Edit tour

Windows Analysis Report
Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe

Overview

General Information

Sample name:	Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Analysis ID:	1541473
MD5:	62d98d740b6e423272b99778a3c40fb7
SHA1:	24edcd66784d4b9384111f0c40e3c572e665d281
SHA256:	3f9c3e6eb56004da32035123d5cd8f29b26ff54ad5e04cf398347473553db64c
Infos:

Detection

Score:	6
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Binary contains a suspicious time stamp

Drops PE files

Found dropped PE file which has not been started or loaded

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file does not import any functions

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe (PID: 6800 cmdline: "C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe" MD5: 62D98D740B6E423272B99778A3C40FB7)

Setup.exe (PID: 6940 cmdline: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe MD5: F29EA7AC6D646B296CD573C0DAA33A72)

DownloadManager.exe (PID: 7020 cmdline: "C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe" -u "https://trial2.autodesk.com/NetSWDLD/ODIS/prd/2025/INVPROSA/E578CB4E-CF55-3E4D-9A8A-213245140B78/WI/Autodesk_Inventor_Professional_2025_en-US_setup.dat" -p "C:\Users\user\AppData\Local\Temp\odis_download_dest\16718949653529810453\Autodesk_Inventor_Professional_2025_en-US_setup.dat" --productname Bootstrap --productversion 2.10.0.4 MD5: DBDB7199C0DC31E5C65544432D90B12E)

conhost.exe (PID: 7064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000034D0000.00000004.00000020.00020000.00000000.sdmp

Source: unknown	HTTPS traffic detected: 54.158.70.36:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.70.36:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.70.36:443 -> 192.168.2.4:49747 version: TLS 1.2

Source:	Binary string: E:\jenkins\workspace\y-binaries_release_PDFY25SEP_1.0\target\Windows\x64\symbols\Release\AdHttpLib.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004CED000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1994351888.00007FFDFAE09000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.14 4 Jun 20243.0.14built on: Thu Jun 6 14:40:35 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\..\..\..\..\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\..\..\..\..\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\..\..\..\..\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\..\..\..\..\crypto\initthread.c..\..\..\..\..\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdup..\..\..\..\..\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\..\..\..\..\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\..\..\..\..\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringO
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Stage\workspace\ADP-UPI-Win-Build-Integration\10\proj\upi\dll\DLLProject\x64\Release\UPI.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000034D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Jenkins\workspace\_Pipeline_adp-desktop-sdk_master\ADP_SDK_Bin\Release\AdpSDKWrapper.pdb" source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004F72000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1996759182.00007FFE0EC3F000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: d:\agent\_work\3\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004F72000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1996494093.00007FFE00392000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: C:\CI\build\1c7f687c\VHD\src\presentation\ux\win\cer_component\obj\x64\Release\senddmp.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\jenkins\workspace\contrib_delivery_wxwidgets_3.2.1\wxwidgets\debug\lib\vc_x64_dll\wxbase32u_vc.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.000000000541D000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1991516746.00007FFDF9FB9000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: Microsoft.Diagnostics.Runtime.Utilities.Pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.Diagnostics.Runtime.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Jenkins\workspace\_Pipeline_adp-desktop-sdk_master\ADP_SDK_Bin\Release\AdpSDKCore.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004F72000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1991156139.00007FFDF9D20000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002C71000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000034D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000034D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\build\binary\win_vc17\x64\release\libcrypto-3-x64.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002D0A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\CI\build\1c7f687c\VHD\src\presentation\ux\win\x64\Release\cer_core.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000023B9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .dll.pdb.exeIFailed to extract a crash dump from aCould not create snapshot to process. Error {0}.QCould not query the snapshot. Error {0}.OCould not attach to process. Error {0}.5Dac architecture mismatch!OCould not free the snapshot. Error {0}.=Unable to get process modules. source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.Diagnostics.Runtime.pdbSHA256 source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\3\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004F72000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1996992646.00007FFE1338D000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: E:\jenkins\workspace\livery_DLM_release_PDFY25SEP_1.0\target\Windows\x64\symbols\Release\DownloadManager.pdbn source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000034D0000.00000004.00000020.00020000.00000000.sdmp, DownloadManager.exe, 00000002.00000002.1850448502.00007FF77DE65000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: E:\Jenkins\workspace\_Pipeline_adp-desktop-sdk_master\ADP_SDK_Bin\Release\AdpSDKCore.pdbc source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004F72000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1991156139.00007FFDF9D20000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000034D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\build\binary\win_vc17\x64\release\libcrypto-3-x64.pdbt source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002D0A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\jenkins\workspace\livery_DLM_release_PDFY25SEP_1.0\target\Windows\x64\symbols\Release\DownloadManager.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000034D0000.00000004.00000020.00020000.00000000.sdmp, DownloadManager.exe, 00000002.00000002.1850448502.00007FF77DE65000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\CI\build\1c7f687c\VHD\out\release_x64\senddmp_cli.exe.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000027CF000.00000004.00000020.00020000.00000000.sdmp, Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.000000000338D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\jenkins\workspace\_Bootstrap_release_PDFY25SEP_1.0\target\Windows\x64\symbols\Release\Setup.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.000000000681D000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000000.1804312655.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp, Setup.exe, 00000001.00000002.1989444261.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: d:\agent\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004F72000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1997146424.00007FFE14635000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: E:\jenkins\workspace\contrib_delivery_wxwidgets_3.2.1\wxwidgets\debug\lib\vc_x64_dll\wxmsw32u_core_vc.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.000000000541D000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1995638643.00007FFDFB58B000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: C:\src\build\binary\win_vc17\x64\release\libssl-3-x64.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\jenkins\workspace\_Bootstrap_release_PDFY25SEP_1.0\target\Windows\x64\symbols\Release\Setup.pdb* source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.000000000681D000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000000.1804312655.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp, Setup.exe, 00000001.00000002.1989444261.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: C:\src\build\binary\win_vc17\x64\release\libssl-3-x64.pdbDD source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Jenkins\workspace\_Pipeline_adp-desktop-sdk_master\ADP_SDK_Bin\Release\AdpSDKWrapper.pdb source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004F72000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1996759182.00007FFE0EC3F000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000034D0000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File opened: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File opened: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\7za.exe	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File opened: C:\Users\user\AppData\Local\Temp\7z36D71A90\	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File opened: C:\Users\user\	Jump to behavior

