IOC Report
https://download.techsmith.com/camtasiastudio/releases/camtasia.exe

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\Desktop\cmdline.out
ASCII text, with CRLF line terminators
modified
C:\Users\user\Desktop\download\camtasia.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1028\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1029\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1030\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1031\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1032\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1035\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1036\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1038\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1040\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1041\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1042\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1043\mbapreq.wxl
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1044\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1045\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1046\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1049\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1051\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1053\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1055\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1060\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\2052\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\2070\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\3082\mbapreq.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.de-DE.wxl
XML 1.0 document, Unicode text, UTF-8 text, with very long lines (336), with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.en-US.wxl
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (302), with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.es-ES.wxl
XML 1.0 document, Unicode text, UTF-8 text, with very long lines (312), with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.fr-FR.wxl
XML 1.0 document, Unicode text, UTF-8 text, with very long lines (348), with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.ja-JP.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.pt-BR.wxl
XML 1.0 document, Unicode text, UTF-8 text, with very long lines (318), with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.zh-CN.wxl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperApplicationData.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (573), with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.config
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\CamtasiaBootstrapperApplication.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\EditionConstants.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Deployment.WindowsInstaller.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Expression.Interactions.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\System.Windows.Interactivity.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\TechSmith.Win32.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonControls.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonViewModel.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\de-DE\CamtasiaBootstrapperApplication.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\es-ES\CamtasiaBootstrapperApplication.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\fr-FR\CamtasiaBootstrapperApplication.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\ja-JP\CamtasiaBootstrapperApplication.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbahost.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.png
PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.thm
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.wxl
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\pt-BR\CamtasiaBootstrapperApplication.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\zh-CN\CamtasiaBootstrapperApplication.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
There are 46 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" > cmdline.out 2>&1