies.google.com/privacy?hl=de }}{\fldrslt{https://policies.google.com/privacy?hl=de\ul0\cf0}}}}\f0\fs22 und Ihre Sicherheitseinstellungen finden Sie unter {{\field{\*\fldinst{HYPERLINK https://security.google.com/settings/security/permissions }}{\fldrslt{https://security.google.com/settings/security/permissions\ul0\cf0}}}}\f0\fs22 \par equals www.youtube.com (Youtube)
Source: CamtasiaBootstrapperApplication.resources.dll4.6.dr String found in binary or memory: \pard\widctlpar\sa160\sl252\slmult1\cf0\b0\fs22 O compartilhamento de conte\'fado no YouTube est\'e1 sujeito aos Termos de Servi\'e7os do YouTube {{\field{\*\fldinst{HYPERLINK https://www.youtube.com/t/terms }}{\fldrslt{https://www.youtube.com/t/terms\ul0\cf0}}}}\f0\fs22 . Voc\'ea pode saber mais sobre a pol\'edtica de privacidade do YouTube acessando {{\field{\*\fldinst{HYPERLINK https://policies.google.com/privacy?hl=pt-BR }}{\fldrslt{https://policies.google.com/privacy?hl=pt-BR\ul0\cf0}}}}\f0\fs22 e pode revisar as suas configura\'e7\'f5es de seguran\'e7a em {{\field{\*\fldinst{HYPERLINK https://security.google.com/settings/security/permissions }}{\fldrslt{https://security.google.com/settings/security/permissions\ul0\cf0}}}}\f0\fs22 \par equals www.youtube.com (Youtube)
Source: camtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: \pard\widctlpar\sa160\sl252\slmult1\cf0\b0\fs22 Sharing Content to YouTube is subject to the YouTube Terms Of Services {{\field{\*\fldinst{HYPERLINK https://www.youtube.com/t/terms }}{\fldrslt{https://www.youtube.com/t/terms\ul0\cf0}}}}\f0\fs22 . You can learn more about YouTube\rquote s privacy policy by visiting {{\field{\*\fldinst{HYPERLINK https://policies.google.com/privacy }}{\fldrslt{https://policies.google.com/privacy\ul0\cf0}}}}\f0\fs22 and you can review your security settings by visiting {{\field{\*\fldinst{HYPERLINK https://security.google.com/settings/security/permissions }}{\fldrslt{https://security.google.com/settings/security/permissions\ul0\cf0}}}}\f0\fs22 \par equals www.youtube.com (Youtube)
Source: CamtasiaBootstrapperApplication.resources.dll.6.dr String found in binary or memory: \pard\widctlpar\sa160\sl252\slmult1\cf0\b0\fs22 YouTube \f2\'82\'c5\'82\'cc\'83\'52\'83\'93\'83\'65\'83\'93\'83\'63\'82\'cc\'8b\'a4\'97\'4c\'82\'c9\'82\'cd\'81\'41\f0 YouTube \f2\'82\'cc\'97\'98\'97\'70\'8b\'4b\'96\'f1\f0 ({{\field{\*\fldinst{HYPERLINK https://www.youtube.com/t/terms }}{\fldrslt{https://www.youtube.com/t/terms\ul0\cf0}}}}\f0\fs22 ) \f2\'82\'aa\'93\'4b\'97\'70\'82\'b3\'82\'ea\'82\'dc\'82\'b7\'81\'42\f0 YouTube \f2\'82\'cc\'83\'76\'83\'89\'83\'43\'83\'6f\'83\'56\'81\'5b\f0 \f2\'83\'7c\'83\'8a\'83\'56\'81\'5b\'82\'cc\'8f\'da\'8d\'d7\'82\'c9\'82\'c2\'82\'a2\'82\'c4\'82\'cd\'81\'41{\f0{\field{\*\fldinst{HYPERLINK https://policies.google.com/privacy?hl=ja }}{\fldrslt{https://policies.google.com/privacy?hl=ja\ul0\cf0}}}}\f0\fs22 \f2\'82\'f0\'8e\'51\'8f\'c6\'82\'b5\'82\'c4\'82\'ad\'82\'be\'82\'b3\'82\'a2\'81\'42\'83\'86\'81\'5b\'83\'55\'81\'5b\'82\'cc\'83\'5a\'83\'4c\'83\'85\'83\'8a\'83\'65\'83\'42\'90\'dd\'92\'e8\'82\'cd\'81\'41{\f0{\field{\*\fldinst{HYPERLINK https://security.google.com/settings/security/permissions }}{\fldrslt{https://security.google.com/settings/security/permissions\ul0\cf0}}}}\f0\fs22 \f2\'82\'c5\'8a\'6d\'94\'46\'82\'c5\'82\'ab\'82\'dc\'82\'b7\'81\'42\f0 \par equals www.youtube.com (Youtube)
Source: camtasia.exe String found in binary or memory: http://appsyndication.org/2006/appsyn
Source: camtasia.exe, 00000005.00000000.489737589.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000006.00000000.490838479.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe, 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://appsyndication.org/2006/appsynapplicationc:
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: wget.exe, 00000002.00000002.477700107.0000000000B7C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477438169.0000000000B7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000002.477700107.0000000000B7C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477857273.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477438169.0000000000B7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000002.00000002.477700107.0000000000B7C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477438169.0000000000B7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crlm
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754926608.0000000003608000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/Fonts/proximanova-regular.otf
Source: camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/Fonts/proximanova-semibold.otf