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: trial2.autodesk.com
Source: global traffic	DNS traffic detected: DNS query: manifest.delivery.autodesk.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: senddmp.resources.dll11.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.resources.dll9.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.exe.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.resources.dll12.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.resources.dll0.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.resources.dll.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.resources.dll6.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.resources.dll3.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.resources.dll5.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.resources.dll2.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.resources.dll7.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.resources.dll4.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.resources.dll1.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.resources.dll8.0.dr	Static PE information: No import functions for PE file found
Source: senddmp.resources.dll10.0.dr	Static PE information: No import functions for PE file found

Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004F45000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamel& vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUPI.dll( vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesenddmp.resources.dll( vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000027CF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesenddmp_cli.exe( vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000027CF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesenddmp.resources.dll( vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAdpSDKCore.dllX vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAdpSDKWrapper.dll` vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dll^ vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dll^ vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dll^ vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000023B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamecer_core.dll( vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.00000000023B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesenddmp.resources.dll( vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Diagnostics.Runtime.dll\ vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dllT vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesenddmp.resources.dll( vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002E40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesenddmp.exe( vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000005E1D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewxmsw32u_core_vc.dll4 vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000001FB8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7za.exe, vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.000000000338D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesenddmp_cli.exe( vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.000000000541D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewxbase32u_vc.dll4 vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000006FEF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000003F80000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamel& vs Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe

Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7064:120:WilError_03

Source: unknown	Process created: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe "C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe"
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Process created: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe "C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe" -u "https://trial2.autodesk.com/NetSWDLD/ODIS/prd/2025/INVPROSA/E578CB4E-CF55-3E4D-9A8A-213245140B78/WI/Autodesk_Inventor_Professional_2025_en-US_setup.dat" -p "C:\Users\user\AppData\Local\Temp\odis_download_dest\16718949653529810453\Autodesk_Inventor_Professional_2025_en-US_setup.dat" --productname Bootstrap --productversion 2.10.0.4
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Process created: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe "C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe" -u "https://trial2.autodesk.com/NetSWDLD/ODIS/prd/2025/INVPROSA/E578CB4E-CF55-3E4D-9A8A-213245140B78/WI/Autodesk_Inventor_Professional_2025_en-US_setup.dat" -p "C:\Users\user\AppData\Local\Temp\odis_download_dest\16718949653529810453\Autodesk_Inventor_Professional_2025_en-US_setup.dat" --productname Bootstrap --productversion 2.10.0.4	Jump to behavior

