Windows Analysis Report
Screenpresso.exe

Overview

General Information

Sample name: Screenpresso.exe
Analysis ID: 1531355
MD5: ad33cd210ddb830eaf9913e281fe73f0
SHA1: b0caaee7cab32e1e52fc674e573060dd0ca014fb
SHA256: e742f7b9e12768c99ca087b072330f2e158cc0c45fbeb45964e1e3fec70085cd
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Source: C:\Users\user\Desktop\Screenpresso.exe Window detected: I &accept the licenseSoftware License AgreementVERY IMPORTANT READ CAREFULLY:This Screenpresso Software License Agreement (hereinafter this LICENSE ) is a legal agreement between you (either an individual or a single entity) and Learnpulse SAS. ( Screenpresso ) for the software containing this LICENSE or products identified on the Screenpresso.com web site on the disk or CD-ROM enclosed with the package which contain computer software and associated media and printed materials and may include on-line or electronic documentation (the SOFTWARE ) and for which the activation-Key(s) are either provided on the back of the enclosed CD case or obtained through Learnpulse or its authorized distributor.IT IS NECESSARY FOR YOU TO AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE BEFORE YOU ARE PERMITTED TO CONTINUE TO INSTALL THE SOFTWARE. BY CLICKING THE I ACCEPT BUTTON OR BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE INCLUDING THE WARRANTY DISCLAIMERS LIMITATIONS ON LIABILITY AND TERMINATION PROVISIONS.If you do not agree to the terms of this LICENSE close this window to EXIT NOW.I. OWNERSHIP; LICENSE GRANT.This is a license agreement and NOT an agreement for sale. Learnpulse continues to own the copy of the SOFTWARE contained on the web site disk or CD-ROM and all copies thereof. Your rights to the SOFTWARE are specified in this LICENSE and Learnpulse retains all rights not expressly granted to you in this LICENSE. Learnpulse hereby grants to you and you accept a non-exclusive non-transferable license to use copy and modify the SOFTWARE only as authorized below.II. PERMITTED USES.This LICENSE grants you the following rights:A. The SOFTWARE can be used for personal usage (at home) as well as for commercial usage (at work) with and without license key. The following restriction apply for unregistered users (if no license key is found) : Screenpresso is updated each time a new version of Screenpresso is released. This requires that Internet network must be operational: firewall and other HTTP traffic management must not be used to block updates of Screenpresso.III. PRIVACY POLICYRefer to Privacy Policy.IV. PROHIBITED USES.You may not without the prior written permission of Learnpulse:A. Disassemble decompile or unlock decode or otherwise reverse translate or engineer or attempt in any manner to reconstruct or discover any source code or underlying algorithms of SOFTWARE provided in object code form only.B. Use copy modify or merge copies of the SOFTWARE and any accompanying documents except as permitted in this LICENSE.C. Transfer rent lease or sublicense the SOFTWARE.D. Distribute the SOFTWARE in a run-time.E. Distribute the SOFTWARE via a public Internet access.V. COPYRIGHT.All title and copyrights in and to the SOFTWARE (including but not limited to any images photographs animation video audio music text and applets incorporated into the SOFTWARE) and the accompanying prin
Source: Screenpresso.exe Static PE information: certificate valid
Source: Screenpresso.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\git\screenpresso\ScreenpressoAdmin\src\obj\Release\net48\ScreenpressoAdmin.pdbSHA256wY source: Screenpresso.exe
Source: Binary string: C:\git\screenpresso\Screenpresso\src\obj\Release\net48\Screenpresso.pdb source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F7A53B000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\git\screenpresso\Screenpresso\src\obj\Release\net48\Screenpresso.pdb~ source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F7A53B000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\git\screenpresso\ScreenpressoAdmin\src\obj\Release\net48\ScreenpressoAdmin.pdb source: Screenpresso.exe
Source: Screenpresso.exe String found in binary or memory: :Whttps://www.youtube.com/watch?v=pssN7gWXfVs equals www.youtube.com (Youtube)
Source: Screenpresso.exe String found in binary or memory: BtnScript_Click9SettingsForm.BtnScript_Click1BtnAmazonS3Account_ClickKSettingsForm.BtnAmazonS3Account_Click5BtnCloudinaryAccount_ClickOSettingsForm.BtnCloudinaryAccount_Click/BtnDropboxAccount_ClickISettingsForm.BtnDropboxAccount_Click+BtnImgurAccount_ClickESettingsForm.BtnImgurAccount_Click+BtnDriveAccount_ClickESettingsForm.BtnDriveAccount_Click1BtnFileCopyAccount_ClickKSettingsForm.BtnFileCopyAccount_Click/BtnOneNoteAccount_ClickISettingsForm.BtnOneNoteAccount_Click1BtnOneDriveAccount_ClickKSettingsForm.BtnOneDriveAccount_Click-BtnLinearAccount_ClickGSettingsForm.BtnLinearAccount_Click;BtnSharingAccountRemove_ClickUSettingsForm.BtnSharingAccountRemove_Click7LnkSharingDemos_LinkClickedshttps://www.youtube.com/results?search_query=screenpressoQSettingsForm.LnkSharingDemos_LinkClicked+LvSharing_DoubleClickESettingsForm.LvSharing_DoubleClickEChkSharingAutoClose_CheckedChanged_SettingsForm.ChkSharingAutoClose_CheckedChangedABtnConfigureSoundRecording_Click equals www.youtube.com (Youtube)
