c1cd934805c70b710c62651286374e5804ad85be6c354235fd9b66ac417706bb

Analysis

max time kernel
290s
max time network
350s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Arc Symbolic.exe
Size

2.0MB
MD5

bb9c115236bc0cfc50b5a587502b5ce2
SHA1

996d297d64f2969db9b91d88348117500ca562ef
SHA256

c1cd934805c70b710c62651286374e5804ad85be6c354235fd9b66ac417706bb
SHA512

7040a328580c839681e7e6230617e92fd7c8a2e873d78280f1e916bce05c6068852d5e7a27dd8bc09c3be2158e0a43a956c0261246bbcabd7dc5b8f7e0dfcfbb
SSDEEP

49152:1rfCnwTCcIuWP31YMLpcnE3hnuyThujvzzHsDizvd:0wTCcIuWP31YMpRnTeHsDi5

Score

8^/10

discovery exploit upx

Malware Config

Signatures

Executes dropped EXE 8 IoCs

Processes:

iPack_Installer.exe7z.exePatcher.exePatcher.exePatcher.exePatcher.exePatcher.exePatcher.exe

pid process

1764 iPack_Installer.exe
520 7z.exe
1452 Patcher.exe
1564 Patcher.exe
2000 Patcher.exe
1580 Patcher.exe
1444 Patcher.exe
636 Patcher.exe

pid	process
1764	iPack_Installer.exe
520	7z.exe
1452	Patcher.exe
1564	Patcher.exe
2000	Patcher.exe
1580	Patcher.exe
1444	Patcher.exe
636	Patcher.exe

Possible privilege escalation attempt 41 IoCs

exploit

Processes:

icacls.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exeicacls.exeicacls.exetakeown.exetakeown.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exetakeown.exeicacls.exe

pid	process
1392	icacls.exe
316	icacls.exe
752	icacls.exe
832	takeown.exe
1972	icacls.exe
1596	icacls.exe
1972	icacls.exe
1896	icacls.exe
2036	takeown.exe
956	takeown.exe
1628	icacls.exe
984	icacls.exe
1484	icacls.exe
1952	icacls.exe
1976	icacls.exe
600	icacls.exe
540	icacls.exe
1868	icacls.exe
1044	icacls.exe
1096	icacls.exe
336	icacls.exe
1364	icacls.exe
1160	icacls.exe
1612	icacls.exe
1572	takeown.exe
1616	icacls.exe
188	icacls.exe
1108	icacls.exe
1888	takeown.exe
1480	icacls.exe
1624	icacls.exe
564	takeown.exe
1796	icacls.exe
2008	icacls.exe
1672	icacls.exe
1704	icacls.exe
1096	takeown.exe
876	icacls.exe
1376	icacls.exe
1960	takeown.exe
1916	icacls.exe

UPX packed file 22 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1760-55-0x0000000000400000-0x00000000004BC000-memory.dmp	upx
C:\Program Files (x86)\Arc Symbolic\7z.exe	upx
behavioral1/memory/520-71-0x0000000000400000-0x000000000045A000-memory.dmp	upx
behavioral1/memory/1760-73-0x0000000000400000-0x00000000004BC000-memory.dmp	upx
C:\Program Files (x86)\Arc Symbolic\Patcher.exe	upx
behavioral1/memory/1452-87-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral1/memory/1452-88-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral1/memory/1452-89-0x0000000000400000-0x0000000000521000-memory.dmp	upx
C:\Program Files (x86)\Arc Symbolic\Patcher.exe	upx
behavioral1/memory/1564-107-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral1/memory/1564-108-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral1/memory/1564-109-0x0000000000400000-0x0000000000521000-memory.dmp	upx
C:\Program Files (x86)\Arc Symbolic\Patcher.exe	upx
behavioral1/memory/2000-128-0x0000000000400000-0x0000000000521000-memory.dmp	upx
C:\Program Files (x86)\Arc Symbolic\Patcher.exe	upx
behavioral1/memory/1580-143-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral1/memory/1580-147-0x0000000000400000-0x0000000000521000-memory.dmp	upx
C:\Program Files (x86)\Arc Symbolic\Patcher.exe	upx
behavioral1/memory/1444-166-0x0000000000400000-0x0000000000521000-memory.dmp	upx
C:\Program Files (x86)\Arc Symbolic\Patcher.exe	upx
behavioral1/memory/636-184-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral1/memory/1760-210-0x0000000000400000-0x00000000004BC000-memory.dmp	upx

