Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://download.techsmith.com/camtasiastudio/releases/camtasia.exe

Overview

General Information

Sample URL:https://download.techsmith.com/camtasiastudio/releases/camtasia.exe
Analysis ID:753409
Infos:

Detection

Score:30
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

.NET source code references suspicious native API functions
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Found dropped PE file which has not been started or loaded
Uses the system / local time for branch decision (may execute only at specific dates)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Abnormal high CPU Usage
Is looking for software installed on the system
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 3868 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 1504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wget.exe (PID: 2692 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • camtasia.exe (PID: 2600 cmdline: C:\Users\user\Desktop\download\camtasia.exe MD5: 0C60C5F487C288CF2C6B09FE7E4A7D77)
    • camtasia.exe (PID: 1172 cmdline: "C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe" -burn.clean.room="C:\Users\user\Desktop\download\camtasia.exe" -burn.filehandle.attached=180 -burn.filehandle.self=624 MD5: FD85D1BD644ED79F10801C69ECBF27B1)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011A9F8F DecryptFileW,
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008D9F8F DecryptFileW,
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008FF340 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,
Source: Binary string: d:\BuildAgent2\work\332abf23d6adde7e\WPFCommonControls\obj\Release\WPFCommonControls.pdbx source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.dr
Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: camtasia.exe, 00000006.00000002.758526854.0000000005E72000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: d:\BuildAgent2\work\332abf23d6adde7e\WPFCommonControls\obj\Release\WPFCommonControls.pdb source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.dr
Source: Binary string: d:\BuildAgent\work\e5c4efd8f9fde200\WPFCommonViewModel\obj\Release\WPFCommonViewModel.pdb source: camtasia.exe, 00000006.00000002.756599449.0000000005852000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: E:\DTLTMP160133615\work\b8074b7c5534a0bd\EditionConstants\obj\Release\EditionConstants.pdb source: camtasia.exe, 00000006.00000002.756548919.00000000057D2000.00000002.00000001.01000000.0000000B.sdmp, EditionConstants.dll.6.dr
Source: Binary string: d:\BuildAgent\work\e5c4efd8f9fde200\WPFCommonViewModel\obj\Release\WPFCommonViewModel.pdbd5~5 p5_CorDllMainmscoree.dll source: camtasia.exe, 00000006.00000002.756599449.0000000005852000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\mbahost.pdb source: camtasia.exe, 00000006.00000002.764310520.000000006FF34000.00000002.00000001.01000000.00000006.sdmp, mbahost.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: Microsoft.Deployment.WindowsInstaller.dll.6.dr
Source: Binary string: E:\DTLTMP160133615\work\b8074b7c5534a0bd\setup\WIX\CamtasiaBootstrapperApplication\obj\Release\CamtasiaBootstrapperApplication.pdb source: camtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\burn.pdb source: camtasia.exe, 00000005.00000000.489737589.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000006.00000000.490838479.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe, 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\core\BootstrapperCore.pdb source: camtasia.exe, camtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: Microsoft.Deployment.WindowsInstaller.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\WixStdBA.pdb source: mbapreq.dll.6.dr
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_01193D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011D3C72 FindFirstFileW,FindClose,
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_00903C72 FindFirstFileW,FindClose,
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008C3D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,
Source: CamtasiaBootstrapperApplication.resources.dll0.6.drString found in binary or memory: \pard\widctlpar\sa160\sl252\slmult1\cf0\b0\fs22 Das Teilen von Inhalten auf YouTube unterliegt den Nutzungsbedingungen von YouTube {{\field{\*\fldinst{HYPERLINK https://www.youtube.com/t/terms }}{\fldrslt{https://www.youtube.com/t/terms\ul0\cf0}}}}\f0\fs22 . Weitere Informationen zum Datenschutz auf YouTube finden Sie unter {{\field{\*\fldinst{HYPERLINK https://policies.google.com/privacy?hl=de }}{\fldrslt{https://policies.google.com/privacy?hl=de\ul0\cf0}}}}\f0\fs22 und Ihre Sicherheitseinstellungen finden Sie unter {{\field{\*\fldinst{HYPERLINK https://security.google.com/settings/security/permissions }}{\fldrslt{https://security.google.com/settings/security/permissions\ul0\cf0}}}}\f0\fs22 \par equals www.youtube.com (Youtube)
Source: CamtasiaBootstrapperApplication.resources.dll4.6.drString found in binary or memory: \pard\widctlpar\sa160\sl252\slmult1\cf0\b0\fs22 O compartilhamento de conte\'fado no YouTube est\'e1 sujeito aos Termos de Servi\'e7os do YouTube {{\field{\*\fldinst{HYPERLINK https://www.youtube.com/t/terms }}{\fldrslt{https://www.youtube.com/t/terms\ul0\cf0}}}}\f0\fs22 . Voc\'ea pode saber mais sobre a pol\'edtica de privacidade do YouTube acessando {{\field{\*\fldinst{HYPERLINK https://policies.google.com/privacy?hl=pt-BR }}{\fldrslt{https://policies.google.com/privacy?hl=pt-BR\ul0\cf0}}}}\f0\fs22 e pode revisar as suas configura\'e7\'f5es de seguran\'e7a em {{\field{\*\fldinst{HYPERLINK https://security.google.com/settings/security/permissions }}{\fldrslt{https://security.google.com/settings/security/permissions\ul0\cf0}}}}\f0\fs22 \par equals www.youtube.com (Youtube)