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/Images/MarketingAnimation/cursor.p
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/ResourceDictionary.xaml
Source: camtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/usercontrols/featuresusercontrol.x
Source: camtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/windows/selectlanguagedialog.xaml
Source: camtasia.exe, 00000006.00000002.754926608.0000000003608000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Fonts/proximanova-regular.otf
Source: camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Fonts/proximanova-semibold.otf
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Images/MarketingAnimation/camtasia2.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Images/MarketingAnimation/cursor.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Images/MarketingAnimation/desktop2.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Images/MarketingAnimation/desktop3.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Images/MarketingAnimation/desktop6.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Images/MarketingAnimation/share-menu.png
Source: camtasia.exe, 00000006.00000002.754926608.0000000003608000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/fonts/proximanova-regular.otf
Source: camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/fonts/proximanova-semibold.otf
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/images/marketinganimation/camtasia1.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/images/marketinganimation/camtasia2.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/images/marketinganimation/cursor.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/images/marketinganimation/desktop2.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/images/marketinganimation/desktop3.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/images/marketinganimation/desktop6.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/images/marketinganimation/share-menu.png
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/install%20states/changeusercontrol.baml
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/install%20states/csisrunningusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/install%20states/errormessageusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/install%20states/finishedusercontrol.baml
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/install%20states/installusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/install%20states/modifyusercontrol.baml
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/install%20states/optionsusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/install%20states/progressusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/install%20states/uninstallusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/usercontrols/featuresusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/windows/selectlanguagedialog.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/install%20states/changeusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/install%20states/csisrunningusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/install%20states/errormessageusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/install%20states/finishedusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/install%20states/installusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/install%20states/modifyusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/install%20states/optionsusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/install%20states/progressusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/install%20states/uninstallusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/usercontrols/featuresusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/windows/selectlanguagedialog.xaml
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://ocsp.digicert.com0H
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://ocsp.digicert.com0I
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://ocsp.digicert.com0K
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://ocsp.digicert.com0O
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: http://wixtoolset.org
Source: camtasia.exe String found in binary or memory: http://wixtoolset.org/
Source: camtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr String found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: camtasia.exe, camtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr String found in binary or memory: http://wixtoolset.org/news/