Source: Setup.exe, 00000001.00000003.1981165075.0000021409565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981449774.0000021409568000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1985295651.0000021409568000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [File] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[checksum] nvarchar(2147483647),PRIMARY KEY([path]));!w
Source: Setup.exe, 00000001.00000003.1981165075.0000021409565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981449774.0000021409568000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1985295651.0000021409568000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Package] ([upi2] nvarchar(2147483647) NOT NULL CHECK (upi2 <> ''),[name] nvarchar(2147483647) NOT NULL CHECK (name <> ''),[upgradeCode] nvarchar(2147483647) NOT NULL CHECK (upgradeCode <> ''),[installPathMappingsJson] text NULL,PRIMARY KEY([upi2]));!\|
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004BAE000.00000004.00000020.00020000.00000000.sdmp, Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.000000000681D000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1980775928.0000021409593000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000000.1804312655.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp, Setup.exe, 00000001.00000002.1984175118.0000021407906000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1985379360.00000214095AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1994351888.00007FFDFACCA000.00000002.00000001.01000000.00000007.sdmp, Setup.exe, 00000001.00000003.1981091544.000002140959F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1989444261.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp, Setup.exe, 00000001.00000002.1984331579.0000021407959000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [UpdateBundleArp] ([updatebundleupi2] nvarchar(2147483647) NOT NULL CHECK (updatebundleupi2 <> ''),[refupdatebundleupi2] nvarchar(2147483647) CHECK (refupdatebundleupi2 <> ''),PRIMARY KEY([updatebundleupi2],[refupdatebundleupi2]));
Source: Setup.exe, 00000001.00000003.1982300058.00000214079C5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982572696.00000214079E1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982328561.00000214079D9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1984472062.00000214079E2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [ManifestEntity_Backup] ([UPI2] nvarchar(2147483647) NOT NULL CHECK (UPI2 <> ''),[manifestJson] text NULL, PRIMARY KEY(upi2));3T
Source: Setup.exe, 00000001.00000002.1984175118.0000021407906000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Registry] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[type] nvarchar(2147483647) DEFAULT 'String',[value] nvarchar(2147483647),PRIMARY KEY([path]));SERENV.dll}L
Source: Setup.exe, 00000001.00000002.1984331579.0000021407959000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1983318147.0000021407957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [PackageDependencies] ([packageupi2] nvarchar(2147483647) NOT NULL CHECK (packageupi2 <> ''),[dependencyupi2] nvarchar(2147483647) NOT NULL CHECK (dependencyupi2 <> ''),PRIMARY KEY([packageupi2],[dependencyupi2]));e,
Source: Setup.exe, 00000001.00000003.1982300058.00000214079C5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982572696.00000214079E1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982328561.00000214079D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Bundle] ([UPI2] nvarchar(2147483647) NOT NULL CHECK (UPI2 <> ''), [version] nvarchar(2147483647) NOT NULL DEFAULT '0.0.0' CHECK (version <> ''), [upgradecode] nvarchar(2147483647) NOT NULL DEFAULT '9afee47d-1a2f-41a5-82ff-54d398c1f150' CHECK (upgradecode <> ''), [ismajorupgrade] nvarchar(2147483647) NOT NULL DEFAULT 'true' CHECK (ismajorupgrade <> ''),[updatebundle] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (updatebundle <> ''), [ispatch] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (ispatch <> ''), [name] nvarchar(2147483647) NULL, [state] varchar2 NOT NULL DEFAULT 'NEW' CHECK (state <> ''), [type] varchar2 NULL, [installdir] nvarchar(2147483647) NULL, [upi2hash] nvarchar(2147483647) NULL, [manifestJson] text NULL, [plc] nvarchar(2147483647) NULL, [constantid] nvarchar(2147483647) NULL, [release] nvarchar(2147483647) NULL, [languages] nvarchar(2147483647) NULL, CONSTRAINT[sqlite_autoindex_Bundle_1] PRIMARY KEY([UPI2]));KV
Source: Setup.exe, 00000001.00000003.1981599209.00000214093A1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982079558.00000214093A2000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981902704.00000214093A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [PackageFile] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[upi2] nvarchar(2147483647) NOT NULL CHECK (upi2 <> ''),CONSTRAINT[sqlite_autoindex_PackageFile_1] PRIMARY KEY([path], [upi2]), FOREIGN KEY([upi2]) REFERENCES[Package]([upi2]) ON DELETE NO ACTION ON UPDATE NO ACTION);B
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004BAE000.00000004.00000020.00020000.00000000.sdmp, Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.000000000681D000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981165075.0000021409565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982798119.000002140797D000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000000.1804312655.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp, Setup.exe, 00000001.00000003.1981449774.0000021409568000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1985295651.0000021409568000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1994351888.00007FFDFACCA000.00000002.00000001.01000000.00000007.sdmp, Setup.exe, 00000001.00000002.1989444261.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp, Setup.exe, 00000001.00000003.1982474781.000002140797E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [File] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[checksum] nvarchar(2147483647),PRIMARY KEY([path]));
Source: Setup.exe, 00000001.00000002.1984175118.0000021407906000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Registry] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[type] nvarchar(2147483647) DEFAULT 'String',[value] nvarchar(2147483647),PRIMARY KEY([path]));ff-54d398c1f150ll
Source: Setup.exe, 00000001.00000003.1980775928.0000021409593000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1985379360.00000214095AE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981091544.000002140959F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1984331579.0000021407959000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1983318147.0000021407957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [UpdateBundleArp] ([updatebundleupi2] nvarchar(2147483647) NOT NULL CHECK (updatebundleupi2 <> ''),[refupdatebundleupi2] nvarchar(2147483647) CHECK (refupdatebundleupi2 <> ''),PRIMARY KEY([updatebundleupi2],[refupdatebundleupi2]));e
Source: Setup.exe, 00000001.00000002.1985484800.0000021409633000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Bundle] ([UPI2] nvarchar(2147483647) NOT NULL CHECK (UPI2 <> ''), [version] nvarchar(2147483647) NOT NULL DEFAULT '0.0.0' CHECK (version <> ''), [upgradecode] nvarchar(2147483647) NOT NULL DEFAULT '9afee47d-1a2f-41a5-82ff-54d398c1f150' CHECK (upgradecode <> ''), [ismajorupgrade] nvarchar(2147483647) NOT NULL DEFAULT 'true' CHECK (ismajorupgrade <> ''),[updatebundle] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (updatebundle <> ''), [ispatch] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (ispatch <> ''), [name] nvarchar(2147483647) NULL, [state] varchar2 NOT NULL DEFAULT 'NEW' CHECK (state <> ''), [type] varchar2 NULL, [installdir] nvarchar(2147483647) NULL, [upi2hash] nvarchar(2147483647) NULL, [manifestJson] text NULL, [plc] nvarchar(2147483647) NULL, [constantid] nvarchar(2147483647) NULL, [release] nvarchar(2147483647) NULL, [languages] nvarchar(2147483647) NULL, CONSTRAINT[sqlite_autoindex_Bundle_1] PRIMARY KEY([UPI2]));!
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004BAE000.00000004.00000020.00020000.00000000.sdmp, Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.000000000681D000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981165075.0000021409565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000000.1804312655.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp, Setup.exe, 00000001.00000003.1981449774.0000021409568000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1985295651.0000021409568000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1994351888.00007FFDFACCA000.00000002.00000001.01000000.00000007.sdmp, Setup.exe, 00000001.00000002.1989444261.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: CREATE TABLE [Package] ([upi2] nvarchar(2147483647) NOT NULL CHECK (upi2 <> ''),[name] nvarchar(2147483647) NOT NULL CHECK (name <> ''),[upgradeCode] nvarchar(2147483647) NOT NULL CHECK (upgradeCode <> ''),[installPathMappingsJson] text NULL,PRIMARY KEY([upi2]));
Source: Setup.exe, 00000001.00000003.1981421337.0000021409471000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1985152111.0000021409473000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981538262.0000021409473000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [BundlePackageRegistry] ([bundleupgradecode] nvarchar(2147483647) NOT NULL CHECK (bundleupgradecode <> ''),[packageupi2] nvarchar(2147483647) NOT NULL CHECK (packageupi2 <> ''),[upgradecode] nvarchar(2147483647) NOT NULL CHECK (upgradecode <> ''),PRIMARY KEY([bundleupgradecode],[packageupi2])); (i26,o
Source: Setup.exe, 00000001.00000002.1985484800.0000021409633000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Bundle] ([UPI2] nvarchar(2147483647) NOT NULL CHECK (UPI2 <> ''), [version] nvarchar(2147483647) NOT NULL DEFAULT '0.0.0' CHECK (version <> ''), [upgradecode] nvarchar(2147483647) NOT NULL DEFAULT '9afee47d-1a2f-41a5-82ff-54d398c1f150' CHECK (upgradecode <> ''), [ismajorupgrade] nvarchar(2147483647) NOT NULL DEFAULT 'true' CHECK (ismajorupgrade <> ''),[updatebundle] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (updatebundle <> ''), [ispatch] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (ispatch <> ''), [name] nvarchar(2147483647) NULL, [state] varchar2 NOT NULL DEFAULT 'NEW' CHECK (state <> ''), [type] varchar2 NULL, [installdir] nvarchar(2147483647) NULL, [upi2hash] nvarchar(2147483647) NULL, [manifestJson] text NULL, [plc] nvarchar(2147483647) NULL, [constantid] nvarchar(2147483647) NULL, [release] nvarchar(2147483647) NULL, [languages] nvarchar(2147483647) NULL, CONSTRAINT[sqlite_autoindex_Bundle_1] PRIMARY KEY([UPI2]));%
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004BAE000.00000004.00000020.00020000.00000000.sdmp, Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.000000000681D000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981599209.00000214093A1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000000.1804312655.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp, Setup.exe, 00000001.00000002.1994351888.00007FFDFACCA000.00000002.00000001.01000000.00000007.sdmp, Setup.exe, 00000001.00000002.1989444261.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp, Setup.exe, 00000001.00000003.1981987690.00000214093BF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981902704.00000214093A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [MsiSharedKeyResource] ([componentId] nvarchar(2147483647) NOT NULL CHECK (path <> ''),[upi2] nvarchar(2147483647) NOT NULL CHECK (upi2 <> ''),[path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[type] nvarchar(2147483647) NOT NULL CHECK (type <> ''),[isSharedDll] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (isSharedDll <> ''),PRIMARY KEY([componentId],[upi2],[path]));
Source: Setup.exe, 00000001.00000003.1981123988.0000021409456000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982257306.00000214079E7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981599209.00000214093A1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982847472.0000021409444000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981384589.0000021409410000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981987690.00000214093BF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1984491820.00000214079F1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981902704.00000214093A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [PackageRegistry] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[upi2] nvarchar(2147483647) NOT NULL CHECK (upi2 <> ''),[componentId] nvarchar(2147483647),CONSTRAINT[sqlite_autoindex_PackageRegistry_1] PRIMARY KEY([path], [upi2]), FOREIGN KEY([upi2]) REFERENCES[Package]([upi2]) ON DELETE NO ACTION ON UPDATE NO ACTION);
Source: Setup.exe, 00000001.00000003.1981123988.0000021409456000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982257306.00000214079E7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981599209.00000214093A1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982079558.00000214093A2000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982847472.0000021409444000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981384589.0000021409410000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981987690.00000214093BF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1984491820.00000214079F1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981902704.00000214093A2000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1984990098.00000214093A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [PackageFont] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[upi2] nvarchar(2147483647) NOT NULL CHECK (upi2 <> ''),[componentId] nvarchar(2147483647),CONSTRAINT[sqlite_autoindex_PackageFont_1] PRIMARY KEY([path], [upi2]), FOREIGN KEY([upi2]) REFERENCES[Package]([upi2]) ON DELETE NO ACTION ON UPDATE NO ACTION);
Source: Setup.exe, 00000001.00000002.1985484800.0000021409633000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Bundle] ([UPI2] nvarchar(2147483647) NOT NULL CHECK (UPI2 <> ''), [version] nvarchar(2147483647) NOT NULL DEFAULT '0.0.0' CHECK (version <> ''), [upgradecode] nvarchar(2147483647) NOT NULL DEFAULT '9afee47d-1a2f-41a5-82ff-54d398c1f150' CHECK (upgradecode <> ''), [ismajorupgrade] nvarchar(2147483647) NOT NULL DEFAULT 'true' CHECK (ismajorupgrade <> ''),[updatebundle] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (updatebundle <> ''), [ispatch] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (ispatch <> ''), [name] nvarchar(2147483647) NULL, [state] varchar2 NOT NULL DEFAULT 'NEW' CHECK (state <> ''), [type] varchar2 NULL, [installdir] nvarchar(2147483647) NULL, [upi2hash] nvarchar(2147483647) NULL, [manifestJson] text NULL, [plc] nvarchar(2147483647) NULL, [constantid] nvarchar(2147483647) NULL, [release] nvarchar(2147483647) NULL, [languages] nvarchar(2147483647) NULL, CONSTRAINT[sqlite_autoindex_Bundle_1] PRIMARY KEY([UPI2]));(