Source: Screenpresso.exe String found in binary or memory: YouTube5YouTubeAccountForm.OnShownAYouTubeAccountForm.OnFormClosingQYouTubeAccountForm.BtnRequestToken_Click/https://www.youtube.comEYouTubeAccountForm.FillFromAccountAYouTubeAccountForm_StatusChangedUSend your images to YouTube in one click !-&Permit YouTube access%YouTubeAccountForm equals www.youtube.com (Youtube)
Source: Screenpresso.exe String found in binary or memory: videoFilepath3YouTubeSharingForm.OnSend7YouTubeSharingForm.OnCancelOYouTubeSharingForm.TxtTitle_TextChanged;YouTubeHelper_ProgressChangedaYouTubeSharingForm.YouTubeHelper_ProgressChangedOYouTubeSharingForm.Helper_StatusChangedAhttps://www.youtube.com/watch?v=Chttps://studio.youtube.com/video/)chkGeneratePublicUrl equals www.youtube.com (Youtube)
Source: Screenpresso.exe String found in binary or memory: http://DirectShowNet.SourceForge.net
Source: Screenpresso.exe String found in binary or memory: http://DirectShowNet.SourceForge.netD
Source: Screenpresso.exe String found in binary or memory: http://api.bitly.com/v3/shorten?login=
Source: Screenpresso.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Screenpresso.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Screenpresso.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Screenpresso.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Screenpresso.exe String found in binary or memory: http://camendesign.com/code/video_for_everybody
Source: Screenpresso.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Screenpresso.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Screenpresso.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Screenpresso.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Screenpresso.exe String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Screenpresso.exe String found in binary or memory: http://flowplayer.org
Source: Screenpresso.exe String found in binary or memory: http://flowplayer.org/download/license_gpl.htm
Source: Screenpresso.exe String found in binary or memory: http://maps.google.com/?ll=
Source: Screenpresso.exe String found in binary or memory: http://ocsp.digicert.com0
Source: Screenpresso.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: Screenpresso.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: Screenpresso.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: Screenpresso.exe, 00000000.00000002.3337557460.0000018F000F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: Screenpresso.exe, 00000000.00000002.3337557460.0000018F000DF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Screenpresso.exe String found in binary or memory: http://twitter.com/
Source: Screenpresso.exe String found in binary or memory: http://videojs.com/
Source: Screenpresso.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: Screenpresso.exe String found in binary or memory: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html
Source: Screenpresso.exe String found in binary or memory: http://www.screenpresso.com/?utm_source=Video%2BPlayer&utm_medium=Link&utm_campaign=Video%2BPlayer
Source: Screenpresso.exe String found in binary or memory: http://xml.evernote.com/pub/enml.dtd
Source: Screenpresso.exe String found in binary or memory: http://zxingnet.codeplex.com/)
Source: Screenpresso.exe String found in binary or memory: https://api.cloudinary.com
Source: Screenpresso.exe String found in binary or memory: https://api.dropboxapi.com/2/files/delete9DropboxSharingForm.OnClosing3DropboxSharingForm.OnSend7Dro
Source: Screenpresso.exe String found in binary or memory: https://api.dropboxapi.com/2/files/list_folderohttps://api.dropboxapi.com/2/files/list_folder/contin
Source: Screenpresso.exe String found in binary or memory: https://api.dropboxapi.com/2/sharing/create_shared_link_with_settings
Source: Screenpresso.exe String found in binary or memory: https://api.dropboxapi.com/2/users/get_current_account
Source: Screenpresso.exe String found in binary or memory: https://api.dropboxapi.com/2/users/get_space_usage
Source: Screenpresso.exe String found in binary or memory: https://api.dropboxapi.com/oauth2/tokenCapplication/x-www-form-urlencoded
Source: Screenpresso.exe String found in binary or memory: https://api.imgur.com/3/Dhttps://api.imgur.com/3/account/meRhttps://api.imgur.com/3/account/me/album
Source: Screenpresso.exe String found in binary or memory: https://api.imgur.com/3/album/
Source: Screenpresso.exe String found in binary or memory: https://api.imgur.com/oauth2/Lhttps://api.imgur.com/oauth2/authorizeDhttps://api.imgur.com/oauth2/to
Source: Screenpresso.exe String found in binary or memory: https://api.imgur.com/oauth2/authorize
Source: Screenpresso.exe String found in binary or memory: https://api.imgur.com/oauth2/tokenShttps://api.imgur.com/3/account/me/albums;https://api.imgur.com/3
Source: Screenpresso.exe String found in binary or memory: https://api.linear.app/graphql
Source: Screenpresso.exe String found in binary or memory: https://api.linear.app/oauth/token
Source: Screenpresso.exe String found in binary or memory: https://api.onedrive.com/v1.0/drive/items/
Source: Screenpresso.exe String found in binary or memory: https://api.onedrive.com/v1.0/drive/root
Source: Screenpresso.exe String found in binary or memory: https://api.onedrive.com/v1.0/drive/root:/
Source: Screenpresso.exe String found in binary or memory: https://api.onedrive.com/v1.0/drive/root:Qhttps://api.onedrive.com/v1.0/drive/rootUhttps://api.onedr
Source: Screenpresso.exe String found in binary or memory: https://api.onedrive.com/v1.0/driveihttps://api.onedrive.com/v1.0/drive/root
Source: Screenpresso.exe String found in binary or memory: https://api.onedrive.com/v1.0Fhttps://api.onedrive.com/v1.0/drivePhttps://api.onedrive.com/v1.0/driv
Source: Screenpresso.exe String found in binary or memory: https://api.screenpresso.com/1/Jhttps://api.screenpresso.com/1/upload
Source: Screenpresso.exe String found in binary or memory: https://api.screenpresso.com/1/upload
Source: Screenpresso.exe String found in binary or memory: https://api.screenpresso.com/2/Fhttps://api.screenpresso.com/2/listJhttps://api.screenpresso.com/2/d
Source: Screenpresso.exe String found in binary or memory: https://api.screenpresso.com/2/delete
Source: Screenpresso.exe String found in binary or memory: https://api.screenpresso.com/2/list
Source: Screenpresso.exe String found in binary or memory: https://api.twitter.com/
Source: Screenpresso.exe String found in binary or memory: https://api.twitter.com/1.1/statuses/update_with_media.json
Source: Screenpresso.exe String found in binary or memory: https://api.twitter.com/oauth/Vhttps://api.twitter.com/oauth/request_tokenhhttps://api.twitter.com/o
Source: Screenpresso.exe String found in binary or memory: https://api.twitter.com/oauth/access_tokenwhttps://api.twitter.com/1.1/account/verify_credentials.js
Source: Screenpresso.exe String found in binary or memory: https://api.twitter.com/oauth/authorize?oauth_token=YrequestToken
Source: Screenpresso.exe String found in binary or memory: https://api.twitter.com/oauth/request_token
Source: Screenpresso.exe String found in binary or memory: https://apis.live.net/v5.0
Source: Screenpresso.exe String found in binary or memory: https://apis.live.net/v5.0/suppress_response_codes%suppress_redirects
Source: Screenpresso.exe String found in binary or memory: https://aws.amazon.com
Source: Screenpresso.exe String found in binary or memory: https://cdn.screenpresso.com/binaries/ffmpeg32_20160531.zip
Source: Screenpresso.exe String found in binary or memory: https://cdn.screenpresso.com/binaries/ffmpeg64_20240213.zip
Source: Screenpresso.exe String found in binary or memory: https://cdn.screenpresso.com/binaries/imagepack_20231211.zip
Source: Screenpresso.exe String found in binary or memory: https://cdn.screenpresso.com/binaries/tesseract64_20231203.zipmhttps://cdn.screenpresso.com/binaries
Source: Screenpresso.exe String found in binary or memory: https://cdn.screenpresso.com/binaries/tesseract64_20231203.zipvhttps://cdn.screenpresso.com/binaries
Source: Screenpresso.exe String found in binary or memory: https://cloudinary.com/
Source: Screenpresso.exe String found in binary or memory: https://console.aws.amazon.com/s3/home?region=
Source: Screenpresso.exe String found in binary or memory: https://content.dropboxapi.com/2/files/upload1application/octet-stream
Source: Screenpresso.exe String found in binary or memory: https://drive.google.comADriveAccountForm.FillFromAccount=DriveAccountForm_StatusChanged
Source: Screenpresso.exe String found in binary or memory: https://imgur.com/(https://imgur.com/a/2https://imgur.com/delete/
Source: Screenpresso.exe String found in binary or memory: https://imgur.com/a/
Source: Screenpresso.exe String found in binary or memory: https://imgur.com/delete/
Source: Screenpresso.exe String found in binary or memory: https://imgur.com/registerOSend
Source: Screenpresso.exe String found in binary or memory: https://linear.app/oauth/authorizeA3ad1f10b0506bc179fdbd36023a76dd7
Source: Screenpresso.exe String found in binary or memory: https://linear.app/oauth/authorizeDhttps://api.linear.app/oauth/token
Source: Screenpresso.exe String found in binary or memory: https://linear.app/signupCLinearAccountForm.FillFromAccountQSend
Source: Screenpresso.exe String found in binary or memory: https://login.live.com
Source: Screenpresso.exe String found in binary or memory: https://login.live.com/oauth20_desktop.srfIOneNoteHelper.DoAuthorizationProcess