Loads dropped DLL 16 IoCs

Processes:

Arc Symbolic.exeexplorer.exe

pid	process
1760	Arc Symbolic.exe
1320	explorer.exe
1320	explorer.exe
1320	explorer.exe
1320	explorer.exe
1320	explorer.exe
1320	explorer.exe
1320	explorer.exe
1320	explorer.exe
1320	explorer.exe
1320	explorer.exe
1320	explorer.exe
1320	explorer.exe
1320	explorer.exe
1320	explorer.exe
1320	explorer.exe

Modifies file permissions 1 TTPs 41 IoCs

discovery

File Permissions Modification

T1222

Processes:

icacls.exeicacls.exeicacls.exeicacls.exetakeown.exetakeown.exeicacls.exeicacls.exeicacls.exetakeown.exeicacls.exetakeown.exetakeown.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exeicacls.exe

pid	process
600	icacls.exe
1868	icacls.exe
336	icacls.exe
1952	icacls.exe
1960	takeown.exe
564	takeown.exe
1044	icacls.exe
1364	icacls.exe
540	icacls.exe
1572	takeown.exe
1596	icacls.exe
1096	takeown.exe
832	takeown.exe
188	icacls.exe
1108	icacls.exe
1888	takeown.exe
1796	icacls.exe
1704	icacls.exe
1616	icacls.exe
1624	icacls.exe
1376	icacls.exe
1160	icacls.exe
1972	icacls.exe
752	icacls.exe
1484	icacls.exe
2008	icacls.exe
876	icacls.exe
1896	icacls.exe
1096	icacls.exe
1976	icacls.exe
956	takeown.exe
1628	icacls.exe
984	icacls.exe
1972	icacls.exe
2036	takeown.exe
1392	icacls.exe
316	icacls.exe
1916	icacls.exe
1612	icacls.exe
1672	icacls.exe
1480	icacls.exe

Drops file in Program Files directory 64 IoCs

Processes:

7z.exeiPack_Installer.exePatcher.exePatcher.exeArc Symbolic.exePatcher.exeicacls.exePatcher.exeicacls.exeicacls.exePatcher.exeicacls.exeicacls.exeicacls.exePatcher.exe