Source: camtasia.exe, Microsoft.Deployment.WindowsInstaller.dll.6.dr String found in binary or memory: http://wixtoolset.org/releases/
Source: camtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.6.dr String found in binary or memory: http://wixtoolset.org/releases/SCreating
Source: camtasia.exe String found in binary or memory: http://wixtoolset.org/telemetry/v
Source: camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.dr String found in binary or memory: http://www.josbuivenga.demon.nl
Source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.dr String found in binary or memory: http://www.josbuivenga.demon.nlCopyright
Source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.dr String found in binary or memory: http://www.josbuivenga.demon.nlMuseo
Source: camtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.761967978.0000000009592000.00000004.00000800.00020000.00000000.sdmp, WPFCommonControls.dll.6.dr String found in binary or memory: http://www.marksimonson.com
Source: camtasia.exe, 00000006.00000002.756685478.0000000005882000.00000002.00000001.01000000.0000000A.sdmp, camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, WPFCommonControls.dll.6.dr String found in binary or memory: http://www.marksimonson.comCopyright
Source: WPFCommonControls.dll.6.dr String found in binary or memory: http://www.marksimonson.comProxima
Source: camtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.marksimonson.comcomd
Source: camtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.marksimonson.comq
Source: camtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.marksimonson.comrK
Source: camtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.marksimonson.comrV
Source: CamtasiaBootstrapperApplication.resources.dll4.6.dr String found in binary or memory: https://assets.techsmith.com/Docs/Camtasia-2021-Deployment-Tool-Guide.pdf
Source: wget.exe, 00000002.00000002.477846105.0000000000CE0000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.dr String found in binary or memory: https://download.techsmith.com/camtasiastudio/releases/camtasia.exe
Source: wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://download.techsmith.com/camtasiastudio/releases/camtasia.exe6
Source: camtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: https://policies.google.com/privacy
Source: CamtasiaBootstrapperApplication.resources.dll0.6.dr String found in binary or memory: https://policies.google.com/privacy?hl=de
Source: CamtasiaBootstrapperApplication.resources.dll.6.dr String found in binary or memory: https://policies.google.com/privacy?hl=ja
Source: CamtasiaBootstrapperApplication.resources.dll4.6.dr String found in binary or memory: https://policies.google.com/privacy?hl=pt-BR
Source: CamtasiaBootstrapperApplication.resources.dll4.6.dr String found in binary or memory: https://security.google.com/settings/security/permissions
Source: CamtasiaBootstrapperApplication.resources.dll0.6.dr String found in binary or memory: https://support.techsmith.com/hc/de/articles/203732668
Source: camtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmp, CamtasiaBootstrapperApplication.resources.dll4.6.dr String found in binary or memory: https://support.techsmith.com/hc/en-us/articles/203732668-TechSmith-Return-Policy
Source: CamtasiaBootstrapperApplication.resources.dll.6.dr String found in binary or memory: https://support.techsmith.com/hc/ja/articles/203732668-TechSmith-Return-Policy
Source: camtasia.exe, 00000005.00000002.750699046.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.752029151.0000000002CA0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.techsmith.comd=
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr String found in binary or memory: https://www.techsmith.com
Source: camtasia.exe, 00000006.00000002.756685478.0000000005882000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.techsmith.com/redirect.asp?target=
Source: camtasia.exe, 00000006.00000002.751317529.0000000000C30000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.techsmith.com/redirect.asp?target=systemrequirements&product=camtasiastudio&ver=
Source: camtasia.exe, 00000005.00000002.750699046.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.752029151.0000000002CA0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.techsmith.com/redirect.asp?target=systemrequirements&product=camtasiastudio&ver=22.3.0&l
Source: camtasia.exe, 00000006.00000002.751317529.0000000000C30000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.techsmith.com/redirect.asp?target=windowsninstall&product=camtasiastudio&ver=22.
