Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Healthmark Scope Viewer - Local Mode 05252021 (1).msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {85B3BCB7-C030-41D6-8614-BD53246D8417}, Number of Words: 2, Subject: Healthmark Scope Viewer, Author:
Healthmark, Name of Creating Application: Advanced Installer 17.7 build 8a137570, Template: ;1033, Comments: This installer
database contains the logic and data required to install Healthmark Scope Viewer., Title: Installation Database, Keywords:
Installer, MSI, Database, Number of Pages: 200
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\MSI6C1C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI6CAA.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI6CBA.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI6CDB.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\MSI6D68.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Healthmark Scope Viewer - Local Mode 05252021 (1).msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding AEEDF54BDF0194DBE73191312315C287 C
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.advancedinstaller.com
|
unknown
|
||
|
https://www.thawte.com/cps0/
|
unknown
|
||
|
https://www.thawte.com/repository0W
|
unknown
|