description	ioc	process
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\imageres.dll.res	7z.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Arc Symbolic.log	iPack_Installer.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Patcher.ini	Patcher.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\System32\zipfldr.dll	Patcher.exe
File created	C:\Program Files (x86)\Arc Symbolic\Setup files-iPack\logo.png	Arc Symbolic.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Setup files-iPack\Configuration.config	Arc Symbolic.exe
File created	C:\Program Files (x86)\Arc Symbolic\Patcher.exe	iPack_Installer.exe
File created	C:\Program Files (x86)\Arc Symbolic\Uninstall iPack.exe.config	iPack_Installer.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource.7z	iPack_Installer.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Resource Files\Backup\System32\imageres.dll	iPack_Installer.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\System32\imageres.dll	iPack_Installer.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Patcher.log	Patcher.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Patcher.ini	Patcher.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Patcher.log	Patcher.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\ACL\SysWOW64\zipfldr.dll.AclFile	icacls.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Patcher.ini	Patcher.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\imagesp1.dll.res	7z.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Resource Files\imagesp1.dll.res	7z.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Patcher.ini	Patcher.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\ACL\SysWOW64\imagesp1.dll.AclFile	icacls.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Patcher.log	Patcher.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\ACL\System32\zipfldr.dll.AclFile	icacls.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\Backup\System32\zipfldr.dll	iPack_Installer.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\SysWOW64\imagesp1.dll	Patcher.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\Backup\SysWOW64\imageres.dll	iPack_Installer.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Resource Files	7z.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\SysWOW64\imageres.dll	Patcher.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\System32\zipfldr.dll	iPack_Installer.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Patcher.log	Patcher.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Setup files-iPack	Arc Symbolic.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\Backup\System32\imageres.dll	iPack_Installer.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\iPack_Installer.exe	Arc Symbolic.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\zipfldr.dll.res	7z.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\ACL\System32\imageres.dll.AclFile	icacls.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\ACL\SysWOW64\imageres.dll.AclFile	icacls.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\Backup\SysWOW64\zipfldr.dll	iPack_Installer.exe
File created	C:\Program Files (x86)\Arc Symbolic\Setup files-iPack\header.png	Arc Symbolic.exe
File created	C:\Program Files (x86)\Arc Symbolic\Setup files-iPack\License.txt	Arc Symbolic.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\ACL\System32\imagesp1.dll.AclFile	icacls.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\System32\imagesp1.dll	Patcher.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Resource Files\zipfldr.dll.res	7z.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\System32\imagesp1.dll	iPack_Installer.exe
File created	C:\Program Files (x86)\Arc Symbolic\Uninstall iPack.exe	iPack_Installer.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Setup files-iPack\License.txt	Arc Symbolic.exe
File created	C:\Program Files (x86)\Arc Symbolic\7z.exe	iPack_Installer.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\System32\imageres.dll	Patcher.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Patcher.log	Patcher.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Patcher.ini	Patcher.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\SysWOW64\imageres.dll	iPack_Installer.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\Backup\SysWOW64\imagesp1.dll	iPack_Installer.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\SysWOW64\imagesp1.dll	iPack_Installer.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource.iPack	Arc Symbolic.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Resource.iPack	Arc Symbolic.exe
File created	C:\Program Files (x86)\Arc Symbolic\Patcher.log	Patcher.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Patcher.ini	Patcher.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\SysWOW64\zipfldr.dll	Patcher.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Setup files-iPack\header.png	Arc Symbolic.exe
File created	C:\Program Files (x86)\Arc Symbolic\iPack_Installer.exe.config	Arc Symbolic.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\iPack_Installer.exe.config	Arc Symbolic.exe
File created	C:\Program Files (x86)\Arc Symbolic\Resource Files\reload.bat	iPack_Installer.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Setup files-iPack\logo.png	Arc Symbolic.exe
File created	C:\Program Files (x86)\Arc Symbolic\Setup files-iPack\Configuration.config	Arc Symbolic.exe
File created	C:\Program Files (x86)\Arc Symbolic\iPack_Installer.exe	Arc Symbolic.exe
File opened for modification	C:\Program Files (x86)\Arc Symbolic\Resource Files\imageres.dll.res	7z.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

1912 taskkill.exe

pid	process
1912	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

iPack_Installer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iPack_Installer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iPack_Installer.exe

pid process

1764 iPack_Installer.exe

pid	process
1764	iPack_Installer.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

Processes:

taskkill.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exe

description	pid	process
Token: SeDebugPrivilege	1912	taskkill.exe
Token: SeRestorePrivilege	984	icacls.exe
Token: SeSecurityPrivilege	1972	icacls.exe
Token: SeTakeOwnershipPrivilege	1572	takeown.exe
Token: SeRestorePrivilege	1616	icacls.exe
Token: SeSecurityPrivilege	1624	icacls.exe
Token: SeTakeOwnershipPrivilege	1096	takeown.exe
Token: SeRestorePrivilege	876	icacls.exe
Token: SeSecurityPrivilege	1896	icacls.exe
Token: SeTakeOwnershipPrivilege	564	takeown.exe
Token: SeRestorePrivilege	1376	icacls.exe
Token: SeSecurityPrivilege	1364	icacls.exe
Token: SeTakeOwnershipPrivilege	832	takeown.exe
Token: SeRestorePrivilege	1796	icacls.exe
Token: SeSecurityPrivilege	1952	icacls.exe
Token: SeTakeOwnershipPrivilege	1960	takeown.exe
Token: SeRestorePrivilege	600	icacls.exe
Token: SeSecurityPrivilege	1160	icacls.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Arc Symbolic.exe

pid process

1760 Arc Symbolic.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

iPack_Installer.exe

pid process

1764 iPack_Installer.exe
1764 iPack_Installer.exe

pid	process
1764	iPack_Installer.exe
1764	iPack_Installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Arc Symbolic.exeiPack_Installer.execmd.execmd.execmd.exe