Source: camtasia.exe, 00000005.00000002.750699046.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.752029151.0000000002CA0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.techsmith.com/redirect.asp?target=windowsninstall&product=camtasiastudio&ver=22.3.0&lang
Source: camtasia.exe, 00000005.00000002.750699046.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.752029151.0000000002CA0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.techsmith.comd=
Source: CamtasiaBootstrapperApplication.resources.dll4.6.dr String found in binary or memory: https://www.youtube.com/t/terms
Source: C:\Windows\SysWOW64\wget.exe Code function: 2_2_00CF7426 2_2_00CF7426
Source: C:\Windows\SysWOW64\wget.exe Code function: 2_2_00D00820 2_2_00D00820
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011BC01F 5_2_011BC01F
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011BF8C3 5_2_011BF8C3
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011CA28E 5_2_011CA28E
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011C9DE0 5_2_011C9DE0
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011C2413 5_2_011C2413
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011CE73C 5_2_011CE73C
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011B3F71 5_2_011B3F71
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011C2642 5_2_011C2642
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008EF8C3 6_2_008EF8C3
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008EC01F 6_2_008EC01F
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008FA28E 6_2_008FA28E
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008F2413 6_2_008F2413
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008F9DE0 6_2_008F9DE0
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008F2642 6_2_008F2642
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008FE73C 6_2_008FE73C
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008E3F71 6_2_008E3F71
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_05364180 6_2_05364180
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: String function: 01192022 appears 46 times
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: String function: 011D2B5D appears 79 times
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: String function: 011CFB09 appears 445 times
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: String function: 011938BA appears 375 times
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: String function: 008C2022 appears 46 times
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: String function: 008FFB09 appears 459 times
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: String function: 008C38BA appears 373 times
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: String function: 00902B5D appears 79 times
Source: C:\Windows\SysWOW64\wget.exe Process Stats: CPU usage > 98%
Source: CamtasiaBootstrapperApplication.resources.dll.6.dr Static PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: CamtasiaBootstrapperApplication.resources.dll0.6.dr Static PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: CamtasiaBootstrapperApplication.resources.dll1.6.dr Static PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: CamtasiaBootstrapperApplication.resources.dll2.6.dr Static PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: CamtasiaBootstrapperApplication.resources.dll3.6.dr Static PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: CamtasiaBootstrapperApplication.resources.dll4.6.dr Static PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: C:\Windows\SysWOW64\wget.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe"
Source: unknown Process created: C:\Users\user\Desktop\download\camtasia.exe C:\Users\user\Desktop\download\camtasia.exe
Source: C:\Users\user\Desktop\download\camtasia.exe Process created: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe "C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe" -burn.clean.room="C:\Users\user\Desktop\download\camtasia.exe" -burn.filehandle.attached=180 -burn.filehandle.self=624
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" Jump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exe Process created: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe "C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe" -burn.clean.room="C:\Users\user\Desktop\download\camtasia.exe" -burn.filehandle.attached=180 -burn.filehandle.self=624 Jump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_01194639 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 5_2_01194639
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008C4639 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 6_2_008C4639
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\Desktop\cmdline.out Jump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exe File created: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\ Jump to behavior
Source: classification engine Classification label: sus30.evad.win@7/55@0/2
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011D28BD GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess, 5_2_011D28BD
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/CachePackageBeginEventArgs.cs Suspicious method names: System.Int64 Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CachePackageBeginEventArgs::get_CachePayloads()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/ResolveSourceEventArgs.cs Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.ResolveSourceEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.cs Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.cs Suspicious method names: System.Void Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::.ctor(System.String,System.String)
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.cs Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::get_PayloadFileName()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheVerifyCompleteEventArgs.cs Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheVerifyCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireCompleteEventArgs.cs Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheVerifyBeginEventArgs.cs Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheVerifyBeginEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireProgressEventArgs.cs Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireProgressEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.cs Suspicious method names: System.Void Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::.ctor(System.String,System.String,System.Int32)
