analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Autodesk License Patcher Installer.exe

Full analysis: https://app.any.run/tasks/023ba752-e53e-4e0c-9f95-4623489597d4
Verdict: Malicious activity
Analysis date: March 26, 2023, 03:37:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

A5203927A840CD75BD807BC80A5F5C64

SHA1:

B1C91369066608F4B97D82B677EBBB517F1DEF65

SHA256:

DCA748FD092CAE601888CAD7CAEB986A79853EAD5471DE96689E1C54AE9CB6E1

SSDEEP:

24576:Lrr/9w9JpeSkiOMs25mI2rDc30x5tUewSFYndCfeI+GajylnGhj9EirjI:LH2LUSkOp50zxbUJndWeMln8Frc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Starts NET.EXE for service management

      • net.exe (PID: 3504)
      • cmd.exe (PID: 1596)
      • net.exe (PID: 2912)
      • cmd.exe (PID: 1788)
      • net.exe (PID: 3888)
      • net.exe (PID: 1876)

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 1596)

  • SUSPICIOUS

    • Reads the Internet Settings

      • Autodesk License Patcher Installer.exe (PID: 2572)
      • WMIC.exe (PID: 1208)
      • WMIC.exe (PID: 3296)
      • wscript.exe (PID: 3580)

    • Starts application with an unusual extension

      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 1596)
      • cmd.exe (PID: 1788)

    • Executing commands from a ".bat" file

      • Autodesk License Patcher Installer.exe (PID: 2572)
      • cmd.exe (PID: 3156)
      • wscript.exe (PID: 3580)

    • Executable content was dropped or overwritten

      • Autodesk License Patcher Installer.exe (PID: 2572)
      • xcopy.exe (PID: 2420)
      • xcopy.exe (PID: 2404)
      • xcopy.exe (PID: 3004)

    • Starts CMD.EXE for commands execution

      • Autodesk License Patcher Installer.exe (PID: 2572)
      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 1596)
      • wscript.exe (PID: 3580)

    • Application launched itself

      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 1596)

    • Uses REG/REGEDIT.EXE to modify register

      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 1596)
      • cmd.exe (PID: 1788)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 1596)
      • cmd.exe (PID: 1788)

    • Runs PING.EXE to delay simulation

      • cmd.exe (PID: 1596)
      • cmd.exe (PID: 1788)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 1596)
      • cmd.exe (PID: 1788)

    • Uses WMIC.EXE

      • cmd.exe (PID: 3160)
      • cmd.exe (PID: 2960)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • cmd.exe (PID: 1596)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 1596)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • cmd.exe (PID: 1596)

    • The process executes VB scripts

      • cmd.exe (PID: 1596)

  • INFO

    • Checks supported languages

      • Autodesk License Patcher Installer.exe (PID: 2572)
      • chcp.com (PID: 3288)
      • mode.com (PID: 3316)
      • chcp.com (PID: 2792)
      • mode.com (PID: 2844)
      • chcp.com (PID: 2220)
      • mode.com (PID: 2180)

    • The process checks LSA protection

      • Autodesk License Patcher Installer.exe (PID: 2572)
      • cmd.exe (PID: 3156)
      • taskkill.exe (PID: 3604)
      • taskkill.exe (PID: 1540)
      • taskkill.exe (PID: 3212)
      • taskkill.exe (PID: 2844)
      • taskkill.exe (PID: 3440)
      • taskkill.exe (PID: 556)
      • taskkill.exe (PID: 2472)
      • taskkill.exe (PID: 3600)
      • msiexec.exe (PID: 908)
      • taskkill.exe (PID: 2036)
      • msiexec.exe (PID: 3864)
      • powershell.exe (PID: 3860)
      • WMIC.exe (PID: 1208)
      • netsh.exe (PID: 3448)
      • powershell.exe (PID: 556)
      • netsh.exe (PID: 2300)
      • WMIC.exe (PID: 3296)
      • netsh.exe (PID: 2588)
      • netsh.exe (PID: 2420)
      • netsh.exe (PID: 2828)
      • netsh.exe (PID: 2080)
      • netsh.exe (PID: 1488)
      • netsh.exe (PID: 1864)
      • netsh.exe (PID: 2984)
      • netsh.exe (PID: 1012)
      • netsh.exe (PID: 3632)
      • netsh.exe (PID: 2696)
      • taskkill.exe (PID: 312)
      • taskkill.exe (PID: 2624)
      • taskkill.exe (PID: 3212)
      • taskkill.exe (PID: 2868)
      • powershell.exe (PID: 3348)
      • taskkill.exe (PID: 4084)
      • taskkill.exe (PID: 3364)
      • explorer.exe (PID: 3272)
      • taskkill.exe (PID: 3704)
      • taskkill.exe (PID: 3812)
      • taskkill.exe (PID: 1660)

    • Reads the computer name

      • Autodesk License Patcher Installer.exe (PID: 2572)

    • Create files in a temporary directory

      • cmd.exe (PID: 3156)
      • powershell.exe (PID: 3860)
      • powershell.exe (PID: 556)
      • powershell.exe (PID: 3348)

    • [YARA] Firewall manipulation strings were found

      • cmd.exe (PID: 1596)

    • Reads security settings of Internet Explorer

      • powershell.exe (PID: 3860)
      • powershell.exe (PID: 556)
      • powershell.exe (PID: 3348)

    • Manual execution by a user

      • explorer.exe (PID: 3272)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:12:31 00:38:38+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 57344
InitializedDataSize: 176128
UninitializedDataSize: 258048
EntryPoint: 0x4cf60
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Russian
CharacterSet: Unicode
CompanyName: -
FileDescription: -
LegalCopyright: -
LegalTrademarks: -
InternalName: -
ProductName: -
OriginalFileName: -
FileVersion: -
ProductVersion: -
Comments: -
PrivateBuild: -
SpecialBuild: -

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 31-Dec-2012 00:38:38
Detected languages:
  • English - United States
  • Russian - Russia
CompanyName: -
FileDescription: -
LegalCopyright: -
LegalTrademarks: -
InternalName: -
ProductName: -
OriginalFilename: -
FileVersion: -
ProductVersion: -
Comments: -
PrivateBuild: -
SpecialBuild: -

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0060
Pages in file: 0x0001
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000060

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 3
Time date stamp: 31-Dec-2012 00:38:38
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
UPX0
0x00001000
0x0003F000
0x00000000
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
UPX1
0x00040000
0x0000E000
0x0000DC00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.97814
.rsrc
0x0004E000
0x0002B000
0x0002A200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
3.32227

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.23138
838
Latin 1 / Western European
English - United States
RT_MANIFEST
2
0
744
Latin 1 / Western European
Russian - Russia
RT_ICON
3
1.83036
488
Latin 1 / Western European
Russian - Russia
RT_ICON
4
2.2763
296
Latin 1 / Western European
Russian - Russia
RT_ICON
50
7.90594
7553
Latin 1 / Western European
Russian - Russia
RT_ICON
51
2.54785
67624
Latin 1 / Western European
Russian - Russia
RT_ICON
52
2.87378
38056
Latin 1 / Western European
Russian - Russia
RT_ICON
53
2.86285
21640
Latin 1 / Western European
Russian - Russia
RT_ICON
54
2.77144
16936
Latin 1 / Western European
Russian - Russia
RT_ICON
55
3.12417
9640
Latin 1 / Western European
Russian - Russia
RT_ICON

Imports

ADVAPI32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.DLL
MSVCRT.dll
OLEAUT32.dll
SHELL32.dll
USER32.dll
ole32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
135
Monitored processes
90
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start autodesk license patcher installer.exe cmd.exe no specs chcp.com no specs mode.com no specs reg.exe no specs fltmc.exe no specs cmd.exe chcp.com no specs mode.com no specs reg.exe no specs fltmc.exe no specs ping.exe no specs ping.exe no specs net.exe no specs net1.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs msiexec.exe no specs msiexec.exe no specs ping.exe no specs xcopy.exe xcopy.exe xcopy.exe no specs xcopy.exe no specs xcopy.exe no specs xcopy.exe ping.exe no specs reg.exe no specs reg.exe no specs powershell.exe no specs cmd.exe no specs hostname.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs powershell.exe no specs ping.exe no specs sc.exe no specs schtasks.exe no specs schtasks.exe no specs ping.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs ping.exe no specs net.exe no specs net1.exe no specs ping.exe no specs wscript.exe no specs cmd.exe no specs ping.exe no specs chcp.com no specs mode.com no specs reg.exe no specs fltmc.exe no specs ping.exe no specs reg.exe no specs reg.exe no specs powershell.exe no specs net.exe no specs net1.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs net.exe no specs net1.exe no specs explorer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2572"C:\Users\admin\AppData\Local\Temp\Autodesk License Patcher Installer.exe" C:\Users\admin\AppData\Local\Temp\Autodesk License Patcher Installer.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\autodesk license patcher installer.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\usp10.dll
3156C:\Windows\system32\cmd.exe /c ""C:\AutodeskLicensePatcherInstaller\AutodeskLicensePatcherInstaller.bat" "C:\Windows\System32\cmd.exeAutodesk License Patcher Installer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
3288chcp 1254 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ulib.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3316mode con: cols=70 lines=15 C:\Windows\System32\mode.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
DOS Device MODE Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\mode.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3384reg add hkcu\software\classes\.Admin\shell\runas\command /f /ve /d "cmd /x /d /r set \"f0=%2\" &call \"%2\" %3" C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3492fltmc C:\Windows\System32\fltMC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Filter Manager Control Program
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\fltmc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\fltlib.dll
1596"cmd.exe" /x /d /r set "f0=C:\AutodeskLicensePatcherInstaller\AutodeskLicensePatcherInstaller.bat" &call "C:\AutodeskLicensePatcherInstaller\AutodeskLicensePatcherInstaller.bat" C:\Windows\System32\cmd.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2792chcp 1254 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Change CodePage Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2844mode con: cols=70 lines=15 C:\Windows\System32\mode.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
DOS Device MODE Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\mode.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2180reg add hkcu\software\classes\.Admin\shell\runas\command /f /ve /d "cmd /x /d /r set \"f0=%2\" &call \"%2\" %3" C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
23 752
Read events
22 610
Write events
1 142
Delete events
0

Modification events

(PID) Process:(2572) Autodesk License Patcher Installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2572) Autodesk License Patcher Installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2572) Autodesk License Patcher Installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2572) Autodesk License Patcher Installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3536) reg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Operation:writeName:RegisteredOwner
Value:
admin
(PID) Process:(2588) netsh.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2300) netsh.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3448) netsh.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2828) netsh.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2420) netsh.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
12
Suspicious files
12
Text files
16
Unknown types
2

Dropped files

PID
Process
Filename
Type
2420xcopy.exeC:\Autodesk Shared\Network License Manager\adskflex.exeexecutable
MD5:C00B8B7B1C084718EC5D63A53AEFB1EB
SHA256:05B24756D46CE216C84878DDDC97EF9E2EEB6ECA8EC12C97E780C4D0EEF63731
2572Autodesk License Patcher Installer.exeC:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\lmgrd.exeexecutable
MD5:219F8CEBEF26F1373062357B2F4A8489
SHA256:CF025ECFB3556E334DDE501B95485998DE9E1B6A06CCBD56FFA1345D6B5A3973
2572Autodesk License Patcher Installer.exeC:\AutodeskLicensePatcherInstaller\Files\Service\Service.battext
MD5:D0D4F5CD24C63A74C68A03B2B3A8786D
SHA256:62B915D1E0E26F72700C519534F181AC9728FFF9252D21298667FB85ECC3B702
2572Autodesk License Patcher Installer.exeC:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\License.lictext
MD5:4D062EA9E3D37E764E986913DB4CAAA2
SHA256:72C545208818C062C13A3423771AD1453C8D07659E516632E4596E4DDBE093DE
2448xcopy.exeC:\Autodesk Shared\Network License Manager\License.lictext
MD5:4D062EA9E3D37E764E986913DB4CAAA2
SHA256:72C545208818C062C13A3423771AD1453C8D07659E516632E4596E4DDBE093DE
2572Autodesk License Patcher Installer.exeC:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\adskflex.exeexecutable
MD5:C00B8B7B1C084718EC5D63A53AEFB1EB
SHA256:05B24756D46CE216C84878DDDC97EF9E2EEB6ECA8EC12C97E780C4D0EEF63731
2572Autodesk License Patcher Installer.exeC:\AutodeskLicensePatcherInstaller\AutodeskLicensePatcherInstaller.battext
MD5:8C6A12F0931B1C1BEBDFFD415406523A
SHA256:70C6544BFBDE92D697CF76543104EAF42629B7823B29AC759BEF670F89BE4E82
2572Autodesk License Patcher Installer.exeC:\AutodeskLicensePatcherInstaller\Files\PatchedFiles\version.dllexecutable
MD5:51F0E19B4CF164ECBA9A006C4CF3B2A5
SHA256:6F13E52D797A732435C8BB456BE08C64D0B6FADEA29F85486F4B44559D6CC95F
3860powershell.exeC:\Users\admin\AppData\Local\Temp\hkftx02v.4lr.psm1binary
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
3860powershell.exeC:\Users\admin\AppData\Local\Temp\rrzto0nl.xsp.ps1binary
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Autodesk License Patcher Installer.exe