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004BAE000.00000004.00000020.00020000.00000000.sdmp, Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.000000000681D000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981165075.0000021409565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982798119.000002140797D000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000000.1804312655.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp, Setup.exe, 00000001.00000003.1981449774.0000021409568000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1985295651.0000021409568000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1994351888.00007FFDFACCA000.00000002.00000001.01000000.00000007.sdmp, Setup.exe, 00000001.00000002.1989444261.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp, Setup.exe, 00000001.00000003.1982474781.000002140797E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Font] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[checksum] nvarchar(2147483647),PRIMARY KEY([path]));
Source: Setup.exe, 00000001.00000003.1981123988.0000021409456000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1980917155.0000021409634000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1985509669.0000021409635000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [PackageDependencies] ([packageupi2] nvarchar(2147483647) NOT NULL CHECK (packageupi2 <> ''),[dependencyupi2] nvarchar(2147483647) NOT NULL CHECK (dependencyupi2 <> ''),[istarget] nvarchar(2147483647) NOT NULL CHECK (istarget <> ''),[targetmethod] nvarchar(2147483647) CHECK (targetmethod <> ''),PRIMARY KEY([packageupi2],[dependencyupi2]));j
Source: Setup.exe, 00000001.00000003.1981165075.0000021409565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981449774.0000021409568000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1985295651.0000021409568000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Shortcut] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[commandline] nvarchar(2147483647),PRIMARY KEY([path]));g.
Source: Setup.exe, 00000001.00000003.1982257306.00000214079E7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1984491820.00000214079F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Package] ([UPI2] nvarchar(2147483647) NOT NULL CHECK (UPI2 <> ''), [version] nvarchar(2147483647) NOT NULL DEFAULT '0.0.0' CHECK (version <> ''), [upgradecode] nvarchar(2147483647) NOT NULL DEFAULT '9afee47d-1a2f-41a5-82ff-54d398c1f150' CHECK (upgradecode <> ''), [ismajorupgrade] nvarchar(2147483647) NOT NULL DEFAULT 'true' CHECK (ismajorupgrade <> ''), [ispatch] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (ispatch <> ''), [packagecode] nvarchar(2147483647) NULL, [installpath] nvarchar(2147483647) NULL, [uninstallargs] nvarchar(2147483647) NULL, [state] nvarchar(2147483647) NOT NULL DEFAULT 'NEW' CHECK (state <> ''), [type] nvarchar(2147483647) NULL, [name] nvarchar(2147483647) NULL, [ispermanent] nvarchar(2147483647) NULL, [manifestJson] text NULL, [notargets] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (notargets <> ''), [plc] nvarchar(2147483647) NULL, [constantid] nvarchar(2147483647) NULL, [release] nvarchar(2147483647) NULL, [languages] nvarchar(2147483647) NULL, [launchshortcut] nvarchar(2147483647) NULL, [isexternal] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (isexternal <> ''), [isupdatepackage] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (isupdatepackage <> ''), CONSTRAINT[sqlite_autoindex_Package_1] PRIMARY KEY([UPI2])); 00
Source: Setup.exe, 00000001.00000003.1980917155.0000021409634000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Bundle] ([UPI2] nvarchar(2147483647) NOT NULL CHECK (UPI2 <> ''), [version] nvarchar(2147483647) NOT NULL DEFAULT '0.0.0' CHECK (version <> ''), [upgradecode] nvarchar(2147483647) NOT NULL DEFAULT '9afee47d-1a2f-41a5-82ff-54d398c1f150' CHECK (upgradecode <> ''), [ismajorupgrade] nvarchar(2147483647) NOT NULL DEFAULT 'true' CHECK (ismajorupgrade <> ''),[updatebundle] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (updatebundle <> ''), [ispatch] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (ispatch <> ''), [name] nvarchar(2147483647) NULL, [state] varchar2 NOT NULL DEFAULT 'NEW' CHECK (state <> ''), [type] varchar2 NULL, [installdir] nvarchar(2147483647) NULL, [upi2hash] nvarchar(2147483647) NULL, [manifestJson] text NULL, [plc] nvarchar(2147483647) NULL, [constantid] nvarchar(2147483647) NULL, [release] nvarchar(2147483647) NULL, [languages] nvarchar(2147483647) NULL, CONSTRAINT[sqlite_autoindex_Bundle_1] PRIMARY KEY([UPI2]));,
Source: Setup.exe, 00000001.00000003.1981599209.00000214093A1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981987690.00000214093BF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981902704.00000214093A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [PackageFile] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[upi2] nvarchar(2147483647) NOT NULL CHECK (upi2 <> ''),[componentId] nvarchar(2147483647),CONSTRAINT[sqlite_autoindex_PackageFile_1] PRIMARY KEY([path], [upi2]), FOREIGN KEY([upi2]) REFERENCES[Package]([upi2]) ON DELETE NO ACTION ON UPDATE NO ACTION);U
Source: Setup.exe, 00000001.00000003.1981123988.0000021409456000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982300058.00000214079C5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982328561.00000214079D9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1980917155.0000021409634000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982572696.00000214079C0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1980825955.0000021409647000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982444834.00000214079BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [BundleAppPackages] ([packageupi2] nvarchar(2147483647) NOT NULL CHECK (packageupi2 <> ''), [applicationupi2] nvarchar(2147483647) NOT NULL CHECK (applicationupi2 <> ''), [bundleupi2] nvarchar(2147483647) NOT NULL CHECK (bundleupi2 <> ''), CONSTRAINT[sqlite_autoindex_BundleAppPackages_1] PRIMARY KEY([packageupi2], [applicationupi2], [bundleupi2]), FOREIGN KEY([bundleupi2]) REFERENCES[Bundle]([UPI2]) ON DELETE NO ACTION ON UPDATE NO ACTION, FOREIGN KEY([applicationupi2]) REFERENCES[Application]([UPI2]) ON DELETE NO ACTION ON UPDATE NO ACTION, FOREIGN KEY([packageupi2]) REFERENCES[Package]([UPI2]) ON DELETE NO ACTION ON UPDATE NO ACTION );
Source: Setup.exe, 00000001.00000002.1984331579.0000021407959000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1983318147.0000021407957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [UpdateBundlePackage] ([updatebundleupi2] nvarchar(2147483647) NOT NULL CHECK (updatebundleupi2 <> ''),[updatepackageupi2] nvarchar(2147483647) NOT NULL CHECK (updatepackageupi2 <> ''),PRIMARY KEY([updatebundleupi2],[updatepackageupi2])); >0
Source: Setup.exe, 00000001.00000003.1981165075.0000021409565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981449774.0000021409568000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1985295651.0000021409568000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Font] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[checksum] nvarchar(2147483647),PRIMARY KEY([path]));!
Source: Setup.exe, 00000001.00000003.1982572696.00000214079C0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982444834.00000214079BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [BundleAppPackages] ([packageupi2] nvarchar(2147483647) NOT NULL CHECK (packageupi2 <> ''), [applicationupi2] nvarchar(2147483647) NOT NULL CHECK (applicationupi2 <> ''), [bundleupi2] nvarchar(2147483647) NOT NULL CHECK (bundleupi2 <> ''), CONSTRAINT[sqlite_autoindex_BundleAppPackages_1] PRIMARY KEY([packageupi2], [applicationupi2], [bundleupi2]), FOREIGN KEY([bundleupi2]) REFERENCES[Bundle]([UPI2]) ON DELETE NO ACTION ON UPDATE NO ACTION, FOREIGN KEY([applicationupi2]) REFERENCES[Application]([UPI2]) ON DELETE NO ACTION ON UPDATE NO ACTION, FOREIGN KEY([packageupi2]) REFERENCES[Package]([UPI2]) ON DELETE NO ACTION ON UPDATE NO ACTION );V
Source: Setup.exe, 00000001.00000003.1981599209.00000214093A1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1980825955.0000021409647000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981987690.00000214093BF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981902704.00000214093A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Bundle] ([UPI2] nvarchar(2147483647) NOT NULL CHECK (UPI2 <> ''), [version] nvarchar(2147483647) NOT NULL DEFAULT '0.0.0' CHECK (version <> ''), [updateversion] nvarchar(2147483647), [upgradecode] nvarchar(2147483647) NOT NULL DEFAULT '9afee47d-1a2f-41a5-82ff-54d398c1f150' CHECK (upgradecode <> ''), [ismajorupgrade] nvarchar(2147483647) NOT NULL DEFAULT 'true' CHECK (ismajorupgrade <> ''),[updatebundle] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (updatebundle <> ''), [ispatch] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (ispatch <> ''), [isinstalledfor3p] nvarchar(2147483647) NOT NULL DEFAULT 'false'CHECK (isinstalledfor3p <> ''), [name] nvarchar(2147483647) NULL, [state] varchar2 NOT NULL DEFAULT 'NEW' CHECK (state <> ''), [type] varchar2 NULL, [installdir] nvarchar(2147483647) NULL, [upi2hash] nvarchar(2147483647) NULL, [manifestJson] text NULL, [plc] nvarchar(2147483647) NULL, [constantid] nvarchar(2147483647) NULL, [release] nvarchar(2147483647) NULL, [languages] nvarchar(2147483647) NULL, CONSTRAINT[sqlite_autoindex_Bundle_1] PRIMARY KEY([UPI2]));
Source: Setup.exe, 00000001.00000002.1985623588.000002140965B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1980701976.000002140964B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1980990772.000002140965B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO Font ('path', 'checksum') SELECT path, checksum FROM Font_OLDV3;>
Source: Setup.exe, 00000001.00000003.1982300058.00000214079C5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982572696.00000214079E1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982328561.00000214079D9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1984472062.00000214079E2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [ManifestEntity_Backup] ([UPI2] nvarchar(2147483647) NOT NULL CHECK (UPI2 <> ''),[manifestJson] text NULL, PRIMARY KEY(upi2));4T
Source: Setup.exe, 00000001.00000002.1984331579.0000021407959000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1983318147.0000021407957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [UpdateBundleArp] ([updatebundleupi2] nvarchar(2147483647) NOT NULL CHECK (updatebundleupi2 <> ''),[refupdatebundleupi2] nvarchar(2147483647) CHECK (refupdatebundleupi2 <> ''),PRIMARY KEY([updatebundleupi2],[refupdatebundleupi2]));?>
Source: Setup.exe, 00000001.00000003.1982474781.000002140797E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [File] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[checksum] nvarchar(2147483647),PRIMARY KEY([path]));(TRIM(pkg.U
Source: Setup.exe, 00000001.00000002.1984331579.0000021407959000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1983318147.0000021407957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [PackageDependencies] ([packageupi2] nvarchar(2147483647) NOT NULL CHECK (packageupi2 <> ''),[dependencyupi2] nvarchar(2147483647) NOT NULL CHECK (dependencyupi2 <> ''),PRIMARY KEY([packageupi2],[dependencyupi2]));
Source: Setup.exe, 00000001.00000003.1981165075.0000021409565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981449774.0000021409568000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1985295651.0000021409568000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Font] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[checksum] nvarchar(2147483647),PRIMARY KEY([path])); 'name', 'kg.
Source: Setup.exe, 00000001.00000003.1981165075.0000021409565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981449774.0000021409568000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1985295651.0000021409568000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [File] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[checksum] nvarchar(2147483647),PRIMARY KEY([path]));TRIM(pkg.
Source: Setup.exe, 00000001.00000003.1981599209.00000214093A1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981987690.00000214093BF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981902704.00000214093A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [PackageShortcut] ([path] nvarchar(2147483647) NOT NULL CHECK (path <> '') COLLATE NOCASE,[upi2] nvarchar(2147483647) NOT NULL CHECK (upi2 <> ''),[componentId] nvarchar(2147483647),CONSTRAINT[sqlite_autoindex_PackageShortcut_1] PRIMARY KEY([path], [upi2]), FOREIGN KEY([upi2]) REFERENCES[Package]([upi2]) ON DELETE NO ACTION ON UPDATE NO ACTION);j
Source: Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.0000000004BAE000.00000004.00000020.00020000.00000000.sdmp, Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe, 00000000.00000003.1794373230.000000000681D000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981209340.0000021409552000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000000.1804312655.00007FF6A1EBB000.00000002.00000001.01000000.00000004.sdmp, Setup.exe, 00000001.00000003.1981449774.0000021409561000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1982257306.00000214079F7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1981146749.000002140963F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1983440239.0000021409645000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1984491820.00000214079F7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1994351888.00007FFDFACCA000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE [GlobalData] ([key] nvarchar(2147483647) NOT NULL CHECK (key <> ''), [value] TEXT NULL, PRIMARY KEY([key]));
Source: Setup.exe, 00000001.00000003.1980825955.0000021409647000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE [Bundle] ([UPI2] nvarchar(2147483647) NOT NULL CHECK (UPI2 <> ''), [version] nvarchar(2147483647) NOT NULL DEFAULT '0.0.0' CHECK (version <> ''), [upgradecode] nvarchar(2147483647) NOT NULL DEFAULT '9afee47d-1a2f-41a5-82ff-54d398c1f150' CHECK (upgradecode <> ''), [ismajorupgrade] nvarchar(2147483647) NOT NULL DEFAULT 'true' CHECK (ismajorupgrade <> ''),[updatebundle] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (updatebundle <> ''), [ispatch] nvarchar(2147483647) NOT NULL DEFAULT 'false' CHECK (ispatch <> ''), [name] nvarchar(2147483647) NULL, [state] varchar2 NOT NULL DEFAULT 'NEW' CHECK (state <> ''), [type] varchar2 NULL, [installdir] nvarchar(2147483647) NULL, [upi2hash] nvarchar(2147483647) NULL, [manifestJson] text NULL, [plc] nvarchar(2147483647) NULL, [constantid] nvarchar(2147483647) NULL, [release] nvarchar(2147483647) NULL, [languages] nvarchar(2147483647) NULL, CONSTRAINT[sqlite_autoindex_Bundle_1] PRIMARY KEY([UPI2]));N

Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: authz.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: credui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: credui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: wxmsw32u_core_vc.dll.0.dr	Static PE information: section name: minATL
Source: Setup.exe.0.dr	Static PE information: section name: _RDATA
Source: 7za.exe.0.dr	Static PE information: section name: _RDATA
Source: cer_core.dll.0.dr	Static PE information: section name: .nep
Source: libcrypto-3-x64.dll.0.dr	Static PE information: section name: .00cfg
Source: libssl-3-x64.dll.0.dr	Static PE information: section name: .00cfg
Source: UPI.dll.0.dr	Static PE information: section name: .00cfg
Source: vcruntime140.dll.0.dr	Static PE information: section name: fothk
Source: vcruntime140.dll.0.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.wx\wxbase32u_vc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\de-DE\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\cs-CZ\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\it-IT\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.wx\wxmsw32u_core_vc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\senddmp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\hu-HU\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\UPI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\cer_core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\fr-FR\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\en-US\senddmp_cli.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\AdpSDKWrapper.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\es-ES\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\pl-PL\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\zh-TW\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\Microsoft.Diagnostics.Runtime.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\ja-JP\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\pt-BR\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\ko-KR\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\pt-PT\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\senddmp_cli.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\AdpSDKCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\libssl-3-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\en-US\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\libcrypto-3-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\zh-CN\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\7za.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\ru-RU\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\AdHttpLib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	File created: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\vcruntime140.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\de-DE\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.wx\wxbase32u_vc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\it-IT\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\cs-CZ\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.wx\wxmsw32u_core_vc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\senddmp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\UPI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\hu-HU\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\cer_core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\fr-FR\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\en-US\senddmp_cli.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\AdpSDKWrapper.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\es-ES\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\pl-PL\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\zh-TW\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\Microsoft.Diagnostics.Runtime.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\pt-BR\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\ja-JP\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\ko-KR\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\pt-PT\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\senddmp_cli.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\AdpSDKCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\libssl-3-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\libcrypto-3-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\en-US\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\zh-CN\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\7za.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\ru-RU\senddmp.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\AdHttpLib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\vcruntime140.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe TID: 796	Thread sleep time: -60000s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe TID: 7164	Thread sleep time: -60000s >= -30000s			Jump to behavior

Source: DownloadManager.exe, 00000002.00000002.1849668369.0000019CCC40C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllL_RE~
Source: Setup.exe, 00000001.00000003.1983052427.0000021407972000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000003.1983025414.000002140796E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000001.00000002.1984394242.0000021407973000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	1 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\7za.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\Microsoft.Diagnostics.Runtime.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\UPI.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\cer_core.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\cs-CZ\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\de-DE\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\en-US\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\en-US\senddmp_cli.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\es-ES\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\fr-FR\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\hu-HU\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\it-IT\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\ja-JP\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\ko-KR\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\libcrypto-3-x64.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\libssl-3-x64.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\msvcp140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\pl-PL\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\pt-BR\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\pt-PT\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\ru-RU\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\senddmp.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\senddmp_cli.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\vcruntime140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\zh-CN\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\zh-TW\senddmp.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\DownloadManager.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\AdHttpLib.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\AdpSDKCore.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\AdpSDKWrapper.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\msvcp140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.win\vcruntime140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.wx\wxbase32u_vc.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\odis.bs.wx\wxmsw32u_core_vc.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe	0%	ReversingLabs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Autodesk\ADPSDK\JSON\2fc8918c-67fb-4d8c-b655-2c390a0a29e8_5.json.user (copy)

C:\ProgramData\Autodesk\ADPSDK\JSON\2fc8918c-67fb-4d8c-b655-2c390a0a29e8_5.json.user.saving

C:\ProgramData\Autodesk\ADPSDK\JSON\2fc8918c-67fb-4d8c-b655-2c390a0a29e8_6.json.user (copy)

C:\ProgramData\Autodesk\ADPSDK\JSON\2fc8918c-67fb-4d8c-b655-2c390a0a29e8_6.json.user.saving

C:\ProgramData\Autodesk\ADPSDK\JSON\2fc8918c-67fb-4d8c-b655-2c390a0a29e8_i3.json.user (copy)

C:\ProgramData\Autodesk\ADPSDK\JSON\2fc8918c-67fb-4d8c-b655-2c390a0a29e8_i3.json.user.saving

C:\ProgramData\Autodesk\ADPSDK\JSON\2fc8918c-67fb-4d8c-b655-2c390a0a29e8_i4.json.user (copy)

C:\ProgramData\Autodesk\ADPSDK\JSON\2fc8918c-67fb-4d8c-b655-2c390a0a29e8_i4.json.user.saving

C:\ProgramData\Autodesk\ADPSDK\JSON\2fc8918c-67fb-4d8c-b655-2c390a0a29e8_i7.json.user (copy)

C:\ProgramData\Autodesk\ADPSDK\JSON\2fc8918c-67fb-4d8c-b655-2c390a0a29e8_i7.json.user.saving

C:\ProgramData\Autodesk\ADPSDK\JSON\921cb97e-6ffc-48e8-8f23-9c137052aa6a_i1.json.user (copy)

C:\ProgramData\Autodesk\ADPSDK\JSON\921cb97e-6ffc-48e8-8f23-9c137052aa6a_i1.json.user.saving

C:\ProgramData\Autodesk\ADPSDK\JSON\Urgent\bad15008-50f2-4d72-bd57-c7ecfccc87be_2.json.user (copy)

C:\ProgramData\Autodesk\ADPSDK\JSON\Urgent\bad15008-50f2-4d72-bd57-c7ecfccc87be_2.json.user.saving

C:\ProgramData\Autodesk\ADPSDK\canWrite6940.6880

C:\ProgramData\Autodesk\ADPSDK\canWrite6940.6976

C:\Users\user\AppData\Local\Autodesk\ODIS\DLM.log

C:\Users\user\AppData\Local\Autodesk\ODIS\Setup.log

C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\7z-license.txt

C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\7za.exe

C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\Autodesk_dialog_512x512.png

C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\Microsoft.Diagnostics.Runtime.dll

C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\UPI.dll

C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\cer_core.dll

Windows Analysis Report
Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe

Source	Detection	Scanner	Label	Link
https://www.openssl.org/H	0%	URL Reputation	safe
http://www.winimage.com/zLibDll	0%	URL Reputation	safe

Name	IP	Active	Malicious	Antivirus Detection	Reputation
manifest.delivery.autodesk.com	54.158.70.36	true	false		unknown
trial2.autodesk.com	unknown	unknown	false		unknown

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541473
Start date and time:	2024-10-24 21:41:26 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
Detection:	CLEAN
Classification:	clean6.winEXE@6/71@2/2
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Time	Type	Description
15:42:31	API Interceptor	2x Sleep call for process: DownloadManager.exe modified
15:42:35	API Interceptor	3x Sleep call for process: Setup.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-AESUS	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	44.204.254.102
	Doc-Secure6033.pdf	Get hash	malicious	Unknown	Browse	3.221.0.202
	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	44.206.248.96
	phish_alert_sp2_2.0.0.0 (1).eml	Get hash	malicious	Unknown	Browse	52.6.56.188
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	100.31.42.161
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	34.226.245.40
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	100.25.217.13
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	18.233.127.142
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	54.243.28.99
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	54.56.4.128