description	pid	process	target process
PID 1760 wrote to memory of 1764	1760	Arc Symbolic.exe	iPack_Installer.exe
PID 1760 wrote to memory of 1764	1760	Arc Symbolic.exe	iPack_Installer.exe
PID 1760 wrote to memory of 1764	1760	Arc Symbolic.exe	iPack_Installer.exe
PID 1760 wrote to memory of 1764	1760	Arc Symbolic.exe	iPack_Installer.exe
PID 1764 wrote to memory of 520	1764	iPack_Installer.exe	7z.exe
PID 1764 wrote to memory of 520	1764	iPack_Installer.exe	7z.exe
PID 1764 wrote to memory of 520	1764	iPack_Installer.exe	7z.exe
PID 1764 wrote to memory of 520	1764	iPack_Installer.exe	7z.exe
PID 1764 wrote to memory of 1912	1764	iPack_Installer.exe	taskkill.exe
PID 1764 wrote to memory of 1912	1764	iPack_Installer.exe	taskkill.exe
PID 1764 wrote to memory of 1912	1764	iPack_Installer.exe	taskkill.exe
PID 1764 wrote to memory of 540	1764	iPack_Installer.exe	icacls.exe
PID 1764 wrote to memory of 540	1764	iPack_Installer.exe	icacls.exe
PID 1764 wrote to memory of 540	1764	iPack_Installer.exe	icacls.exe
PID 1764 wrote to memory of 1668	1764	iPack_Installer.exe	cmd.exe
PID 1764 wrote to memory of 1668	1764	iPack_Installer.exe	cmd.exe
PID 1764 wrote to memory of 1668	1764	iPack_Installer.exe	cmd.exe
PID 1668 wrote to memory of 956	1668	cmd.exe	takeown.exe
PID 1668 wrote to memory of 956	1668	cmd.exe	takeown.exe
PID 1668 wrote to memory of 956	1668	cmd.exe	takeown.exe
PID 1668 wrote to memory of 1628	1668	cmd.exe	icacls.exe
PID 1668 wrote to memory of 1628	1668	cmd.exe	icacls.exe
PID 1668 wrote to memory of 1628	1668	cmd.exe	icacls.exe
PID 1668 wrote to memory of 1612	1668	cmd.exe	icacls.exe
PID 1668 wrote to memory of 1612	1668	cmd.exe	icacls.exe
PID 1668 wrote to memory of 1612	1668	cmd.exe	icacls.exe
PID 1764 wrote to memory of 1452	1764	iPack_Installer.exe	Patcher.exe
PID 1764 wrote to memory of 1452	1764	iPack_Installer.exe	Patcher.exe
PID 1764 wrote to memory of 1452	1764	iPack_Installer.exe	Patcher.exe
PID 1764 wrote to memory of 1452	1764	iPack_Installer.exe	Patcher.exe
PID 1764 wrote to memory of 1452	1764	iPack_Installer.exe	Patcher.exe
PID 1764 wrote to memory of 1452	1764	iPack_Installer.exe	Patcher.exe
PID 1764 wrote to memory of 1452	1764	iPack_Installer.exe	Patcher.exe
PID 1764 wrote to memory of 1620	1764	iPack_Installer.exe	cmd.exe
PID 1764 wrote to memory of 1620	1764	iPack_Installer.exe	cmd.exe
PID 1764 wrote to memory of 1620	1764	iPack_Installer.exe	cmd.exe
PID 1620 wrote to memory of 984	1620	cmd.exe	icacls.exe
PID 1620 wrote to memory of 984	1620	cmd.exe	icacls.exe
PID 1620 wrote to memory of 984	1620	cmd.exe	icacls.exe
PID 1620 wrote to memory of 1972	1620	cmd.exe	icacls.exe
PID 1620 wrote to memory of 1972	1620	cmd.exe	icacls.exe
PID 1620 wrote to memory of 1972	1620	cmd.exe	icacls.exe
PID 1764 wrote to memory of 340	1764	iPack_Installer.exe	cmd.exe
PID 1764 wrote to memory of 340	1764	iPack_Installer.exe	cmd.exe
PID 1764 wrote to memory of 340	1764	iPack_Installer.exe	cmd.exe
PID 1764 wrote to memory of 1392	1764	iPack_Installer.exe	icacls.exe
PID 1764 wrote to memory of 1392	1764	iPack_Installer.exe	icacls.exe
PID 1764 wrote to memory of 1392	1764	iPack_Installer.exe	icacls.exe
PID 1764 wrote to memory of 792	1764	iPack_Installer.exe	cmd.exe
PID 1764 wrote to memory of 792	1764	iPack_Installer.exe	cmd.exe
PID 1764 wrote to memory of 792	1764	iPack_Installer.exe	cmd.exe
PID 792 wrote to memory of 1572	792	cmd.exe	takeown.exe
PID 792 wrote to memory of 1572	792	cmd.exe	takeown.exe
PID 792 wrote to memory of 1572	792	cmd.exe	takeown.exe
PID 792 wrote to memory of 316	792	cmd.exe	icacls.exe
PID 792 wrote to memory of 316	792	cmd.exe	icacls.exe
PID 792 wrote to memory of 316	792	cmd.exe	icacls.exe
PID 792 wrote to memory of 1704	792	cmd.exe	icacls.exe
PID 792 wrote to memory of 1704	792	cmd.exe	icacls.exe
PID 792 wrote to memory of 1704	792	cmd.exe	icacls.exe
PID 1764 wrote to memory of 1564	1764	iPack_Installer.exe	Patcher.exe
PID 1764 wrote to memory of 1564	1764	iPack_Installer.exe	Patcher.exe
PID 1764 wrote to memory of 1564	1764	iPack_Installer.exe	Patcher.exe
PID 1764 wrote to memory of 1564	1764	iPack_Installer.exe	Patcher.exe

Views/modifies file attributes 1 TTPs 1 IoCs
evasion

Hidden Files and Directories
T1158

Processes:

attrib.exe

pid process

1428 attrib.exe

pid	process
1428	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Arc Symbolic.exe
"C:\Users\Admin\AppData\Local\Temp\Arc Symbolic.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1760

C:\Program Files (x86)\Arc Symbolic\iPack_Installer.exe
"C:\Program Files (x86)\Arc Symbolic\iPack_Installer.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1764

C:\Program Files (x86)\Arc Symbolic\7z.exe
"C:\Program Files (x86)\Arc Symbolic\7z.exe" x -y -bd "C:\Program Files (x86)\Arc Symbolic\Resource.7z"
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:520

C:\Windows\System32\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im explorer.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1912

C:\Windows\System32\icacls.exe
"C:\Windows\System32\icacls.exe" "C:\Windows\System32\imageres.dll" /save "Resource Files\ACL\System32\imageres.dll.AclFile"
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Drops file in Program Files directory
PID:540

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c takeown /a /F "C:\Windows\System32\imageres.dll" && icacls "C:\Windows\System32\imageres.dll" /grant:r "%username%":F && icacls "C:\Windows\System32\imageres.dll" /grant:r "administrators":F && exit
3⤵
- Suspicious use of WriteProcessMemory
PID:1668

C:\Windows\system32\takeown.exe
takeown /a /F "C:\Windows\System32\imageres.dll"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:956

C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32\imageres.dll" /grant:r "Admin":F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1628

C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32\imageres.dll" /grant:r "administrators":F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1612

C:\Program Files (x86)\Arc Symbolic\Patcher.exe
"C:\Program Files (x86)\Arc Symbolic\Patcher.exe" -addoverwrite "Resource Files\Patch\System32\imageres.dll", "Resource Files\Patch\System32\imageres.dll", "Resource Files\imageres.dll.res" ,,,
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1452

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c icacls "C:\Windows\System32\imageres.dll" /setowner "NT Service\TrustedInstaller" /T /C && icacls "C:\Windows\System32" /restore "Resource Files\ACL\System32\imageres.dll.AclFile" && exit
3⤵
- Suspicious use of WriteProcessMemory
PID:1620

C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32\imageres.dll" /setowner "NT Service\TrustedInstaller" /T /C
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:984

C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32" /restore "Resource Files\ACL\System32\imageres.dll.AclFile"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1972

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c del /f /q "C:\Windows\System32\imageres.dll.iPtemp" && exit
3⤵
PID:340

C:\Windows\System32\icacls.exe
"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\imageres.dll" /save "Resource Files\ACL\SysWOW64\imageres.dll.AclFile"
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Drops file in Program Files directory
PID:1392

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c takeown /a /F "C:\Windows\SysWOW64\imageres.dll" && icacls "C:\Windows\SysWOW64\imageres.dll" /grant:r "%username%":F && icacls "C:\Windows\SysWOW64\imageres.dll" /grant:r "administrators":F && exit
3⤵
- Suspicious use of WriteProcessMemory
PID:792

C:\Windows\system32\takeown.exe
takeown /a /F "C:\Windows\SysWOW64\imageres.dll"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1572

C:\Windows\system32\icacls.exe
icacls "C:\Windows\SysWOW64\imageres.dll" /grant:r "Admin":F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:316

C:\Windows\system32\icacls.exe
icacls "C:\Windows\SysWOW64\imageres.dll" /grant:r "administrators":F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1704

C:\Program Files (x86)\Arc Symbolic\Patcher.exe
"C:\Program Files (x86)\Arc Symbolic\Patcher.exe" -addoverwrite "Resource Files\Patch\SysWOW64\imageres.dll", "Resource Files\Patch\SysWOW64\imageres.dll", "Resource Files\imageres.dll.res" ,,,
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1564

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c icacls "C:\Windows\SysWOW64\imageres.dll" /setowner "NT Service\TrustedInstaller" /T /C && icacls "C:\Windows\SysWOW64" /restore "Resource Files\ACL\SysWOW64\imageres.dll.AclFile" && exit
3⤵
PID:1936

C:\Windows\system32\icacls.exe
icacls "C:\Windows\SysWOW64\imageres.dll" /setowner "NT Service\TrustedInstaller" /T /C
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1616

C:\Windows\system32\icacls.exe
icacls "C:\Windows\SysWOW64" /restore "Resource Files\ACL\SysWOW64\imageres.dll.AclFile"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1624

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c del /f /q "C:\Windows\SysWOW64\imageres.dll.iPtemp" && exit
3⤵
PID:592

C:\Windows\System32\icacls.exe
"C:\Windows\System32\icacls.exe" "C:\Windows\System32\imagesp1.dll" /save "Resource Files\ACL\System32\imagesp1.dll.AclFile"
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Drops file in Program Files directory
PID:1596

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c takeown /a /F "C:\Windows\System32\imagesp1.dll" && icacls "C:\Windows\System32\imagesp1.dll" /grant:r "%username%":F && icacls "C:\Windows\System32\imagesp1.dll" /grant:r "administrators":F && exit
3⤵
PID:544

C:\Windows\system32\takeown.exe
takeown /a /F "C:\Windows\System32\imagesp1.dll"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1096

C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32\imagesp1.dll" /grant:r "Admin":F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:752

C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32\imagesp1.dll" /grant:r "administrators":F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1972

C:\Program Files (x86)\Arc Symbolic\Patcher.exe
"C:\Program Files (x86)\Arc Symbolic\Patcher.exe" -addoverwrite "Resource Files\Patch\System32\imagesp1.dll", "Resource Files\Patch\System32\imagesp1.dll", "Resource Files\imagesp1.dll.res" ,,,
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2000

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c icacls "C:\Windows\System32\imagesp1.dll" /setowner "NT Service\TrustedInstaller" /T /C && icacls "C:\Windows\System32" /restore "Resource Files\ACL\System32\imagesp1.dll.AclFile" && exit
3⤵
PID:1736

C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32\imagesp1.dll" /setowner "NT Service\TrustedInstaller" /T /C
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:876

C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32" /restore "Resource Files\ACL\System32\imagesp1.dll.AclFile"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1896

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c del /f /q "C:\Windows\System32\imagesp1.dll.iPtemp" && exit
3⤵
PID:568

C:\Windows\System32\icacls.exe
"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\imagesp1.dll" /save "Resource Files\ACL\SysWOW64\imagesp1.dll.AclFile"
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Drops file in Program Files directory
PID:1868

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c takeown /a /F "C:\Windows\SysWOW64\imagesp1.dll" && icacls "C:\Windows\SysWOW64\imagesp1.dll" /grant:r "%username%":F && icacls "C:\Windows\SysWOW64\imagesp1.dll" /grant:r "administrators":F && exit
3⤵
PID:684

C:\Windows\system32\takeown.exe
takeown /a /F "C:\Windows\SysWOW64\imagesp1.dll"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:564

C:\Windows\system32\icacls.exe
icacls "C:\Windows\SysWOW64\imagesp1.dll" /grant:r "Admin":F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1484