Source: Screenpresso.exe String found in binary or memory: https://onedrive.live.com
Source: Screenpresso.exe String found in binary or memory: https://stats.screenpresso.com
Source: Screenpresso.exe String found in binary or memory: https://stats.screenpresso.com/?ver=1.0
Source: Screenpresso.exe String found in binary or memory: https://twitter.com/signup;lblTwitterAccountExplanation2
Source: Screenpresso.exe String found in binary or memory: https://webapi.screenpresso.com/v1/2checkout?quantity=1&product=697641F92F)GetOnlinePrices
Source: Screenpresso.exe String found in binary or memory: https://webapi.screenpresso.com/v1/2checkout?quantity=1&product=697641F92FP3hhoG2C8SZ906286EiEmfCMAk
Source: Screenpresso.exe String found in binary or memory: https://webapi.screenpresso.com/v1/2checkout?quantity=1&product=DEFAB97691
Source: Screenpresso.exe String found in binary or memory: https://webapi.screenpresso.com/v1/2checkoutKBackgroundWorkerRetrievePrices_DoWorkcBackgroundWorkerR
Source: Screenpresso.exe String found in binary or memory: https://www.dropbox.com/home
Source: Screenpresso.exe String found in binary or memory: https://www.dropbox.com/oauth2/authorize?client_id=
Source: Screenpresso.exe String found in binary or memory: https://www.dropbox.com/registerEDropboxAccountForm.FillFromAccountSSend
Source: Screenpresso.exe String found in binary or memory: https://www.evernote.com
Source: Screenpresso.exe String found in binary or memory: https://www.evernote.com/Home.action#v=t&n=
Source: Screenpresso.exe String found in binary or memory: https://www.evernote.com/Login.action?targetUrl=/Home.action
Source: Screenpresso.exe String found in binary or memory: https://www.evernote.com/OAuth.action?oauth_token=
Source: Screenpresso.exe String found in binary or memory: https://www.evernote.com/Registration.action?code=screenpresso
Source: Screenpresso.exe String found in binary or memory: https://www.evernote.com/edam/user
Source: Screenpresso.exe String found in binary or memory: https://www.evernote.com/oauth?oauth_callback=Khttps://www.screenpresso.com/evernote#screenpresso-08
Source: Screenpresso.exe String found in binary or memory: https://www.evernote.com/oauth?oauth_verifier=M
Source: Screenpresso.exe String found in binary or memory: https://www.evernote.com/oauthJhttps://www.evernote.com/OAuth.actionDhttps://www.evernote.com/edam/u
Source: Screenpresso.exe String found in binary or memory: https://www.evernote.com/shard/
Source: Screenpresso.exe String found in binary or memory: https://www.google-analytics.com/__utm.gif?utmwv=4.5.7
Source: Screenpresso.exe String found in binary or memory: https://www.onenote.com/api/v1.0/pages
Source: Screenpresso.exe String found in binary or memory: https://www.onenote.comEOneNoteAccountForm.FillFromAccountUSend
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/api/v1/license
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/api/v1/license-validation
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/api/v1/ping/application/json
Source: Screenpresso.exe, 00000000.00000002.3337557460.0000018F00001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.screenpresso.com/binaries/version4.xml
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/binaries/version4.xmlASafeApplyPermissionsFromSettings
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/binaries/versionbeta4.xml
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/chrome-extension/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/cloud-terms-of-use/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/de/chrome-extension/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/de/cloud-terms-of-use/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/de/installation-subersicht/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/de/nach-dem-kauf-umfrage/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/de/support/update-included/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/de/uninstall-umfrage/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/docs/mhttps://www.screenpresso.com/docs/ScreenpressoHelp.pdfkhttps://ww
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/fr/Ahttps://www.screenpresso.com/de/Ahttps://www.screenpresso.com/ja/Qh
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/fr/cloud-terms-of-use/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/fr/sondage-apres-achat/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/fr/sondage-desinstallation/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/install-survey/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/ja/%E3%82%B5%E3%83%9D%E3%83%BC%E3%83%88/Khttps://www.screenpresso.com/s
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/ja/%E3%82%B5%E3%83%9D%E3%83%BC%E3%83%88/update-included/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/ja/%E3%83%80%E3%82%A6%E3%83%B3%E3%83%AD%E3%83%BC%E3%83%89/Mhttps://www.