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.cs Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::get_PayloadFileName()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.cs Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireBeginEventArgs.cs Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireBeginEventArgs::get_PayloadId()
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_01192078 FormatMessageW,GetLastError,LocalFree, 5_2_01192078
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\{A723FF4B-219A-4F82-BBF4-A96C1104CA00}
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1504:120:WilError_01
Source: C:\Windows\SysWOW64\wget.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: Binary string: d:\BuildAgent2\work\332abf23d6adde7e\WPFCommonControls\obj\Release\WPFCommonControls.pdbx source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.dr
Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: camtasia.exe, 00000006.00000002.758526854.0000000005E72000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: d:\BuildAgent2\work\332abf23d6adde7e\WPFCommonControls\obj\Release\WPFCommonControls.pdb source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.dr
Source: Binary string: d:\BuildAgent\work\e5c4efd8f9fde200\WPFCommonViewModel\obj\Release\WPFCommonViewModel.pdb source: camtasia.exe, 00000006.00000002.756599449.0000000005852000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: E:\DTLTMP160133615\work\b8074b7c5534a0bd\EditionConstants\obj\Release\EditionConstants.pdb source: camtasia.exe, 00000006.00000002.756548919.00000000057D2000.00000002.00000001.01000000.0000000B.sdmp, EditionConstants.dll.6.dr
Source: Binary string: d:\BuildAgent\work\e5c4efd8f9fde200\WPFCommonViewModel\obj\Release\WPFCommonViewModel.pdbd5~5 p5_CorDllMainmscoree.dll source: camtasia.exe, 00000006.00000002.756599449.0000000005852000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\mbahost.pdb source: camtasia.exe, 00000006.00000002.764310520.000000006FF34000.00000002.00000001.01000000.00000006.sdmp, mbahost.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: Microsoft.Deployment.WindowsInstaller.dll.6.dr
Source: Binary string: E:\DTLTMP160133615\work\b8074b7c5534a0bd\setup\WIX\CamtasiaBootstrapperApplication\obj\Release\CamtasiaBootstrapperApplication.pdb source: camtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\burn.pdb source: camtasia.exe, 00000005.00000000.489737589.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000006.00000000.490838479.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe, 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\core\BootstrapperCore.pdb source: camtasia.exe, camtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: Microsoft.Deployment.WindowsInstaller.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\WixStdBA.pdb source: mbapreq.dll.6.dr
Source: C:\Windows\SysWOW64\wget.exe Code function: 2_2_00CFF013 push 00000078h; retf 2_2_00CFF015
Source: C:\Windows\SysWOW64\wget.exe Code function: 2_2_00CF65E2 push edi; iretd 2_2_00CF664A
Source: C:\Windows\SysWOW64\wget.exe Code function: 2_2_00CFA19B pushfd ; iretd 2_2_00CFA19E
Source: C:\Windows\SysWOW64\wget.exe Code function: 2_2_00CF5999 push ecx; iretd 2_2_00CF59A2
Source: C:\Windows\SysWOW64\wget.exe Code function: 2_2_00CF596D push ecx; iretd 2_2_00CF59A2
Source: C:\Windows\SysWOW64\wget.exe Code function: 2_2_00CF657C push edi; iretd 2_2_00CF664A
Source: C:\Windows\SysWOW64\wget.exe Code function: 2_2_00CF5D0C push edx; iretd 2_2_00CF5D02
Source: C:\Windows\SysWOW64\wget.exe Code function: 2_2_00CF6654 push edi; iretd 2_2_00CF664A
Source: C:\Windows\SysWOW64\wget.exe Code function: 2_2_00CF1652 push ss; iretd 2_2_00CF1666
Source: C:\Windows\SysWOW64\wget.exe Code function: 2_2_00CECF48 pushad ; iretd 2_2_00CECF55
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011BE806 push ecx; ret 5_2_011BE819
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008EE806 push ecx; ret 6_2_008EE819
Source: camtasia.exe.2.dr Static PE information: section name: .wixburn
Source: camtasia.exe.5.dr Static PE information: section name: .wixburn
Source: EditionConstants.dll.6.dr Static PE information: 0xBBD9EC2A [Thu Nov 14 02:19:22 2069 UTC]
Source: initial sample Static PE information: section name: .text entropy: 7.109301216282531
Source: C:\Windows\SysWOW64\wget.exe File created: C:\Users\user\Desktop\download\camtasia.exe Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\pt-BR\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\CamtasiaBootstrapperApplication.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\de-DE\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\fr-FR\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\camtasia.exe File created: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\EditionConstants.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\zh-CN\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonViewModel.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\TechSmith.Win32.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonControls.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\System.Windows.Interactivity.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Expression.Interactions.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\ja-JP\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\es-ES\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbahost.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\pt-BR\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\CamtasiaBootstrapperApplication.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\de-DE\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\fr-FR\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\camtasia.exe File created: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\EditionConstants.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\zh-CN\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonViewModel.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\TechSmith.Win32.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonControls.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\System.Windows.Interactivity.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Expression.Interactions.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\ja-JP\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\es-ES\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbahost.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe File created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Evasive API call chain: GetLocalTime,DecisionNodes
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\pt-BR\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\CamtasiaBootstrapperApplication.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\de-DE\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\fr-FR\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\EditionConstants.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\zh-CN\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonViewModel.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\TechSmith.Win32.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\System.Windows.Interactivity.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonControls.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Expression.Interactions.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\ja-JP\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\es-ES\CamtasiaBootstrapperApplication.resources.dll Jump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Dropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011CF79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 011CF839h 5_2_011CF79E
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011CF79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 011CF832h 5_2_011CF79E
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008FF79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 008FF839h 6_2_008FF79E
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008FF79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 008FF832h 6_2_008FF79E
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Registry key enumerated: More than 152 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\Desktop\download\camtasia.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_01193D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 5_2_01193D4E
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011D3C72 FindFirstFileW,FindClose, 5_2_011D3C72
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_00903C72 FindFirstFileW,FindClose, 6_2_00903C72
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008C3D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, 6_2_008C3D4E
Source: C:\Users\user\Desktop\download\camtasia.exe API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe API call chain: ExitProcess graph end node
Source: wget.exe Binary or memory string: Hyper-V RAW
Source: wget.exe, 00000002.00000002.477857273.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011C34A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 5_2_011C34A2
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011939DF GetProcessHeap,RtlAllocateHeap, 5_2_011939DF
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011C4104 mov eax, dword ptr fs:[00000030h] 5_2_011C4104
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008F4104 mov eax, dword ptr fs:[00000030h] 6_2_008F4104
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Memory allocated: page read and write | page guard Jump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011BE0A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 5_2_011BE0A8
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011C34A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 5_2_011C34A2
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008EE0A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 6_2_008EE0A8
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Code function: 6_2_008F34A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 6_2_008F34A2

HIPS / PFW / Operating System Protection Evasion

barindex
Source: WPFCommonControls.dll.6.dr, WPFCommonControls/NativeMouseMove.cs Reference to suspicious API methods: ('LoadLibrary', 'LoadLibrary@kernel32')
Source: Microsoft.Deployment.WindowsInstaller.dll.6.dr, Deployment.WindowsInstaller/NativeMethods.cs Reference to suspicious API methods: ('FindResourceEx', 'FindResourceEx@kernel32.dll'), ('LoadLibraryEx', 'LoadLibraryExW@kernel32.dll')
Source: TechSmith.Win32.dll.6.dr, Win32/User32.cs Reference to suspicious API methods: ('MapVirtualKeyW', 'MapVirtualKeyW@user32.dll')
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" Jump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exe Process created: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe "C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe" -burn.clean.room="C:\Users\user\Desktop\download\camtasia.exe" -burn.filehandle.attached=180 -burn.filehandle.self=624 Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Queries volume information: C:\Users\user\Desktop\download VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.dll VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\CamtasiaBootstrapperApplication.dll VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\EditionConstants.dll VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonViewModel.dll VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\System.Windows.Interactivity.dll VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonControls.dll VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011A4E6A ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree, 5_2_011A4E6A
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011BE463 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 5_2_011BE463
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011D8039 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime, 5_2_011D8039
Source: C:\Users\user\Desktop\download\camtasia.exe Code function: 5_2_011D3349 GetVersionExW, 5_2_011D3349