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
74954a0c86284d0d6e1c4efefe92b521	bat2.bat	Get hash	malicious	Unknown	Browse	54.158.70.36
	ufW7CDPEZ5.lnk	Get hash	malicious	Unknown	Browse	54.158.70.36
	BcsUcRnDGx.lnk	Get hash	malicious	Unknown	Browse	54.158.70.36
	41PbtwTtt7.lnk	Get hash	malicious	Unknown	Browse	54.158.70.36
	f7goD45EHo.lnk	Get hash	malicious	Unknown	Browse	54.158.70.36
	W4x0CDQAiw.lnk	Get hash	malicious	Unknown	Browse	54.158.70.36
	oP7CbGHVDZ.lnk	Get hash	malicious	Unknown	Browse	54.158.70.36
	f4Ghw1L3EH.lnk	Get hash	malicious	Unknown	Browse	54.158.70.36
	4pzJGIIsej.lnk	Get hash	malicious	Unknown	Browse	54.158.70.36
	FLhsRTUIon.lnk	Get hash	malicious	Unknown	Browse	54.158.70.36

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\7z36D71A90\ODIS\CER\UPI.dll	Create_Installer_PLC0000037_2025_English_WIN64.exe	Get hash	malicious	Unknown	Browse
	Create_Installer_PLC0000037_2025_French_WIN64.exe	Get hash	malicious	Unknown	Browse
	Create_Installer_PLC0000037_2024_English_WIN64.exe	Get hash	malicious	Unknown	Browse
	Create_Installer_PLC0000037_2024_English_WIN64.exe	Get hash	malicious	Unknown	Browse

Process:	C:\Users\user\AppData\Local\Temp\7z36D71A90\Setup.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1842
Entropy (8bit):	5.328197840594281
Encrypted:	false
SSDEEP:	48:5X9/0QGgDHV/Xy2jxJYEOM7fMVx6/s1Kg0zd2G0aM7t0a50aK0a/Oiw:5XZ05gDFCyJYEOUfix6/6PUkBaUCaOap
MD5:	9524C6ABE9C4289ADB01202577BAE8FA
SHA1:	D23D3BCFE2BFB21592D7D0EDD6957F145C76488F
SHA-256:	CBBFEA9F2EA2D09C09CCA9C2C0F94EFB096297297C32BAE22A2836B66250F864
SHA-512:	46C7A4F7BC120A629313EEC678D085D5316F656F453C0B356F1CE526390CD5BCBE08BCB9BC90DFF7D16F1F2D1F0BED52B92FA4757640DF7216F510984B103022
Malicious:	false
Reputation:	low
Preview:	{. "_command": "TrackEvent",. "_file": "2fc8918c-67fb-4d8c-b655-2c390a0a29e8_5",. "_pid": 6940,. "_sdk_api_version": "5.3.4.0",. "_time": 1729804413953901312,. "facets": [. "operation",. "product". ],. "operation_id": "2fc8918c-67fb-4d8c-b655-2c390a0a29e8",. "operation_meta": {. "bootstrap_json": "upi2:{E578CB4E-CF55-3E4D-9A8A-213245140B78}\"###\"signature:EvS61BHUOhFw3GPHPlRZj1+Pr1vVFtS6igd1Ycz7Ql8=\"###\"state:live\"###\"env:prd\"###\"prodLang:en-US\"###\"url:https://trial2.autodesk.com/NetSWDLD/ODIS/prd/2025/INVPROSA/E578CB4E-CF55-3E4D-9A8A-213245140B78/WI/Autodesk_Inventor_Professional_2025_en-US_setup.dat\"###\"sessionId:\"###\"serialNumber:\"###\"productKey:\"###\"subscriptionType:SUS\"###\"trialMode:true\"###\"clic:true\"###\"hideEula:true". },. "operation_stage": "BOOTSTRAP",. "operation_status": "E",. "operation_type": "install",. "product_build_id": "2.10.0",. "product_id": "AUTODESKINSTALLSERVICE&2024&{1FE1AE0

Process:	C:\Users\user\Desktop\Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	9920
Entropy (8bit):	4.932895815325676
Encrypted:	false
SSDEEP:	192:c1SQpwzZRagExK2mN/DjM8E4BptHsWQQfGc3ftfqMO:GS6wCgExfojk4vtHszQBfm
MD5:	D99AA46C2205B66C776292A2BCF7F366
SHA1:	77CF14F129226F451540AA5A8B5D568687B3522E
SHA-256:	EFE357154875B80E6FC3787E7C83C6F368BD6EF4C25A872D59801C8E137CFE32
SHA-512:	C200313AF138CC010BF770A499403E071CAA20D579126FD547588280B8DC3604608199A712A7A27838A98780794F4FA28FC1EDAAA2B6E6193709AC4D14372835
Malicious:	false
Preview:	7-Zip 23.01 Sources..-------------------....7-Zip is a file archiver for Windows. ....7-Zip Copyright (C) 1999-2023 Igor Pavlov.......License Info..------------....7-Zip is free software distributed under the GNU LGPL ..(except for unRar code). Also some code..is licensed under the "BSD 3-clause License"...Read "License.txt" for more infomation about license.....Notes about unRAR license:....Please check main restriction from unRar license:.... 2. The unRAR sources may be used in any software to handle RAR.. archives without limitations free of charge, but cannot be used.. to re-create the RAR compression algorithm, which is proprietary... Distribution of modified unRAR sources in separate form or as a.. part of other software is permitted, provided that it is clearly.. stated in the documentation and source comments that the code may.. not be used to develop a RAR (WinRAR) compatible archiver.....In brief it means:..1) You can compile and use compiled

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.980297558790407
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Autodesk_Inventor_Professional_2025_1_2_en-US_setup_webinstall.exe
File size:	16'260'168 bytes
MD5:	62d98d740b6e423272b99778a3c40fb7
SHA1:	24edcd66784d4b9384111f0c40e3c572e665d281
SHA256:	3f9c3e6eb56004da32035123d5cd8f29b26ff54ad5e04cf398347473553db64c
SHA512:	7ed7582ba748438d2f1e3af7a40b56e3a3ee2cf3186135d55643864353b8952f9c326f18cc857083d1f538d1b4bdf7f5e8b1300d06f12db5bdad61e475e217ab
SSDEEP:	196608:aNiZKPnPdi0SF/0ynzrIBMAzxN6F/tn+0S7verlhqMcfoW9EVxYArC3l/ZgO8/mJ:aCKXdimCtFV+J78hqdiTYArC3Y0HtAzA
TLSH:	26F6335034912FF3DE55DCB678AED52195120CFE12B232A15CD2F6E96BF782AC3A8035
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h.h..`;..`;..`;..j;..`;..n;..`;..d;..`;..a;..`;..=;..`;./j;..`;[.f;..`;Rich..`;........................PE..L.....n\........../