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/ja/%E4%BE%A1%E6%A0%BC%E8%A8%AD%E5%AE%9A/Khttps://www.screenpresso.com/p
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/ja/chrome-extension/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/ja/cloud-terms-of-use/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/lost-key/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/mobility
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/oauth_callback1LinearSharingForm.OnSend5LinearSharingForm.OnCancelQLine
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/purchase-survey/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/releases/9LnkActivationKey_LinkClicked
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/support/recording-error/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/support/update-included/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/uninstall-survey/
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.com/upgrade/?key=
Source: Screenpresso.exe String found in binary or memory: https://www.screenpresso.comVhttps://www.screenpresso.com/api/v1/licenselhttps://www.screenpresso.co
Source: Screenpresso.exe String found in binary or memory: https://www.youtube.com/results?search_query=screenpressoQSettingsForm.LnkSharingDemos_LinkClicked
Source: Screenpresso.exe String found in binary or memory: https://www.youtube.com/watch?v=Chttps://studio.youtube.com/video/)chkGeneratePublicUrl
Source: Screenpresso.exe String found in binary or memory: https://www.youtube.com/watch?v=pssN7gWXfVs
Source: Screenpresso.exe String found in binary or memory: https://www.youtube.comEYouTubeAccountForm.FillFromAccountAYouTubeAccountForm_StatusChangedUSend
Detected potential crypto function
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF848DC7BE5 0_2_00007FF848DC7BE5
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF848DCA572 0_2_00007FF848DCA572
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF8490875A9 0_2_00007FF8490875A9
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849086FFA 0_2_00007FF849086FFA
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84907642C 0_2_00007FF84907642C
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849075B10 0_2_00007FF849075B10
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849087B70 0_2_00007FF849087B70
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF8490753D8 0_2_00007FF8490753D8
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84907F119 0_2_00007FF84907F119
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849087C76 0_2_00007FF849087C76
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF8490753D0 0_2_00007FF8490753D0
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849182AD5 0_2_00007FF849182AD5
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849192934 0_2_00007FF849192934
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84917A18D 0_2_00007FF84917A18D
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF8491800D3 0_2_00007FF8491800D3
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84918FF23 0_2_00007FF84918FF23
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84918FB07 0_2_00007FF84918FB07
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849176BE7 0_2_00007FF849176BE7
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84917EE55 0_2_00007FF84917EE55
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF8491802B2 0_2_00007FF8491802B2
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849190102 0_2_00007FF849190102
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84917FD00 0_2_00007FF84917FD00
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84917F5D8 0_2_00007FF84917F5D8
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849266904 0_2_00007FF849266904
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849265455 0_2_00007FF849265455
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849390270 0_2_00007FF849390270
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849386607 0_2_00007FF849386607
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849384971 0_2_00007FF849384971
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84938EFF8 0_2_00007FF84938EFF8
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84938FBFB 0_2_00007FF84938FBFB
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84937FB52 0_2_00007FF84937FB52
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84938FC18 0_2_00007FF84938FC18
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849356BE7 0_2_00007FF849356BE7
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849354DB7 0_2_00007FF849354DB7
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF8493601DB 0_2_00007FF8493601DB
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84936FF23 0_2_00007FF84936FF23
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84935EE55 0_2_00007FF84935EE55
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF8493601F9 0_2_00007FF8493601F9
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849370102 0_2_00007FF849370102
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84935FD00 0_2_00007FF84935FD00
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84935F5D8 0_2_00007FF84935F5D8
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84945BBEA 0_2_00007FF84945BBEA
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849454099 0_2_00007FF849454099
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84945A8FA 0_2_00007FF84945A8FA
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849463AEA 0_2_00007FF849463AEA
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF8494732A0 0_2_00007FF8494732A0
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF8494689C5 0_2_00007FF8494689C5
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84946C5AC 0_2_00007FF84946C5AC
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849473C4B 0_2_00007FF849473C4B
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84946A65C 0_2_00007FF84946A65C
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84946AEDC 0_2_00007FF84946AEDC
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84946B6AC 0_2_00007FF84946B6AC