Source: camtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: \pard\widctlpar\sa160\sl252\slmult1\cf0\b0\fs22 Sharing Content to YouTube is subject to the YouTube Terms Of Services {{\field{\*\fldinst{HYPERLINK https://www.youtube.com/t/terms }}{\fldrslt{https://www.youtube.com/t/terms\ul0\cf0}}}}\f0\fs22 . You can learn more about YouTube\rquote s privacy policy by visiting {{\field{\*\fldinst{HYPERLINK https://policies.google.com/privacy }}{\fldrslt{https://policies.google.com/privacy\ul0\cf0}}}}\f0\fs22 and you can review your security settings by visiting {{\field{\*\fldinst{HYPERLINK https://security.google.com/settings/security/permissions }}{\fldrslt{https://security.google.com/settings/security/permissions\ul0\cf0}}}}\f0\fs22 \par equals www.youtube.com (Youtube)
Source: CamtasiaBootstrapperApplication.resources.dll.6.drString found in binary or memory: \pard\widctlpar\sa160\sl252\slmult1\cf0\b0\fs22 YouTube \f2\'82\'c5\'82\'cc\'83\'52\'83\'93\'83\'65\'83\'93\'83\'63\'82\'cc\'8b\'a4\'97\'4c\'82\'c9\'82\'cd\'81\'41\f0 YouTube \f2\'82\'cc\'97\'98\'97\'70\'8b\'4b\'96\'f1\f0 ({{\field{\*\fldinst{HYPERLINK https://www.youtube.com/t/terms }}{\fldrslt{https://www.youtube.com/t/terms\ul0\cf0}}}}\f0\fs22 ) \f2\'82\'aa\'93\'4b\'97\'70\'82\'b3\'82\'ea\'82\'dc\'82\'b7\'81\'42\f0 YouTube \f2\'82\'cc\'83\'76\'83\'89\'83\'43\'83\'6f\'83\'56\'81\'5b\f0 \f2\'83\'7c\'83\'8a\'83\'56\'81\'5b\'82\'cc\'8f\'da\'8d\'d7\'82\'c9\'82\'c2\'82\'a2\'82\'c4\'82\'cd\'81\'41{\f0{\field{\*\fldinst{HYPERLINK https://policies.google.com/privacy?hl=ja }}{\fldrslt{https://policies.google.com/privacy?hl=ja\ul0\cf0}}}}\f0\fs22 \f2\'82\'f0\'8e\'51\'8f\'c6\'82\'b5\'82\'c4\'82\'ad\'82\'be\'82\'b3\'82\'a2\'81\'42\'83\'86\'81\'5b\'83\'55\'81\'5b\'82\'cc\'83\'5a\'83\'4c\'83\'85\'83\'8a\'83\'65\'83\'42\'90\'dd\'92\'e8\'82\'cd\'81\'41{\f0{\field{\*\fldinst{HYPERLINK https://security.google.com/settings/security/permissions }}{\fldrslt{https://security.google.com/settings/security/permissions\ul0\cf0}}}}\f0\fs22 \f2\'82\'c5\'8a\'6d\'94\'46\'82\'c5\'82\'ab\'82\'dc\'82\'b7\'81\'42\f0 \par equals www.youtube.com (Youtube)
Source: camtasia.exeString found in binary or memory: http://appsyndication.org/2006/appsyn
Source: camtasia.exe, 00000005.00000000.489737589.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000006.00000000.490838479.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe, 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://appsyndication.org/2006/appsynapplicationc:
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: wget.exe, 00000002.00000002.477700107.0000000000B7C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477438169.0000000000B7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000002.477700107.0000000000B7C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477857273.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477438169.0000000000B7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000002.00000002.477700107.0000000000B7C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477438169.0000000000B7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crlm
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754926608.0000000003608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/Fonts/proximanova-regular.otf
Source: camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/Fonts/proximanova-semibold.otf
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/Images/MarketingAnimation/cursor.p
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/ResourceDictionary.xaml
Source: camtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/usercontrols/featuresusercontrol.x
Source: camtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/windows/selectlanguagedialog.xaml
Source: camtasia.exe, 00000006.00000002.754926608.0000000003608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Fonts/proximanova-regular.otf
Source: camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Fonts/proximanova-semibold.otf
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Images/MarketingAnimation/camtasia2.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Images/MarketingAnimation/cursor.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Images/MarketingAnimation/desktop2.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Images/MarketingAnimation/desktop3.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Images/MarketingAnimation/desktop6.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Images/MarketingAnimation/share-menu.png
Source: camtasia.exe, 00000006.00000002.754926608.0000000003608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/proximanova-regular.otf
Source: camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/proximanova-semibold.otf
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/camtasia1.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/camtasia2.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/cursor.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/desktop2.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/desktop3.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/desktop6.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/share-menu.png
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/install%20states/changeusercontrol.baml
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/install%20states/csisrunningusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/install%20states/errormessageusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmp