Autodesk License Patcher Uninstaller.exe Trojan Sabsik Analysis
The Sabsik virus is capable of downloading additional malware onto your computer, which can encrypt your files and demand a ransom payment for their restoration. This virus is one of the ransomware variants, making it particularly dangerous for your data security.
File | Autodesk License Patcher Uninstaller.exe |
Checked | 2024-03-21 19:56:35 |
MD5 | 19270c13d79f77736325540049ad7a5d |
SHA1 | 4367b9e4c9547d57e130b05ac0fad69932d07bbf |
SHA256 | add2e70537e0a974817ce1038c1ec8b0384467ff6f2360622fee51d058283827 |
SHA512 | cd9afca74283355845989ea844a919a483de896bb3914cb89a644707ff8fc821e85d369c80190fcb34fa90dce02b86e98a2ec2615c1b9d20c984ae144abe678e |
Imphash | c1f9ea6d51ba4934aeaee8b1f7d283d7 |
File Size | 231645 bytes |
Ransom.Win32.Sabsik.oa!s2 Removal
Gridinsoft has the capability to identify and eliminate Ransom.Win32.Sabsik.oa!s2 without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the «Standard Scan» button.
- After the scanning process is finished, click on «Clean Now» to remove any detected threats.
- If prompted, restart your system to complete the removal process.
File Version Information
CompanyName | |
FileDescription | |
LegalCopyright | |
LegalTrademarks | |
InternalName | |
ProductName | |
OriginalFilename | |
FileVersion | |
ProductVersion | |
Comments | |
PrivateBuild | |
SpecialBuild | |
Translation | 0x0419 0x04b0 |
Autodesk AutoCAD v2024
A way to uninstall Autodesk AutoCAD v2024 from your PC
You can find on this page detailed information on how to remove Autodesk AutoCAD v2024 for Windows. The Windows version was created by Autodesk AutoCAD v2024 . Go over here for more info on Autodesk AutoCAD v2024. The program is often installed in the C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024 folder (same installation drive as Windows). MsiExec.exe /X is the full command line if you want to remove Autodesk AutoCAD v2024. Autodesk License Patcher Installer.exe is the programs’s main file and it takes approximately 1.23 MB (1293316 bytes) on disk.
Autodesk AutoCAD v2024 installs the following the executables on your PC, occupying about 903.57 MB ( 947459711 bytes) on disk.
- Setup.exe (10.64 MB)
- dotNetFx48LP_Full_x86_x64_1028.exe (5.46 MB)
- dotNetFx48LP_Full_x86_x64_1029.exe (5.60 MB)
- dotNetFx48LP_Full_x86_x64_1031.exe (5.61 MB)
- dotNetFx48LP_Full_x86_x64_1036.exe (5.57 MB)
- dotNetFx48LP_Full_x86_x64_1038.exe (5.64 MB)
- dotNetFx48LP_Full_x86_x64_1040.exe (5.54 MB)
- dotNetFx48LP_Full_x86_x64_1041.exe (5.53 MB)
- dotNetFx48LP_Full_x86_x64_1042.exe (5.48 MB)
- dotNetFx48LP_Full_x86_x64_1045.exe (5.62 MB)
- dotNetFx48LP_Full_x86_x64_1046.exe (5.56 MB)
- dotNetFx48LP_Full_x86_x64_1049.exe (5.68 MB)
- dotNetFx48LP_Full_x86_x64_2052.exe (5.49 MB)
- dotNetFx48LP_Full_x86_x64_2070.exe (5.56 MB)
- dotNetFx48LP_Full_x86_x64_3082.exe (5.55 MB)
- dotNetFx48_Full_x86_x64.exe (111.94 MB)
- aspnetcore-runtime-6.0.8-win-x64.exe (8.51 MB)
- windowsdesktop-runtime-6.0.8-win-x64.exe (55.23 MB)
- vcredist_x64.exe (6.85 MB)
- vcredist_x64.exe (24.29 MB)
- MicrosoftEdgeWebView2RuntimeInstallerX64.exe (123.66 MB)
- vcredist_x86.exe (6.25 MB)
- vcredist_x86.exe (13.19 MB)
- acad.exe (5.30 MB)
- Autodesk License Patcher Installer.exe (1.23 MB)
- Autodesk License Patcher Uninstaller.exe (226.22 KB)
- Bloatware CleanUp.exe (227.47 KB)
- Internet Connection.exe (225.49 KB)
- adskflex.exe (2.43 MB)
- AdODIS-installer.exe (308.02 MB)
- DownloadManager.exe (5.88 MB)
- senddmp.exe (569.28 KB)
- AcNGEN.exe (489.78 KB)
- AdskIdentityManager-Installer.exe (62.90 MB)
- AcInstCfg.exe (918.28 KB)
- AdskLicensing-installer.exe (76.76 MB)
This web page is about Autodesk AutoCAD v2024 version 1.0.0 only. When planning to uninstall Autodesk AutoCAD v2024 you should check if the following data is left behind on your PC.
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024
- C:\Users\%user%\AppData\Local\Autodesk\AutoCAD 2017
- C:\Users\%user%\AppData\Local\Autodesk\AutoCAD 2018
- C:\Users\%user%\AppData\Local\Autodesk\AutoCAD 2024
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\cmp.json
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48_Full_x86_x64.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_1028.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_1029.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_1031.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_1036.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_1038.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_1040.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_1041.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_1042.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_1045.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_1046.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_1049.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_2052.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_2070.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\dotNetFx48LP_Full_x86_x64_3082.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_1028.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_1029.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_1031.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_1036.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_1038.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_1040.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_1041.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_1042.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_1045.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_1046.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_1049.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_2052.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_2070.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\dotNetFramework\48\pkg.dotnet48_3082.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\aspNetCore\60\aspnetcore-runtime-6.0.8-win-x64.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\aspNetCore\60\cmp.json
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\aspNetCore\60\pkg.aspnet60x64.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\dotNet\60\cmp.json
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\dotNet\60\pkg.dotnet60.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\dotNet\60\windowsdesktop-runtime-6.0.8-win-x64.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\VCRedist\2012UPD4\cmp.json
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\VCRedist\2012UPD4\pkg.vcredist2012x64upd4.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\VCRedist\2012UPD4\vcredist_x64.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\VCRedist\2022\cmp.json
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\VCRedist\2022\pkg.vcredist2022x64.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\VCRedist\2022\vcredist_x64.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\WebView2\cmp.json
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\WebView2\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x64\WebView2\pkg.webview2.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x86\VCRedist\2012UPD4\cmp.json
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x86\VCRedist\2012UPD4\pkg.vcredist2012x86upd4.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x86\VCRedist\2012UPD4\vcredist_x86.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x86\VCRedist\2022\cmp.json
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x86\VCRedist\2022\pkg.vcredist2022x86.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\3rdParty\x86\VCRedist\2022\vcredist_x86.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Content\ADSKMaterials\CM\MaterialLibrary4.adix
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Content\ADSKMaterials\CM\MaterialLibrary4.admeta
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Content\ADSKMaterials\CM\pkg.MaterialLibrary4.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Content\ADSKMaterials\ILB\BaseImageLibrary4.adix
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Content\ADSKMaterials\ILB\BaseImageLibrary4.admeta
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Content\ADSKMaterials\ILB\pkg.BaseImageLibrary4.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\dlm.ini
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\manifest\app.acad.en-US.ui.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\manifest\app.acad.en-US.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Medicine\acad.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Medicine\Autodesk License Patcher Installer\Autodesk License Patcher Installer.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Medicine\Autodesk License Patcher Installer\Autodesk License Patcher Uninstaller.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Medicine\Autodesk License Patcher Installer\Bonus\Bloatware CleanUp.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Medicine\Autodesk License Patcher Installer\Bonus\Internet Connection.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Medicine\Autodesk License Patcher Installer\License.lic
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Medicine\Autodesk License Patcher Installer\ReadMe.txt
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Medicine\SSQ-MIX-XFORCE\adskflex.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Medicine\SSQ-MIX-XFORCE\install.txt
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Medicine\SSQ-MIX-XFORCE\License.lic
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Medicine\SSQ-MIX-XFORCE\netapi32.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\Medicine\SSQ-MIX-XFORCE\NLM.msi
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\AdODIS-installer.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\Autodesk_dialog_512x512.png
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\bootstrap.json
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\ca.cer
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\cer_core.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\cs-CZ\senddmp.resources.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\de-DE\senddmp.resources.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\en-US\senddmp.resources.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\es-ES\senddmp.resources.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\fr-FR\senddmp.resources.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\hu-HU\senddmp.resources.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\it-IT\senddmp.resources.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\ja-JP\senddmp.resources.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\ko-KR\senddmp.resources.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\libcrypto-1_1-x64.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\libssl-1_1-x64.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\Microsoft.Diagnostics.Runtime.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\msvcp140.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\pl-PL\senddmp.resources.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\pt-BR\senddmp.resources.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\pt-PT\senddmp.resources.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\ru-RU\senddmp.resources.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\senddmp.exe
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\UPI.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\upiconfig.xml
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\vcruntime140.dll
- C:\Program Files (x86)\Autodesk AutoCAD v2024\Autodesk AutoCAD v2024\ODIS\CER\vcruntime140_1.dll
- HKEY_CLASSES_ROOT\Autodesk.AutoCAD.JetDb32.CCSharpJetDbServer
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|AcCloudRender.dll
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|accoremgd.dll
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|AcCui.dll
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|acdbmgd.dll
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|AcLayer.dll
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|acmgd.dll
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|AcWindows.dll
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|AdUIMgd.dll
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|AdUiPalettes.dll
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|AdWindows.dll
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|Autodesk.AutoCAD.Interop.Common.dll
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|Autodesk.AutoCAD.Interop.dll
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|mfcmifc80.dll
- HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Autodesk|AutoCAD 2018|WorkflowMgd.dll
- HKEY_CURRENT_USER\Software\Autodesk\AutoCAD
- HKEY_LOCAL_MACHINE\Software\Autodesk AutoCAD v2024
- HKEY_LOCAL_MACHINE\Software\Autodesk\Updates\ AutoCAD 2017
- HKEY_LOCAL_MACHINE\Software\Autodesk\Updates\AutoCAD2018
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0733D412E6476884E8AA7596BE780D44
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\871F22E69385FF54A81580EA368208DB
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0733D412E6476884E8AA7596BE780D44\ProductName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\871F22E69385FF54A81580EA368208DB\ProductName
A way to erase Autodesk AutoCAD v2024 from your PC with the help of Advanced Uninstaller PRO
Autodesk AutoCAD v2024 is an application by Autodesk AutoCAD v2024. Frequently, computer users decide to erase this program. This can be efortful because deleting this by hand takes some experience regarding removing Windows programs manually. One of the best EASY manner to erase Autodesk AutoCAD v2024 is to use Advanced Uninstaller PRO. Here are some detailed instructions about how to do this:
1. If you don’t have Advanced Uninstaller PRO already installed on your PC, add it. This is good because Advanced Uninstaller PRO is the best uninstaller and all around utility to maximize the performance of your PC.
- visit Download Link
- download the setup by pressing the DOWNLOAD button
- install Advanced Uninstaller PRO
3. Press the General Tools category
4. Activate the Uninstall Programs tool
5. A list of the applications installed on your PC will appear
6. Scroll the list of applications until you locate Autodesk AutoCAD v2024 or simply activate the Search field and type in «Autodesk AutoCAD v2024». If it is installed on your PC the Autodesk AutoCAD v2024 app will be found very quickly. Notice that when you select Autodesk AutoCAD v2024 in the list of apps, some information regarding the program is made available to you:
- Star rating (in the lower left corner). The star rating tells you the opinion other users have regarding Autodesk AutoCAD v2024, from «Highly recommended» to «Very dangerous».
- Reviews by other users — Press the Read reviews button.
- Technical information regarding the program you wish to uninstall, by pressing the Properties button.
7. Press the Uninstall button. A window asking you to confirm will show up. accept the removal by clicking the Uninstall button. Advanced Uninstaller PRO will automatically remove Autodesk AutoCAD v2024.
8. After uninstalling Autodesk AutoCAD v2024, Advanced Uninstaller PRO will offer to run a cleanup. Click Next to proceed with the cleanup. All the items that belong Autodesk AutoCAD v2024 that have been left behind will be found and you will be asked if you want to delete them. By uninstalling Autodesk AutoCAD v2024 with Advanced Uninstaller PRO, you are assured that no Windows registry entries, files or folders are left behind on your system.
Your Windows PC will remain clean, speedy and ready to serve you properly.
Disclaimer
This page is not a piece of advice to remove Autodesk AutoCAD v2024 by Autodesk AutoCAD v2024 from your PC, we are not saying that Autodesk AutoCAD v2024 by Autodesk AutoCAD v2024 is not a good application. This page simply contains detailed info on how to remove Autodesk AutoCAD v2024 in case you want to. Here you can find registry and disk entries that other software left behind and Advanced Uninstaller PRO discovered and classified as «leftovers» on other users’ PCs.
2023-05-09 / Written by Andreea Kartman for Advanced Uninstaller PRO
[v2023.04.06] Autodesk License Patcher – Universal patcher for all Autodesk products on Windows
Autodesk License Patcher (based on the Autodesk NLM Crack made by Team MAGNITUDE ) is a patch tool that permanently activates Autodesk’s entire family of products by cracking Autodesk Network License Manager (NLM). It can activate all Autodesk 2020-2023 products locally, offline and permanently.
Google Search
Hot Tags
Recommend high-quality, practical, portable freeware, free game, free eBook, and more
M | T | W | T | F | S | S |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 |
Categories Tree
YAWEGO! – HQ WEBSITES
SoulCourier – HQ music discovery & share
SoleWe – Most worth watching Film/TV
You may have discovered that AppNee has hardly been updated in recent months, and the missing download links in many posts cannot be repaired. The reason is that our 2TB hard drive is physically dead (the data on it cannot be recovered with a normal recovery), and everything about our website is stored on it (the source code of website and software projects, especially all released and reserved versions of software – many of them are out of print, and you can’t find and download them anywhere except AppNee on the entire Internet).
In an effort to make up as much of the loss as possible, until recently we were able to revert updates to some smaller apps. Later, we will try to restore all software updates if possible, but we still can’t fix any older versions of software – because this data disaster is the worst in the past 10 years, there is any backup.
Since advertising revenue can no longer offset the expenditure of VPS and bandwidth, AppNee finally decided to block ad-block plugins since August; if the result is not as expected, we may manually block all users who are blocking AppNee’s ads according to the server log.
It’s a pity to do so, but this website has reached an unsustainable bottom line. If you can’t accept it, please switch to other similar websites that can be found everywhere on the Internet. In addition, to block appnee.com, you can use hosts or firewall.
If some download link is missing, and you do need it, just please send an email (along with post link and missing link) to remind us to reupload the missing file for you. And, give us some time to respond. |
If there is a password for an archive, it should be «appnee.com». |
Most of the reserved downloads (including the 32-bit version) can be requested to reupload via email. |
Autodesk license patcher uninstaller
This report is generated from a file or URL submitted to this webservice on May 10th 2022 20:26:27 (UTC)
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox v9.1.2 © Hybrid Analysis
- PCAP File (342KiB)
- HTML Report (1.3MiB)
- PDF Report (191KiB)
- JSON Report (3.9MiB)
- XML Report (4.2MiB)
- OpenIOC Report (57KiB)
- MISP (XML) Report (3.3KiB)
- MISP (JSON) Report (2.6KiB)
- Memory Dumps (750KiB)
Incident Response
Risk Assessment
Remote Access Reads terminal service related keys (often RDP related) Persistence Modifies firewall settings
Schedules a task to be executed at a specific time and date
Spawns a lot of processes Fingerprint Queries sensitive IE security settings
Reads the active computer name
Reads the windows installation language Evasive Checks network status using ping
MITRE ATT&CK™ Techniques Detection
This report has 27 indicators that were mapped to 21 attack techniques and 8 tactics. View all details
MITRE ATT&CK™ Techniques Detection
- Execution
- Loads the task scheduler COM API
- Execution
- Runs shell commands
- Persistence
- Execution
- Privilege Escalation
- Schedules a task to be executed at a specific time and date
- Execution
- Drops or executes a batch file
- Persistence
- Execution
- Privilege Escalation
- Schedules a task to be executed at a specific time and date
- Privilege Escalation
- Defense Evasion
- Writes data to a remote process
- Persistence
- Execution
- Privilege Escalation
- Schedules a task to be executed at a specific time and date
- Privilege Escalation
- Defense Evasion
- Allocates virtual memory in a remote process
- Defense Evasion
- PE file is packed with UPX
- 2 confidential indicators
- Matched Compiler/Packer signature
- Defense Evasion
- Uses REG.EXE to add/load/import registry data
- Modifies proxy settings
- Creates or modifies windows services
- Defense Evasion
- Modifies firewall settings
- Defense Evasion
- Tries to disable/delete scheduled tasks
- Privilege Escalation
- Defense Evasion
- Writes data to a remote process
- Defense Evasion
- Drops a batch file that contains a force-delete command (typical for malware init code)
- Privilege Escalation
- Defense Evasion
- Allocates virtual memory in a remote process
- Credential Access
- Collection
- Installs hooks/patches the running process
- Discovery
- Reads the cryptographic machine GUID
- Contains ability to read software policies
- Discovery
- Reads information about supported languages
- Reads the active computer name
- Queries sensitive IE security settings
- 1 confidential indicators
- Monitors specific registry key for changes
- Reads the registry for installed applications
- Discovery
- Checks network status using ping
- Lateral Movement
- Reads terminal service related keys (often RDP related)
- Credential Access
- Collection
- Installs hooks/patches the running process
Additional Context
Related Sandbox Artifacts
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
Malicious Indicators 8
details 18/64 Antivirus vendors marked sample as malicious (28% detection rate) source External System relevance 10/10
details No specific details available source External System relevance 10/10
details «AutodeskLicensePatcherUninstaller.exe» allocated memory in «%WINDIR%\AppPatch\sysmain.sdb»
«cmd.exe» allocated memory in «\Device\MountPointManager» source API Call relevance 7/10 ATT&CK ID T1055.012 (Show technique in the MITRE ATT&CK™ matrix)
details «:: WARNING
:: This tools is just an automated repack, and it is for research purposes ONLY! DO NOT USE IT FOR PIRACY!
:: ALWAYS SUPPORT DEVELOPOERS, BUY IF YOU LIKE/USE IT.
:: Run As Administrator
>nul reg add hkcu\software\classes\.Admin\shell\runas\command /f /ve /d «cmd /x /d /r set \»f0=%%2\» &call \»%%2\» %%3″ &set _= %*
>nul fltmc || if «%f0%» neq «%~f0″ ( cd.>»%tmp%\runas.Admin» &start «%~n0» /high «%tmp%\runas.Admin» «%~f0» «%_:»=»»%» &exit /b )
echo %c_Red_Blak%____________________________________________________________________%c_Gre_Blak%
echo %c_Red_Blak%_ _%c_Gre_Blak%
echo %c_Red_Blak%_ Autodesk License Patcher Uninstaller _%c_Gre_Blak%
echo %c_Red_Blak%_ _%c_Gre_Blak%
echo %c_Red_Blak%____________________________________________________________________%c_Gre_Blak%
echo.
echo %c_Cya_Blak%. Welcome To Autodesk License Patcher Uninstaller. %c_Gre_Blak%
echo.
echo %c_Red_Blak%This tool will uninstall and revert all the changes made%c_Gre_Blak%
echo Run with administrator privileges and UAC disabled.
echo Check «ReadMe» before using.
ping 127.0.0.1 -n 15 >Nul 2>&1
cls
echo %c_Red_Blak%____________________________________________________________________%c_Gre_Blak%
echo %c_Red_Blak%_ _%c_Gre_Blak%
echo %c_Red_Blak%_ Autodesk License Patcher Uninstaller _%c_Gre_Blak%
echo %c_Red_Blak%_ _%c_Gre_Blak%
echo %c_Red_Blak%____________________________________________________________________%c_Gre_Blak%
echo.
echo %c_Cya_Blak%Stopping ADSK Licensing Service And Reverting Changes%c_Gre_Blak%
ping 127.0.0.1 -n 5 >Nul 2>&1
echo.
schtasks.exe /Delete /tn «\Microsoft\Windows\Autodesk\Autodesk» /f >Nul 2>&1
netsh advfirewall firewall delete rule name=»AutodeskNLM» >Nul 2>&1
cd «%PROGRAMFILES%\(x86)\Common Files\Autodesk Shared\AdskLicensing» >Nul 2>&1
for /R %%a in (*.exe) do (
netsh advfirewall firewall delete rule name=»Allowed %%a» >Nul 2>&1
netsh advfirewall firewall delete rule name=»Blocked %%a» >Nul 2>&1
)
net stop AdskLicensingService >Nul 2>&1
taskkill /F /IM «AdskLicensingService.exe» >Nul 2>&1
taskkill /F /IM «AdskLicensingAgent.exe» >Nul 2>&1
taskkill /F /IM «ADPClientService.exe» >Nul 2>&1
taskkill /F /IM «AdskLicensingAnalyticsClient.exe» >Nul 2>&1
taskkill /F /IM «AdskLicensingInstHelper.exe» >Nul 2>&1
taskkill /F /IM «lmgrd.exe» >Nul 2>&1
taskkill /F /IM «adskflex.exe» >Nul 2>&1
taskkill /F /IM «lmutil.exe» >Nul 2>&1
taskkill /F /IM «lmtools.exe» >Nul 2>&1
MsiExec.exe /X /qn >Nul 2>&1
@RD /S /Q «%SystemDrive%\Autodesk\Network License Manager\» >Nul 2>&1
del /f /q «%SystemDrive%\Autodesk\Network License Manager\» >Nul 2>&1
@RD /S /Q «%SystemDrive%\Autodesk\Network License Manager» >Nul 2>&1
del /f /q «%SystemDrive%\Autodesk\Network License Manager» >Nul 2>&1
@RD /S /Q «%CommonProgramFiles(x86)%\Autodesk Shared\Network License Manager\» >Nul 2>&1
del /f /q «%CommonProgramFiles(x86)%\Autodesk Shared\Network License Manager\» >Nul 2>&1
@RD /S /Q «%CommonProgramFiles(x86)%\Autodesk Shared\Network License Manager» >Nul 2>&1
del /f /q «%CommonProgramFiles(x86)%\Autodesk Shared\Network License Manager» >Nul 2>&1
@RD /S /Q «%SystemDrive%\AutodeskLicensePatcherInstaller\Files\PatchedFiles\version.dll» >Nul 2>&1
del /f /q «%SystemDrive%\AutodeskLicensePatcherInstaller\Files\PatchedFiles\version.dll» >Nul 2>&1
net start AdskLicensingService >Nul 2>&1
cls
echo %c_Red_Blak%____________________________________________________________________%c_Gre_Blak%
echo %c_Red_Blak%_ _%c_Gre_Blak%
echo %c_Red_Blak%_ Autodesk License Patcher Uninstaller _%c_Gre_Blak%
echo %c_Red_Blak%_ _%c_Gre_Blak%
echo %c_Red_Blak%____________________________________________________________________%c_Gre_Blak%
echo.
echo %c_Cya_Blak%Autodesk License Patcher Uninstallation Completed%c_Gre_Blak%
echo %c_Cya_Blak%Support Developers
Buy If You Like/Use It.
echo.
ping 127.0.0.1 -n 5 >Nul 2>&1
@RD /S /Q «%SystemDrive%\AutodeskLicensePatcherInstaller» >Nul 2>&1
del /f /q «%SystemDrive%\AutodeskLicensePatcherInstaller» >Nul 2>&1
:: CleanUp And Exit
cd \
(goto) 2>nul&rd /s /q «%~dp0»
del /q /f «%0»
cls & exit», «del /f /q «%SystemDrive%\Autodesk\Network License Manager\» >Nul 2>&1″, «del /f /q «%SystemDrive%\Autodesk\Network License Manager» >Nul 2>&1″, «del /f /q «%CommonProgramFiles(x86)%\Autodesk Shared\Network License Manager\» >Nul 2>&1″, «del /f /q «%CommonProgramFiles(x86)%\Autodesk Shared\Network License Manager» >Nul 2>&1″, «del /f /q «%SystemDrive%\AutodeskLicensePatcherInstaller\Files\PatchedFiles\version.dll» >Nul 2>&1″, «del /f /q «%SystemDrive%\AutodeskLicensePatcherInstaller» >Nul 2>&1″ source File/Memory relevance 7/10 ATT&CK ID T1070.004 (Show technique in the MITRE ATT&CK™ matrix)
details Process «schtasks.exe» with commandline «/Delete /tn «\Microsoft\Windows\Autodesk\Autodesk» /f» (Show Process) source Monitored Target relevance 8/10 ATT&CK ID T1053.005 (Show technique in the MITRE ATT&CK™ matrix)
details Process «schtasks.exe» with commandline «/Delete /tn «\Microsoft\Windows\Autodesk\Autodesk» /f» (Show Process) source Monitored Target relevance 7/10 ATT&CK ID T1562.001 (Show technique in the MITRE ATT&CK™ matrix)
details Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»AutodeskNLM»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\7za.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\7za.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\AutodeskLicensePatcherUninstaller.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\AutodeskLicensePatcherUninstaller.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCache\All Users\-C\ose.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCache\All Users\-C\ose.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCache\All Users\-C\setup.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCache\All Users\-C\setup.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCache\All Users\-C\DW20.EXE»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCache\All Users\-C\DW20.EXE»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCache\All Users\-C\dwtrig20.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCache\All Users\-C\dwtrig20.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %PROGRAMFILES%\7-Zip\7z.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %PROGRAMFILES%\7-Zip\7z.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %PROGRAMFILES%\7-Zip\7zFM.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %PROGRAMFILES%\7-Zip\7zFM.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %PROGRAMFILES%\7-Zip\7zG.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %PROGRAMFILES%\7-Zip\7zG.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %PROGRAMFILES%\7-Zip\Uninstall.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %PROGRAMFILES%\7-Zip\Uninstall.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\ConvertInkStore.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\ConvertInkStore.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\FlickLearningWizard.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\FlickLearningWizard.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\InkWatson.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\InkWatson.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\InputPersonalization.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\InputPersonalization.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\mip.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\mip.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\ShapeCollector.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\ShapeCollector.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\TabTip.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\TabTip.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\MSInfo\msinfo32.exe»» (Show Process) source Monitored Target relevance 8/10 ATT&CK ID T1562.004 (Show technique in the MITRE ATT&CK™ matrix)
details Spawned process «AutodeskLicensePatcherUninstaller.exe» (Show Process)
Spawned process «cmd.exe» with commandline «%WINDIR%\system32\cmd.exe /c «»C:\AutodeskLicensePatcherUninstaller\AutodeskLicensePatcherUninstaller.bat» «» (Show Process)
Spawned process «chcp.com» with commandline «chcp 1254» (Show Process)
Spawned process «mode.com» with commandline «mode con: cols=70 lines=15» (Show Process)
Spawned process «reg.exe» with commandline «reg add hkcu\software\classes\.Admin\shell\runas\command /f /ve /d «cmd /x /d /r set \»f0=%2\» &call \»%2\» %3″» (Show Process)
Spawned process «fltMC.exe» (Show Process)
Spawned process «PING.EXE» with commandline «ping 127.0.0.1 -n 15» (Show Process)
Spawned process «PING.EXE» with commandline «ping 127.0.0.1 -n 5» (Show Process)
Spawned process «schtasks.exe» with commandline «/Delete /tn «\Microsoft\Windows\Autodesk\Autodesk» /f» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»AutodeskNLM»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\7za.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\7za.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\AutodeskLicensePatcherUninstaller.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\AutodeskLicensePatcherUninstaller.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCache\All Users\-C\ose.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCache\All Users\-C\ose.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCache\All Users\-C\setup.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCache\All Users\-C\setup.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCache\All Users\-C\DW20.EXE»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCache\All Users\-C\DW20.EXE»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCache\All Users\-C\dwtrig20.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCache\All Users\-C\dwtrig20.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %PROGRAMFILES%\7-Zip\7z.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %PROGRAMFILES%\7-Zip\7z.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %PROGRAMFILES%\7-Zip\7zFM.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %PROGRAMFILES%\7-Zip\7zFM.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %PROGRAMFILES%\7-Zip\7zG.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %PROGRAMFILES%\7-Zip\7zG.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %PROGRAMFILES%\7-Zip\Uninstall.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %PROGRAMFILES%\7-Zip\Uninstall.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\ConvertInkStore.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\ConvertInkStore.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\FlickLearningWizard.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\FlickLearningWizard.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\InkWatson.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\InkWatson.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\InputPersonalization.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\InputPersonalization.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\mip.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\mip.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\ShapeCollector.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\ShapeCollector.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\ink\TabTip.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %COMMONPROGRAMFILES%\Microsoft Shared\ink\TabTip.exe»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %COMMONPROGRAMFILES%\Microsoft Shared\MSInfo\msinfo32.exe»» (Show Process) source Monitored Target relevance 8/10
Suspicious Indicators 21
details UPX1 with unusual entropies 7.97814069155 source Static Parser relevance 10/10
details «2343cb780d1a0c8543bb76c7c7586f9af957655ee20655871b85092b0ecbb055.bin» has a section named «UPX0»
«2343cb780d1a0c8543bb76c7c7586f9af957655ee20655871b85092b0ecbb055.bin» has a section named «UPX1» source Static Parser relevance 10/10 ATT&CK ID T1027.002 (Show technique in the MITRE ATT&CK™ matrix)
details «AutodeskLicensePatcherUninstaller.exe» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME»; Key: «COMPUTERNAME»)
«PING.EXE» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME»; Key: «COMPUTERNAME»)
«schtasks.exe» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME»; Key: «COMPUTERNAME»)
«netsh.exe» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME»; Key: «COMPUTERNAME») source Registry Access relevance 5/10 ATT&CK ID T1012 (Show technique in the MITRE ATT&CK™ matrix)
details 18/64 Antivirus vendors marked sample as malicious (28% detection rate) source External System
details «schtasks.exe» loaded module «%WINDIR%\SysWOW64\taskschd.dll» at 74040000 source Loaded Module relevance 5/10 ATT&CK ID T1559.001 (Show technique in the MITRE ATT&CK™ matrix)
details «cmd.exe» wrote 52 bytes to a remote process «%WINDIR%\SysWOW64\chcp.com» (Handle: 164)
«cmd.exe» wrote 4 bytes to a remote process «C:\Windows\SysWOW64\chcp.com» (Handle: 164)
«cmd.exe» wrote 8 bytes to a remote process «C:\Windows\SysWOW64\chcp.com» (Handle: 164)
«cmd.exe» wrote 52 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 180)
«cmd.exe» wrote 4 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 180)
«cmd.exe» wrote 8 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 180)
«cmd.exe» wrote 32 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 196)
«cmd.exe» wrote 52 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 196)
«cmd.exe» wrote 4 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 196)
«cmd.exe» wrote 8 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 196)
«cmd.exe» wrote 32 bytes to a remote process «C:\Windows\SysWOW64\reg.exe» (Handle: 172)
«cmd.exe» wrote 52 bytes to a remote process «C:\Windows\SysWOW64\reg.exe» (Handle: 172)
«cmd.exe» wrote 32 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 192)
«cmd.exe» wrote 52 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 192)
«cmd.exe» wrote 4 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 192)
«cmd.exe» wrote 8 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 192)
«cmd.exe» wrote 32 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 180)
«cmd.exe» wrote 8 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 188)
«cmd.exe» wrote 32 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 188)
«cmd.exe» wrote 52 bytes to a remote process «C:\Windows\SysWOW64\netsh.exe» (Handle: 188) source API Call relevance 6/10 ATT&CK ID T1055 (Show technique in the MITRE ATT&CK™ matrix)
details Potential IP «127.0.0.1» found in string «ping 127.0.0.1 -n 15»
Potential IP «127.0.0.1» found in string «ping 127.0.0.1 -n 5»
Potential IP «127.0.0.1» found in string «ping 127.0.0.1 -n 15 >Nul 2>&1»
Potential IP «127.0.0.1» found in string «ping 127.0.0.1 -n 5 >Nul 2>&1» source File/Memory relevance 3/10
details «AutodeskLicensePatcherUninstaller.exe» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER»; Key: «TSUSERENABLED»)
«AutodeskLicensePatcherUninstaller.exe» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER»; Key: «TSAPPCOMPAT») source Registry Access relevance 10/10 ATT&CK ID T1021.001 (Show technique in the MITRE ATT&CK™ matrix)
details Process «PING.EXE» with commandline «ping 127.0.0.1 -n 15» (Show Process)
Process «PING.EXE» with commandline «ping 127.0.0.1 -n 5» (Show Process) source Monitored Target relevance 5/10 ATT&CK ID T1018 (Show technique in the MITRE ATT&CK™ matrix)
details «AutodeskLicensePatcherUninstaller.exe» (Access type: «DELETEVAL»; Path: «HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP»; Key: «PROXYBYPASS»)
«AutodeskLicensePatcherUninstaller.exe» (Access type: «DELETEVAL»; Path: «HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP»; Key: «PROXYBYPASS») source Registry Access relevance 10/10 ATT&CK ID T1112 (Show technique in the MITRE ATT&CK™ matrix)
details «AutodeskLicensePatcherUninstaller.exe» (Path: «HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY»; Key: «DISABLESECURITYSETTINGSCHECK») source Registry Access relevance 8/10 ATT&CK ID T1012 (Show technique in the MITRE ATT&CK™ matrix)
details Process «reg.exe» with commandline «reg add hkcu\software\classes\.Admin\shell\runas\command /f /ve /d «cmd /x /d /r set \»f0=%2\» &call \»%2\» %3″» (Show Process) source Monitored Target relevance 7/10 ATT&CK ID T1112 (Show technique in the MITRE ATT&CK™ matrix)
details «CHCP.COM.627ACB21.bin» claimed CRC 66845 while the actual is CRC 260322
«MODE.COM.627ACB27.bin» claimed CRC 42325 while the actual is CRC 66845 source Static Parser relevance 10/10
details «2343cb780d1a0c8543bb76c7c7586f9af957655ee20655871b85092b0ecbb055.bin» has an entrypoint in section «UPX1» source Static Parser relevance 10/10
details VirtualProtect
GetProcAddress
LoadLibraryA
TerminateProcess
GetModuleHandleA
UnhandledExceptionFilter
GetTickCount
Sleep
GetCommandLineW source Static Parser relevance 1/10
details «AutodeskLicensePatcherUninstaller.exe» wrote bytes «c0df84771cf98377ccf883770d64857700000000c011c97600000000fc3ec97600000000e013c976000000009457467525e08477c6e0847700000000bc6a457500000000cf31c9760000000093194675000000002c32c97600000000» to virtual address «0x759D1000» (part of module «NSI.DLL»)
«AutodeskLicensePatcherUninstaller.exe» wrote bytes «71110f027a3b0e02ab8b02007f950200fc8c0200729602006cc805001ecd0b027d260b02» to virtual address «0x757B07E4» (part of module «USER32.DLL»)
«cmd.exe» wrote bytes «c0df84771cf98377ccf883770d64857700000000c011c97600000000fc3ec97600000000e013c976000000009457467525e08477c6e0847700000000bc6a457500000000cf31c9760000000093194675000000002c32c97600000000» to virtual address «0x759D1000» (part of module «NSI.DLL»)
«cmd.exe» wrote bytes «71110f027a3b0e02ab8b02007f950200fc8c0200729602006cc805001ecd0b027d260b02» to virtual address «0x757B07E4» (part of module «USER32.DLL»)
«chcp.com» wrote bytes «c0df84771cf98377ccf883770d64857700000000c011c97600000000fc3ec97600000000e013c976000000009457467525e08477c6e0847700000000bc6a457500000000cf31c9760000000093194675000000002c32c97600000000» to virtual address «0x759D1000» (part of module «NSI.DLL»)
«chcp.com» wrote bytes «71110f027a3b0e02ab8b02007f950200fc8c0200729602006cc805001ecd0b027d260b02» to virtual address «0x757B07E4» (part of module «USER32.DLL»)
«mode.com» wrote bytes «c0df84771cf98377ccf883770d64857700000000c011c97600000000fc3ec97600000000e013c976000000009457467525e08477c6e0847700000000bc6a457500000000cf31c9760000000093194675000000002c32c97600000000» to virtual address «0x759D1000» (part of module «NSI.DLL»)
«mode.com» wrote bytes «71110f027a3b0e02ab8b02007f950200fc8c0200729602006cc805001ecd0b027d260b02» to virtual address «0x757B07E4» (part of module «USER32.DLL»)
«reg.exe» wrote bytes «c0df84771cf98377ccf883770d64857700000000c011c97600000000fc3ec97600000000e013c976000000009457467525e08477c6e0847700000000bc6a457500000000cf31c9760000000093194675000000002c32c97600000000» to virtual address «0x759D1000» (part of module «NSI.DLL»)
«reg.exe» wrote bytes «71110f027a3b0e02ab8b02007f950200fc8c0200729602006cc805001ecd0b027d260b02» to virtual address «0x757B07E4» (part of module «USER32.DLL»)
«fltMC.exe» wrote bytes «c0df84771cf98377ccf883770d64857700000000c011c97600000000fc3ec97600000000e013c976000000009457467525e08477c6e0847700000000bc6a457500000000cf31c9760000000093194675000000002c32c97600000000» to virtual address «0x759D1000» (part of module «NSI.DLL»)
«fltMC.exe» wrote bytes «71110f027a3b0e02ab8b02007f950200fc8c0200729602006cc805001ecd0b027d260b02» to virtual address «0x757B07E4» (part of module «USER32.DLL»)
«PING.EXE» wrote bytes «c0df84771cf98377ccf883770d64857700000000c011c97600000000fc3ec97600000000e013c976000000009457467525e08477c6e0847700000000bc6a457500000000cf31c9760000000093194675000000002c32c97600000000» to virtual address «0x759D1000» (part of module «NSI.DLL»)
«PING.EXE» wrote bytes «71110f027a3b0e02ab8b02007f950200fc8c0200729602006cc805001ecd0b027d260b02» to virtual address «0x757B07E4» (part of module «USER32.DLL»)
«schtasks.exe» wrote bytes «c0df84771cf98377ccf883770d64857700000000c011c97600000000fc3ec97600000000e013c976000000009457467525e08477c6e0847700000000bc6a457500000000cf31c9760000000093194675000000002c32c97600000000» to virtual address «0x759D1000» (part of module «NSI.DLL»)
«schtasks.exe» wrote bytes «71110f027a3b0e02ab8b02007f950200fc8c0200729602006cc805001ecd0b027d260b02» to virtual address «0x757B07E4» (part of module «USER32.DLL»)
«netsh.exe» wrote bytes «c0df84771cf98377ccf883770d64857700000000c011c97600000000fc3ec97600000000e013c976000000009457467525e08477c6e0847700000000bc6a457500000000cf31c9760000000093194675000000002c32c97600000000» to virtual address «0x759D1000» (part of module «NSI.DLL»)
«netsh.exe» wrote bytes «71110f027a3b0e02ab8b02007f950200fc8c0200729602006cc805001ecd0b027d260b02» to virtual address «0x757B07E4» (part of module «USER32.DLL») source Hook Detection relevance 10/10 ATT&CK ID T1056.004 (Show technique in the MITRE ATT&CK™ matrix)
details «AutodeskLicensePatcherUninstaller.exe» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE»; Key: «EMPTY»)
«AutodeskLicensePatcherUninstaller.exe» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE»; Key: «EN-US»)
«AutodeskLicensePatcherUninstaller.exe» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE»; Key: «EN-US»)
«cmd.exe» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE»; Key: «EMPTY»)
«cmd.exe» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE»; Key: «EN-US»)
«cmd.exe» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE»; Key: «EN-US»)
«cmd.exe» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE»; Key: «00000409»)
«chcp.com» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE»; Key: «EMPTY»)
«chcp.com» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE»; Key: «00000409»)
«chcp.com» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE»; Key: «EN-US»)
«chcp.com» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE»; Key: «EN-US»)
«mode.com» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE»; Key: «EMPTY»)
«mode.com» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE»; Key: «00000409»)
«mode.com» (Path: «HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE»; Key: «EN-US») source Registry Access relevance 3/10 ATT&CK ID T1012 (Show technique in the MITRE ATT&CK™ matrix)
- All indicators are available only in the private webservice or standalone version
Informative 22
details «netsh.exe» at 00000000-00003356-00000033-23594673
«netsh.exe» at 00000000-00003024-00000033-10967148656287042
«netsh.exe» at 00000000-00003020-00000033-2210773
«netsh.exe» at 00000000-00001856-00000033-25988870
«netsh.exe» at 00000000-00001440-00000033-2263758
«netsh.exe» at 00000000-00001752-00000033-26659558
«netsh.exe» at 00000000-00001716-00000033-2044948
«netsh.exe» at 00000000-00001500-00000033-2458472
«netsh.exe» at 00000000-00001720-00000033-1334687
«netsh.exe» at 00000000-00000176-00000033-10967148652705825
«netsh.exe» at 00000000-00003996-00000033-27730583
«netsh.exe» at 00000000-00002980-00000033-2469903
«netsh.exe» at 00000000-00002476-00000033-28042196
«netsh.exe» at 00000000-00003320-00000033-10967148651614658
«netsh.exe» at 00000000-00003300-00000033-2225555
«netsh.exe» at 00000000-00003712-00000033-2428579
«netsh.exe» at 00000000-00001772-00000033-30579656
«netsh.exe» at 00000000-00002608-00000033-3276178
«netsh.exe» at 00000000-00003608-00000033-1495086
«netsh.exe» at 00000000-00002124-00000033-2372309 source API Call relevance 6/10
details Raw size of «UPX0» is zero source Static Parser relevance 10/10
details «AutodeskLicensePatcherUninstaller.exe» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «TRANSPARENTENABLED»)
«cmd.exe» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «TRANSPARENTENABLED»)
«cmd.exe» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «LEVELS»)
«cmd.exe» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «LOGFILENAME»)
«cmd.exe» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «POLICYSCOPE»)
«cmd.exe» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «SAFERFLAGS»)
«cmd.exe» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «DEFAULTLEVEL»)
«cmd.exe» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «AUTHENTICODEENABLED»)
«chcp.com» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «TRANSPARENTENABLED»)
«mode.com» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «TRANSPARENTENABLED»)
«reg.exe» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «TRANSPARENTENABLED»)
«fltMC.exe» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «TRANSPARENTENABLED»)
«PING.EXE» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «TRANSPARENTENABLED»)
«schtasks.exe» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «TRANSPARENTENABLED»)
«netsh.exe» (Path: «HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS»; Key: «TRANSPARENTENABLED») source Registry Access relevance 1/10 ATT&CK ID T1082 (Show technique in the MITRE ATT&CK™ matrix)
details «netsh.exe» (Path: «HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY»; Key: «MACHINEGUID») source Registry Access relevance 10/10 ATT&CK ID T1082 (Show technique in the MITRE ATT&CK™ matrix)
details «AutodeskLicensePatcherUninstaller.exe» (Path: «HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\AUTODESKLICENSEPATCHERUNINSTALLER.BAT»)
«AutodeskLicensePatcherUninstaller.exe» (Path: «HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\AUTODESKLICENSEPATCHERUNINSTALLER.BAT») source Registry Access relevance 10/10 ATT&CK ID T1012 (Show technique in the MITRE ATT&CK™ matrix)
details «Local\ZonesLockedCacheCounterMutex»
«Local\ZonesCacheCounterMutex»
«\Sessions\1\BaseNamedObjects\RasPbFile»
«\Sessions\1\BaseNamedObjects\Global\3a886eb8-fe40-4d0a-b78b-9e0bcb683fb7» source Created Mutant relevance 3/10
details Antivirus vendors marked dropped file «CHCP.COM.627ACB21.bin» as clean (type is «PE32 executable (console) Intel 80386 for MS Windows»), Antivirus vendors marked dropped file «MODE.COM.627ACB27.bin» as clean (type is «PE32 executable (console) Intel 80386 for MS Windows») source Binary File relevance 10/10
details Process «cmd.exe» with commandline «%WINDIR%\system32\cmd.exe /c «»C:\AutodeskLicensePatcherUninstaller\AutodeskLicensePatcherUninstaller.bat» «» (Show Process) source Monitored Target relevance 3/10 ATT&CK ID T1059 (Show technique in the MITRE ATT&CK™ matrix)
details «ExitProcess» (Indicator: «ExitProcess») in Source: 2343cb780d1a0c8543bb76c7c7586f9af957655ee20655871b85092b0ecbb055.bin
«GetProcAddress» (Indicator: «GetProcAddress») in Source: 2343cb780d1a0c8543bb76c7c7586f9af957655ee20655871b85092b0ecbb055.bin
«LoadLibraryA» (Indicator: «LoadLibraryA») in Source: 2343cb780d1a0c8543bb76c7c7586f9af957655ee20655871b85092b0ecbb055.bin
«VirtualProtect» (Indicator: «VirtualProtect») in Source: 2343cb780d1a0c8543bb76c7c7586f9af957655ee20655871b85092b0ecbb055.bin
«ThemeApiConnectionRequest» (Indicator: «ThemeApiConnectionRequest») in Source: 00000000-00002744-0000008F-10967148656437240 source File/Memory relevance 1/10
details «AutodeskLicensePatcherUninstaller.exe» touched «Computer» (Path: «HKCU\WOW6432NODE\CLSID\<20D04FE0-3AEA-1069-A2D8-08002B30309D>\SHELLFOLDER»)
«AutodeskLicensePatcherUninstaller.exe» touched «Memory Mapped Cache Mgr» (Path: «HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\»)
«AutodeskLicensePatcherUninstaller.exe» touched «Security Manager» (Path: «HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\\PROGID»)
«schtasks.exe» touched «TaskScheduler class» (Path: «HKCU\WOW6432NODE\CLSID\\PROGID»)
«netsh.exe» touched «Nap Config Read class» (Path: «HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\\PROGID»)
«netsh.exe» touched «Quarantine Agent Management class» (Path: «HKCU\WOW6432NODE\CLSID\») source Registry Access relevance 3/1020D04FE0-3AEA-1069-A2D8-08002B30309D>
details Process «cmd.exe» (Show Process) was launched with new environment variables: «7zSfxFolder20=»C:\Windows\Fonts», 7zSfxFolder21=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Templates», SfxFolder39=»C:\Users\%USERNAME%\Pictures», SfxFolder38=»C:\Program Files (x86)», SfxFolder37=»C:\Windows\system32″, MyDocs=»C:\Users\%USERNAME%\Documents», SfxFolder36=»C:\Windows», SfxFolder35=»%ALLUSERSPROFILE%\, SfxFolder34=»C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\History», SfxFolder33=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Cookies», SfxFolder32=»C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files», SfxFolder31=»C:\Users\%USERNAME%\Favorites», SfxFolder30=»C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup», 7zSfxFolder28=»C:\Users\%USERNAME%\AppData\Local», 7zSfxFolder29=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup», 7zSfxFolder26=»C:\Users\%USERNAME%\AppData\Roaming», 7zSfxFolder27=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts», 7zSfxVarSystemLanguage=»1033″, 7zSfxFolder24=»C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup», 7zSfxFolder25=»C:\Users\%USERNAME%\Desktop», 7zSfxFolder22=»C:\ProgramData\Microsoft\Windows\Start Menu», 7zSfxFolder23=»C:\ProgramData\Microsoft\Windows\Start Menu\Programs», SfxVarSystemLanguage=»1033″, SfxString10=»Could not write SFX configuration.», SfxString12=»Could not create folder «%s».», SfxString11=»Error in line %d of configuration data:», SfxVarSystemPlatform=»x64″, SfxFolder48=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools», SfxString18=»7-Zip: CRC error.», SfxFolder47=»C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools», SfxString17=»7-Zip: Unsupported method.», SfxFolder46=»C:\Users\%USERNAME%\Documents», SfxFolder45=»C:\ProgramData\Microsoft\Windows\Templates», SfxString19=»7-Zip: Data error.», SfxFolder44=»C:\Program Files (x86)\Common Files», SfxString14=»Could not find command for «%s».», SfxFolder43=»C:\Program Files (x86)\Common Files», SfxString13=»Could not delete file or folder «%s».», SfxFolder42=»C:\Program Files (x86)», SfxString16=»Error during execution «%s».», SfxFolder41=»C:\Windows\SysWOW64″, SfxString15=»Could not find «setup.exe».», SfxFolder40=»C:\Users\%USERNAME%\Users\HAPUBWS\AppData\Roaming\Microsoft\Windows\Network Shortcuts», 7zSfxFolder16=»C:\Users\%USERNAME%\Desktop», 7zSfxFolder13=»C:\Users\%USERNAME%\Music», 7zSfxFolder14=»C:\Users\%USERNAME%\Videos», 7zSfxFolder11=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu», 7zSfxFolder42=»C:\Program Files (x86)», 7zSfxFolder43=»C:\Program Files (x86)\Common Files», 7zSfxFolder40=»C:\Users\%USERNAME%\Windows\SysWOW64″, SfxFolder19=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Network Shortcuts», SfxFolder16=»C:\Users\%USERNAME%\Desktop», SfxFolder14=»C:\Users\%USERNAME%\Videos», SfxFolder13=»C:\Users\%USERNAME%\Music», SfxFolder11=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu», 7zSfxFolder48=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools», 7zSfxFolder46=»C:\Users\%USERNAME%\Documents», 7zSfxFolder47=»C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools», 7zSfxFolder44=»C:\Program Files (x86)\Common Files», 7zSfxFolder45=»C:\ProgramData\Microsoft\Windows\Templates», 7zSfxFolder31=»C:\Users\%USERNAME%\Favorites», 7zSfxFolder32=»C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files», 7zSfxFolder30=»C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup», MyDocuments=»C:\Users\%USERNAME%\Documents», SfxFolder29=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup», SfxFolder28=»C:\Users\%USERNAME%\AppData\Local», SfxFolder27=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts», SfxFolder26=»C:\Users\%USERNAME%\AppData\Roaming», SfxFolder25=»C:\Users\%USERNAME%\Desktop», SfxFolder24=»C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup», SfxFolder23=»C:\ProgramData\Microsoft\Windows\Start Menu\Programs», SfxFolder22=»C:\ProgramData\Microsoft\Windows\Start Menu», SfxFolder21=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Templates», SfxFolder20=»C:\Windows\Fonts», 7zSfxFolder39=»C:\Users\%USERNAME%\Pictures», 7zSfxFolder37=»C:\Windows\system32″, 7zSfxFolder38=»C:\Program Files (x86)», 7zSfxFolder35=»C:\ProgramData», 7zSfxFolder36=»C:\Windows», 7zSfxFolder33=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Cookies», 7zSfxFolder34=»C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\History», SfxString43=»Insufficient physical memory.», SfxString42=»Not enough free space for extracting.», SfxString44=»Enter password:», CommonDocuments=»C:\Users\%USERNAME%\Documents», SfxString41=»: warning», SfxString40=»7z SFX: warning», UserDesktop=»C:\Users\%USERNAME%\Desktop», SfxString6=»Could not get SFX filename.», SfxString7=»Could not open archive file «%s».», SfxString8=»Non 7z archive.», SfxString9=»Could not read SFX configuration or configuration not found.», 7zSfxFolder53=»C:\Users\%USERNAME%\Music», 7zSfxFolder54=»C:\Users\%USERNAME%\Pictures», SfxFolder09=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\SendTo», SfxFolder08=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent», PROCESSOR_ARCHITEW6432=»AMD64″, SfxFolder07=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup», SfxFolder06=»C:\Users\%USERNAME%\Favorites», SfxFolder05=»C:\Users\%USERNAME%\Documents», SfxFolder02=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs», SfxString1=»SFX module — Copyright (c) 2005-2012 Oleg Scherbakov», SfxFolder00=»C:\Users\%USERNAME%\Desktop», SfxString2=»7z SFX», SfxString3=»7z SFX: error», SfxString4=»: error», 7zSfxVarModulePlatform=»x86″, SfxString5=»Extracting», 7zSfxFolder59=»C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Burn\Burn», 7zSfxFolder55=»C:\Users\%USERNAME%\Videos», 7zSfxFolder56=»C:\Windows\resources», SfxString21=»Extraction path», SfxString20=»7-Zip: Internal error
code %u.», SfxString23=»Really cancel the installation?», SfxString22=»Extraction path:», SfxFolder59=»C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Burn\Burn», SfxString29=» s», SfxString28=»No», SfxFolder56=»C:\Windows\resources», SfxFolder55=»C:\Users\%USERNAME%\Videos», SfxString25=»OK», SfxFolder54=»C:\Users\%USERNAME%\Pictures», SfxString24=»No «HelpText» in the configuration file.», SfxFolder53=»C:\Users\%USERNAME%\Music», SfxString27=»Yes», SfxString26=»Cancel», 7zSfxFolder08=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent», 7zSfxFolder09=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\SendTo», 7zSfxFolder06=»C:\Users\%USERNAME%\Favorites», 7zSfxFolder07=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup», 7zSfxFolder05=»C:\Users\%USERNAME%\Documents», 7zSfxFolder02=»C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs», 7zSfxFolder00=»C:\Users\%USERNAME%\Desktop», SfxString32=»Error in command line:», SfxString31=»Could not overwrite file «%s».», SfxString34=»7-Zip: Extraction error.», SfxString33=»7-Zip: Internal error
code 0x%08X.», 7zSfxVarSystemPlatform=»x64″, SfxString30=»Could not create file «%s».», SfxString39=»Application error:», SfxVarModulePlatform=»x86″, SfxString36=»Next», SfxString35=»Back», SfxString38=»Cancel», SfxString37=»Finish», CommonDesktop=»C:\Users\%USERNAME%\Desktop»»
Process «cmd.exe» (Show Process) was launched with modified environment variables: «CommonProgramFiles, PROCESSOR_ARCHITECTURE, ProgramFiles»
Process «chcp.com» (Show Process) was launched with new environment variables: «PROMPT=»$P$G»»
Process «reg.exe» (Show Process) was launched with new environment variables: «c_Yel_Blak=»[93;40m», c_reset=»[0m», c_Cya_Blak=»[96;40m», c_underline=»[4m», c_Gre_Blak=»[92;40m», liveincolor=»1 «, c_Whi_Blak=»[97;40m», c_Mag_Blak=»[95;40m», c_Red_Blak=»[91;40m», c_Blu_Blak=»[94;40m»»
Process «fltMC.exe» (Show Process) was launched with new environment variables: «_=» «» source Monitored Target relevance 10/10
details «%WINDIR%\system32\cmd.exe /c «»C:\AutodeskLicensePatcherUninstaller\AutodeskLicensePatcherUninstaller.bat» «» on 2022-5-10.20:29:21.215 source Monitored Target relevance 5/10 ATT&CK ID T1059.003 (Show technique in the MITRE ATT&CK™ matrix)
details Spawned process «cmd.exe» with commandline «%WINDIR%\system32\cmd.exe /c «»C:\AutodeskLicensePatcherUninstal . » (Show Process)
Spawned process «chcp.com» with commandline «chcp 1254» (Show Process)
Spawned process «mode.com» with commandline «mode con: cols=70 lines=15» (Show Process)
Spawned process «reg.exe» with commandline «reg add hkcu\software\classes\.Admin\shell\runas\command /f /ve . » (Show Process)
Spawned process «fltMC.exe» (Show Process)
Spawned process «PING.EXE» with commandline «ping 127.0.0.1 -n 15» (Show Process)
Spawned process «PING.EXE» with commandline «ping 127.0.0.1 -n 5» (Show Process)
Spawned process «schtasks.exe» with commandline «/Delete /tn «\Microsoft\Windows\Autodesk\Autodesk» /f» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»AutodeskNLM»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\7za.exe . » (Show Process), Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\7za.exe . » (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\Autodes . » (Show Process), Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\Autodes . » (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCach . » (Show Process), Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCach . » (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCach . » (Show Process), Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCach . » (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCach . » (Show Process), Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCach . » (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCach . » (Show Process) source Monitored Target relevance 3/10
details Spawned process «cmd.exe» with commandline «%WINDIR%\system32\cmd.exe /c «»C:\AutodeskLicensePatcherUninstal . » (Show Process)
Spawned process «chcp.com» with commandline «chcp 1254» (Show Process)
Spawned process «mode.com» with commandline «mode con: cols=70 lines=15» (Show Process)
Spawned process «reg.exe» with commandline «reg add hkcu\software\classes\.Admin\shell\runas\command /f /ve . » (Show Process)
Spawned process «fltMC.exe» (Show Process)
Spawned process «PING.EXE» with commandline «ping 127.0.0.1 -n 15» (Show Process)
Spawned process «PING.EXE» with commandline «ping 127.0.0.1 -n 5» (Show Process)
Spawned process «schtasks.exe» with commandline «/Delete /tn «\Microsoft\Windows\Autodesk\Autodesk» /f» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»AutodeskNLM»» (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\7za.exe . » (Show Process), Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\7za.exe . » (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\Autodes . » (Show Process), Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\Autodes . » (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCach . » (Show Process), Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCach . » (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCach . » (Show Process), Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCach . » (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCach . » (Show Process), Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCach . » (Show Process)
Spawned process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCach . » (Show Process) source Monitored Target relevance 3/10
details «AutodeskLicensePatcherUninstaller.exe» connecting to «\ThemeApiPort»
«schtasks.exe» connecting to «\ThemeApiPort»
«netsh.exe» connecting to «\ThemeApiPort» source API Call relevance 1/10
details «PING.EXE» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9» (Filter: 1; Subtree: 10051584)
«PING.EXE» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5» (Filter: 1; Subtree: 10051584)
«PING.EXE» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9» (Filter: 1; Subtree: 6780160)
«PING.EXE» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5» (Filter: 1; Subtree: 6780160)
«netsh.exe» monitors «\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist» (Filter: 5; Subtree: 1)
«netsh.exe» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder» (Filter: 4; Subtree: 2153472)
«netsh.exe» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9» (Filter: 1; Subtree: 8078080)
«netsh.exe» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5» (Filter: 1; Subtree: 8078080)
«netsh.exe» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder» (Filter: 4; Subtree: 2219776)
«netsh.exe» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9» (Filter: 1; Subtree: 10483456)
«netsh.exe» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5» (Filter: 1; Subtree: 10483456)
«netsh.exe» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder» (Filter: 4; Subtree: 647424)
«netsh.exe» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9» (Filter: 1; Subtree: 9237760)
«netsh.exe» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5» (Filter: 1; Subtree: 9237760)
«netsh.exe» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder» (Filter: 4; Subtree: 1170944)
«netsh.exe» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9» (Filter: 1; Subtree: 10025728)
«netsh.exe» monitors «\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5» (Filter: 1; Subtree: 10025728)
«netsh.exe» monitors «\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist» (Filter: 5; Subtree: 1959207937) source API Call relevance 4/10 ATT&CK ID T1012 (Show technique in the MITRE ATT&CK™ matrix)
details «AutodeskLicensePatcherUninstaller.exe» touched file «%WINDIR%\AppPatch\sysmain.sdb»
«AutodeskLicensePatcherUninstaller.exe» touched file «%LOCALAPPDATA%\Microsoft\Windows\Caches»
«cmd.exe» touched file «%WINDIR%\AppPatch\sysmain.sdb» source API Call relevance 7/10
details Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»AutodeskNLM»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\7za.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\7za.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\AutodeskLicensePatcherUninstaller.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\AutodeskLicensePatcherUninstaller.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCache\All Users\-C\ose.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCache\All Users\-C\ose.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCache\All Users\-C\setup.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCache\All Users\-C\setup.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCache\All Users\-C\DW20.EXE»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCache\All Users\-C\DW20.EXE»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed C:\MSOCache\All Users\-C\dwtrig20.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked C:\MSOCache\All Users\-C\dwtrig20.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %PROGRAMFILES%\7-Zip\7z.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %PROGRAMFILES%\7-Zip\7z.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %PROGRAMFILES%\7-Zip\7zFM.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %PROGRAMFILES%\7-Zip\7zFM.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %PROGRAMFILES%\7-Zip\7zG.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Blocked %PROGRAMFILES%\7-Zip\7zG.exe»» (Show Process)
Process «netsh.exe» with commandline «netsh advfirewall firewall delete rule name=»Allowed %PROGRAMFILES%\7-Zip\Uninstall.exe»» (Show Process) source Monitored Target relevance 2/10
details Pattern match: «http://sourceforge.net/projects/s-zipsfxbuilder/» source File/Memory relevance 10/10
details «netsh.exe» (Access type: «CREATE»; Path: «HKLM\SYSTEM\CONTROLSET001\SERVICES\NAPAGENT\LOCALCONFIG\ENROLL\HCSGROUPS»)
«netsh.exe» (Access type: «CREATE»; Path: «HKLM\SYSTEM\CONTROLSET001\SERVICES\NAPAGENT\LOCALCONFIG»)
«netsh.exe» (Access type: «CREATE»; Path: «HKLM\SYSTEM\CONTROLSET001\SERVICES\NAPAGENT\QECS»)
«netsh.exe» (Access type: «CREATE»; Path: «HKLM\SYSTEM\CONTROLSET001\SERVICES\NAPAGENT\SHAS»)
«netsh.exe» (Access type: «CREATE»; Path: «HKLM\SYSTEM\CONTROLSET001\SERVICES\NAPAGENT\LOCALCONFIG\UI») source Registry Access relevance 10/10 ATT&CK ID T1112 (Show technique in the MITRE ATT&CK™ matrix)
details «AutodeskLicensePatcherUninstaller.exe» opened «\Device\KsecDD»
«schtasks.exe» opened «\Device\KsecDD»
«netsh.exe» opened «\Device\KsecDD» source API Call relevance 10/10
details «2343cb780d1a0c8543bb76c7c7586f9af957655ee20655871b85092b0ecbb055.bin» was detected as «UPX v1.25 (Delphi) Stub»
«CHCP.COM.627ACB21.bin» was detected as «Visual C++ 2005 Release -> Microsoft»
«MODE.COM.627ACB27.bin» was detected as «Visual C++ 2005 Release -> Microsoft» source Static Parser relevance 10/10 ATT&CK ID T1027.002 (Show technique in the MITRE ATT&CK™ matrix)
File Details
All Details:
Autodesk License Patcher Uninstaller.exe
Filename Autodesk License Patcher Uninstaller.exe Size 226KiB (231220 bytes) Type peexe executable Description PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed Architecture WINDOWS SHA256 2343cb780d1a0c8543bb76c7c7586f9af957655ee20655871b85092b0ecbb055