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849472D1C 0_2_00007FF849472D1C
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849473050 0_2_00007FF849473050
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849473C68 0_2_00007FF849473C68
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84946307C 0_2_00007FF84946307C
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84946BFEC 0_2_00007FF84946BFEC
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849458F2C 0_2_00007FF849458F2C
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849394AF5 0_2_00007FF849394AF5
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849184D6D 0_2_00007FF849184D6D
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849184D8F 0_2_00007FF849184D8F
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849174C0F 0_2_00007FF849174C0F
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849174BBC 0_2_00007FF849174BBC
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849194BBD 0_2_00007FF849194BBD
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849374D48 0_2_00007FF849374D48
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849362DC5 0_2_00007FF849362DC5
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF8493650D6 0_2_00007FF8493650D6
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849070078 0_2_00007FF849070078
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84907AF38 0_2_00007FF84907AF38
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84908C3B1 0_2_00007FF84908C3B1
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849478B45 0_2_00007FF849478B45
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849478B40 0_2_00007FF849478B40
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84926B361 0_2_00007FF84926B361
Sample file is different than original file name gathered from version info
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: IsUseOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: UseOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: get_DiscardOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: set_DiscardOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: get_OriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: set_OriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: useOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: DiscardOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F79202000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F7A4B6000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameScreenpressoRpc.exe: vs Screenpresso.exe
Source: Screenpresso.exe Binary or memory string: IsUseOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe Binary or memory string: UseOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe Binary or memory string: get_DiscardOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe Binary or memory string: set_DiscardOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe Binary or memory string: get_OriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe Binary or memory string: set_OriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe Binary or memory string: useOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe Binary or memory string: DiscardOriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe Binary or memory string: OriginalFilename vs Screenpresso.exe
Source: Screenpresso.exe Binary or memory string: OriginalFilenameScreenpressoAdmin.exe: vs Screenpresso.exe
Source: classification engine Classification label: clean2.winEXE@1/3@0/0
Source: C:\Users\user\Desktop\Screenpresso.exe File created: C:\Users\user\Desktop\ScreenpressoTest.exe Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Mutant created: NULL
Source: C:\Users\user\Desktop\Screenpresso.exe Mutant created: \Sessions\1\BaseNamedObjects\Screenpresso
Source: C:\Users\user\Desktop\Screenpresso.exe Mutant created: \Sessions\1\BaseNamedObjects\LearnPulse.XLogger
Source: C:\Users\user\Desktop\Screenpresso.exe File created: C:\Users\user\AppData\Local\Temp\Screenpresso.log Jump to behavior
Source: Screenpresso.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Screenpresso.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\Screenpresso.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: Screenpresso.exe String found in binary or memory: 35-StopVideoRecordingVfw2
Source: Screenpresso.exe String found in binary or memory: 46-StopVideoRecordingVfw1IF447B69E-1884-4A7E-8055-346F74D6EDB3
Source: Screenpresso.exe String found in binary or memory: install-Installer.SetAutoStart
Source: Screenpresso.exe String found in binary or memory: cscript.exe)Installer.AutoDelete-InstallScreenpressoRpc'ScreenpressoRpc.exeAInstallScreenpressoBrowserNative
Source: Screenpresso.exe String found in binary or memory: InstallCodec-Installer.InstallCodec#InstallSoundFiles#InstallReferences
Source: Screenpresso.exe String found in binary or memory: ffmpeg/InstallVideoPackPrivatewhttps://cdn.screenpresso.com/binaries/ffmpeg32_20160531.zip
Source: Screenpresso.exe String found in binary or memory: djxl.exe/InstallImagePackPrivate
Source: Screenpresso.exe String found in binary or memory: /installContextMenuStrip)tsInstallForAllUsers?Install to Program Files folder
Source: Screenpresso.exe String found in binary or memory: Linux!GA Tracker 4.36 /LoadAllTrackersFromFile
Source: Screenpresso.exe String found in binary or memory: -startup
Source: Screenpresso.exe String found in binary or memory: /Installazione richiesta+
Source: Screenpresso.exe String found in binary or memory: 'Instalacja wymagana/Installation n
Source: Screenpresso.exe String found in binary or memory: mKlawisz [{0}] do uruchomienia i zatrzymania nagrywaniaUTast [{0}] for at starte/stoppe optagelseno[{0}] gomb a felv
Source: Screenpresso.exe String found in binary or memory: mKlawisz [{0}] do uruchomienia i zatrzymania nagrywaniaUTast [{0}] for at starte/stoppe optagelseno[{0}] gomb a felv
Source: Screenpresso.exe String found in binary or memory: -Start opptaket p
Source: Screenpresso.exe String found in binary or memory: -installer le Framework .NET.
Source: Screenpresso.exe String found in binary or memory: www.dropbox.com3dl.dropboxusercontent.comShttps://api.dropboxapi.com/2/files/delete9DropboxSharingForm.OnClosing3DropboxSharingForm.OnSend7DropboxSharingForm.OnCancel-Helper_ProgressChanged;DropboxHelper_ProgressChangedSDropboxSharingForm.Helper_ProgressChangedODropboxSharingForm.Helper_StatusChanged%DropboxSharingFormYDropboxSharingUc.TreeViewFolder_BeforeExpandYDropboxSharingUc.TreeViewFolder_BeforeSelectWDropboxSharingUc.TreeViewFolder_AfterSelect7DropboxHelper_StatusChangedYDropboxSharingUc.DropboxHelper_StatusChanged+chkGeneratePublicLink!DropboxSharingUc
Source: Screenpresso.exe String found in binary or memory: ,ids=Khttps://api.imgur.com/3/album/{0}/add5album:https://imgur.com/a/
Source: Screenpresso.exe String found in binary or memory: Ehttps://www.screenpresso.com/docs/mhttps://www.screenpresso.com/docs/ScreenpressoHelp.pdfkhttps://www.screenpresso.com/fr/sondage-installation/
Source: Screenpresso.exe String found in binary or memory: qhttps://www.screenpresso.com/de/installation-subersicht/
Source: Screenpresso.exe String found in binary or memory: Yhttps://www.screenpresso.com/install-survey/
Source: Screenpresso.exe String found in binary or memory: --help
Source: Screenpresso.exe String found in binary or memory: --help
Source: Screenpresso.exe String found in binary or memory: IF294ACFC-3146-4483-A7BF-ADDCA7C260E2
Source: Screenpresso.exe String found in binary or memory: /data!/data/local/bin/07553{0}/busybox --install {0}
Source: Screenpresso.exe String found in binary or memory: shareNote_args(!shareNote_result#shareNote_result()stopSharingNote_args+stopSharingNote_args(-stopSharingNote_result/stopSharingNote_result(;authenticateToSharedNote_args
Source: Screenpresso.exe String found in binary or memory: shareNote_args(!shareNote_result#shareNote_result()stopSharingNote_args+stopSharingNote_args(-stopSharingNote_result/stopSharingNote_result(;authenticateToSharedNote_args
Source: Screenpresso.exe String found in binary or memory: shareNote_args(!shareNote_result#shareNote_result()stopSharingNote_args+stopSharingNote_args(-stopSharingNote_result/stopSharingNote_result(;authenticateToSharedNote_args
Source: Screenpresso.exe String found in binary or memory: $F294ACFC-3146-4483-A7BF-ADDCA7C260E2
Source: Screenpresso.exe String found in binary or memory: $F294ACFC-3146-4483-A7BF-ADDCA7C260E2)
Source: Screenpresso.exe String found in binary or memory: $a0a7a57b-59b2-4919-a694-add0a526c373
Source: Screenpresso.exe String found in binary or memory: 30https://api.imgur.com/3/Dhttps://api.imgur.com/3/account/meRhttps://api.imgur.com/3/account/me/albums:https://api.imgur.com/3/imageJhttps://api.imgur.com/3/album/{0}/add$https://imgur.com/(https://imgur.com/a/2https://imgur.com/delete/
Source: Screenpresso.exe String found in binary or memory: /ADD#
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: msvcp140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: mfplat.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: rtworkq.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: C:\Users\user\Desktop\Screenpresso.exe Automated click: I accept the license
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\Screenpresso.exe Window detected: I &accept the licenseSoftware License AgreementVERY IMPORTANT READ CAREFULLY:This Screenpresso Software License Agreement (hereinafter this LICENSE ) is a legal agreement between you (either an individual or a single entity) and Learnpulse SAS. ( Screenpresso ) for the software containing this LICENSE or products identified on the Screenpresso.com web site on the disk or CD-ROM enclosed with the package which contain computer software and associated media and printed materials and may include on-line or electronic documentation (the SOFTWARE ) and for which the activation-Key(s) are either provided on the back of the enclosed CD case or obtained through Learnpulse or its authorized distributor.IT IS NECESSARY FOR YOU TO AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE BEFORE YOU ARE PERMITTED TO CONTINUE TO INSTALL THE SOFTWARE. BY CLICKING THE I ACCEPT BUTTON OR BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE INCLUDING THE WARRANTY DISCLAIMERS LIMITATIONS ON LIABILITY AND TERMINATION PROVISIONS.If you do not agree to the terms of this LICENSE close this window to EXIT NOW.I. OWNERSHIP; LICENSE GRANT.This is a license agreement and NOT an agreement for sale. Learnpulse continues to own the copy of the SOFTWARE contained on the web site disk or CD-ROM and all copies thereof. Your rights to the SOFTWARE are specified in this LICENSE and Learnpulse retains all rights not expressly granted to you in this LICENSE. Learnpulse hereby grants to you and you accept a non-exclusive non-transferable license to use copy and modify the SOFTWARE only as authorized below.II. PERMITTED USES.This LICENSE grants you the following rights:A. The SOFTWARE can be used for personal usage (at home) as well as for commercial usage (at work) with and without license key. The following restriction apply for unregistered users (if no license key is found) : Screenpresso is updated each time a new version of Screenpresso is released. This