Windows Analysis Report
Healthmark Scope Viewer - Local Mode 05252021 (1).msi

Overview

General Information

Sample name:	Healthmark Scope Viewer - Local Mode 05252021 (1).msi
Analysis ID:	1545723
MD5:	5fd9400c920567663328d5a133156d44
SHA1:	e59c361e6a21f593bc48e286bc866e6d2d26fe06
SHA256:	07ef5c2b2d7fc4d556e8a0a5be13537908a7ce49dee1f48f4fff695ac72c27e5
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Checks for available system drives (often done to infect USB drives)

Drops PE files

Found dropped PE file which has not been started or loaded

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Classification

Signatures

Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbi source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: http://s.symcd.com06
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: http://t2.symcb.com0
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: http://tl.symcb.com/tl.crl0
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: http://tl.symcb.com/tl.crt0
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: http://tl.symcd.com0&
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: https://www.advancedinstaller.com
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: https://www.thawte.com/cps0/
Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr	String found in binary or memory: https://www.thawte.com/repository0W

Sample file is different than original file name gathered from version info

Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi

Binary or memory string: OriginalFilenameAICustAct.dllF vs Healthmark Scope Viewer - Local Mode 05252021 (1).msi

Source: classification engine

Classification label: clean2.winMSI@4/5@0/0

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user~1\AppData\Local\Temp\MSI6C1C.tmp

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Healthmark Scope Viewer - Local Mode 05252021 (1).msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding AEEDF54BDF0194DBE73191312315C287 C
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding AEEDF54BDF0194DBE73191312315C287 C	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior

Source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi

Static file information: File size 33198080 > 1048576

Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbi source: Healthmark Scope Viewer - Local Mode 05252021 (1).msi, MSI6CAA.tmp.0.dr, MSI6C1C.tmp.0.dr, MSI6CDB.tmp.0.dr, MSI6D68.tmp.0.dr, MSI6CBA.tmp.0.dr

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI6CDB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI6CBA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI6CAA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI6C1C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI6D68.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI6CDB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI6CBA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI6CAA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI6C1C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI6D68.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1545723
Product:	CloudBasic
Start time:	21:54:52
Start date:	30.10.2024
Sample:	Healthmark Scope Viewer - Local Mode 05252021 (1).msi
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	5fd9400c920567663328d5a133156d44
SHA1:	e59c361e6a21f593bc48e286bc866e6d2d26fe06
SHA256:	07ef5c2b2d7fc4d556e8a0a5be13537908a7ce49dee1f48f4fff695ac72c27e5
Filetype:	Windows SDK Setup Transform Script (63028/2) 47.91%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\MSI6C1C.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D90AB57E6C584F90FBBEA74B566216E3	4616E59AED33848F5870E5E1FE865F932721A162	44FFC4959BE0DDB18B02D59C75E78E3E721992E362A2F90CAE19ADB3271886B9
C:\Users\user\AppData\Local\Temp\MSI6CAA.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D90AB57E6C584F90FBBEA74B566216E3	4616E59AED33848F5870E5E1FE865F932721A162	44FFC4959BE0DDB18B02D59C75E78E3E721992E362A2F90CAE19ADB3271886B9
C:\Users\user\AppData\Local\Temp\MSI6CBA.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D90AB57E6C584F90FBBEA74B566216E3	4616E59AED33848F5870E5E1FE865F932721A162	44FFC4959BE0DDB18B02D59C75E78E3E721992E362A2F90CAE19ADB3271886B9
C:\Users\user\AppData\Local\Temp\MSI6CDB.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D90AB57E6C584F90FBBEA74B566216E3	4616E59AED33848F5870E5E1FE865F932721A162	44FFC4959BE0DDB18B02D59C75E78E3E721992E362A2F90CAE19ADB3271886B9
C:\Users\user\AppData\Local\Temp\MSI6D68.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D90AB57E6C584F90FBBEA74B566216E3	4616E59AED33848F5870E5E1FE865F932721A162	44FFC4959BE0DDB18B02D59C75E78E3E721992E362A2F90CAE19ADB3271886B9

Windows Analysis Report
Healthmark Scope Viewer - Local Mode 05252021 (1).msi

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report Healthmark Scope Viewer - Local Mode 05252021 (1).msi

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
Healthmark Scope Viewer - Local Mode 05252021 (1).msi