requires that Internet network must be operational: firewall and other HTTP traffic management must not be used to block updates of Screenpresso.III. PRIVACY POLICYRefer to Privacy Policy.IV. PROHIBITED USES.You may not without the prior written permission of Learnpulse:A. Disassemble decompile or unlock decode or otherwise reverse translate or engineer or attempt in any manner to reconstruct or discover any source code or underlying algorithms of SOFTWARE provided in object code form only.B. Use copy modify or merge copies of the SOFTWARE and any accompanying documents except as permitted in this LICENSE.C. Transfer rent lease or sublicense the SOFTWARE.D. Distribute the SOFTWARE in a run-time.E. Distribute the SOFTWARE via a public Internet access.V. COPYRIGHT.All title and copyrights in and to the SOFTWARE (including but not limited to any images photographs animation video audio music text and applets incorporated into the SOFTWARE) and the accompanying prin
Source: C:\Users\user\Desktop\Screenpresso.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: Screenpresso.exe Static PE information: certificate valid
Source: Screenpresso.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Screenpresso.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: Screenpresso.exe Static file information: File size 20370440 > 1048576
Source: Screenpresso.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1345800
Source: Screenpresso.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Screenpresso.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\git\screenpresso\ScreenpressoAdmin\src\obj\Release\net48\ScreenpressoAdmin.pdbSHA256wY source: Screenpresso.exe
Source: Binary string: C:\git\screenpresso\Screenpresso\src\obj\Release\net48\Screenpresso.pdb source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F7A53B000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\git\screenpresso\Screenpresso\src\obj\Release\net48\Screenpresso.pdb~ source: Screenpresso.exe, 00000000.00000000.2050369570.0000018F7A53B000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\git\screenpresso\ScreenpressoAdmin\src\obj\Release\net48\ScreenpressoAdmin.pdb source: Screenpresso.exe
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF848DBAE8C push eax; retf 0_2_00007FF848DBB40D
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF848DB7923 push ebx; retf 0_2_00007FF848DB796A
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF848DBB376 push eax; retf 0_2_00007FF848DBB40D
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF848DCBCFB push FFFFFFE8h; retf 0_2_00007FF848DCBDF1
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF848DB00BD pushad ; iretd 0_2_00007FF848DB00C1
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84918BA7D push cs; retf 0_2_00007FF84918BA7E
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84918BAED push cs; retf 0_2_00007FF84918BAEE
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849195F18 pushad ; ret 0_2_00007FF849195F19
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849390260 push ss; retf 0_2_00007FF849390261
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84938B31C push ss; retf 0_2_00007FF84938B31E
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84938B38C push ss; retf 0_2_00007FF84938B38E
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84935B418 push esp; ret 0_2_00007FF84935B419
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84935AC1B push ecx; retf 0_2_00007FF84935AC1C
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF8493601F9 push esp; ret 0_2_00007FF849366139
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF849362CE2 push E8000003h; ret 0_2_00007FF849362CE9
Source: C:\Users\user\Desktop\Screenpresso.exe Code function: 0_2_00007FF84947AC5E push cs; retf 0_2_00007FF84947AC5F
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\Screenpresso.exe Memory allocated: 18F7A8A0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Memory allocated: 18F7C2C0000 memory reserve | memory write watch Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\Screenpresso.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\Screenpresso.exe Window / User API: threadDelayed 1989 Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Window / User API: threadDelayed 6484 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\Screenpresso.exe TID: 6128 Thread sleep time: -29514790517935264s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe TID: 6128 Thread sleep time: -35000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\Desktop\Screenpresso.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\Screenpresso.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Process information queried: ProcessInformation Jump to behavior
Enables debug privileges
Source: C:\Users\user\Desktop\Screenpresso.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Screenpresso.exe Queries volume information: C:\Users\user\Desktop\Screenpresso.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Screenpresso.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1531355 Sample: Screenpresso.exe Startdate: 11/10/2024 Architecture: WINDOWS Score: 2 4 Screenpresso.exe 38 2->4         started       
No contacted IP infos