C:\Windows\system32\icacls.exe
icacls "C:\Windows\SysWOW64\imagesp1.dll" /grant:r "administrators":F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1044

C:\Program Files (x86)\Arc Symbolic\Patcher.exe
"C:\Program Files (x86)\Arc Symbolic\Patcher.exe" -addoverwrite "Resource Files\Patch\SysWOW64\imagesp1.dll", "Resource Files\Patch\SysWOW64\imagesp1.dll", "Resource Files\imagesp1.dll.res" ,,,
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1580

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c icacls "C:\Windows\SysWOW64\imagesp1.dll" /setowner "NT Service\TrustedInstaller" /T /C && icacls "C:\Windows\SysWOW64" /restore "Resource Files\ACL\SysWOW64\imagesp1.dll.AclFile" && exit
3⤵
PID:1940

C:\Windows\system32\icacls.exe
icacls "C:\Windows\SysWOW64\imagesp1.dll" /setowner "NT Service\TrustedInstaller" /T /C
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1376

C:\Windows\system32\icacls.exe
icacls "C:\Windows\SysWOW64" /restore "Resource Files\ACL\SysWOW64\imagesp1.dll.AclFile"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1364

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c del /f /q "C:\Windows\SysWOW64\imagesp1.dll.iPtemp" && exit
3⤵
PID:2004

C:\Windows\System32\icacls.exe
"C:\Windows\System32\icacls.exe" "C:\Windows\System32\zipfldr.dll" /save "Resource Files\ACL\System32\zipfldr.dll.AclFile"
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Drops file in Program Files directory
PID:1096

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c takeown /a /F "C:\Windows\System32\zipfldr.dll" && icacls "C:\Windows\System32\zipfldr.dll" /grant:r "%username%":F && icacls "C:\Windows\System32\zipfldr.dll" /grant:r "administrators":F && exit
3⤵
PID:1260

C:\Windows\system32\takeown.exe
takeown /a /F "C:\Windows\System32\zipfldr.dll"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:832

C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32\zipfldr.dll" /grant:r "Admin":F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:336

C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32\zipfldr.dll" /grant:r "administrators":F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:188

C:\Program Files (x86)\Arc Symbolic\Patcher.exe
"C:\Program Files (x86)\Arc Symbolic\Patcher.exe" -addoverwrite "Resource Files\Patch\System32\zipfldr.dll", "Resource Files\Patch\System32\zipfldr.dll", "Resource Files\zipfldr.dll.res" ,,,
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1444

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c icacls "C:\Windows\System32\zipfldr.dll" /setowner "NT Service\TrustedInstaller" /T /C && icacls "C:\Windows\System32" /restore "Resource Files\ACL\System32\zipfldr.dll.AclFile" && exit
3⤵
PID:1652

C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32\zipfldr.dll" /setowner "NT Service\TrustedInstaller" /T /C
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1796

C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32" /restore "Resource Files\ACL\System32\zipfldr.dll.AclFile"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1952

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c del /f /q "C:\Windows\System32\zipfldr.dll.iPtemp" && exit
3⤵
PID:1860

C:\Windows\System32\icacls.exe
"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\zipfldr.dll" /save "Resource Files\ACL\SysWOW64\zipfldr.dll.AclFile"
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Drops file in Program Files directory
PID:1108

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c takeown /a /F "C:\Windows\SysWOW64\zipfldr.dll" && icacls "C:\Windows\SysWOW64\zipfldr.dll" /grant:r "%username%":F && icacls "C:\Windows\SysWOW64\zipfldr.dll" /grant:r "administrators":F && exit
3⤵
PID:1920

C:\Windows\system32\takeown.exe
takeown /a /F "C:\Windows\SysWOW64\zipfldr.dll"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1960

C:\Windows\system32\icacls.exe
icacls "C:\Windows\SysWOW64\zipfldr.dll" /grant:r "Admin":F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1976

C:\Windows\system32\attrib.exe
ATTRIB +H "C:\Program Files (x86)\Arc Symbolic\Uninstall iPack.exe.config" /S /D
5⤵
- Views/modifies file attributes
PID:1428

C:\Windows\system32\icacls.exe
icacls "C:\Windows\SysWOW64\zipfldr.dll" /grant:r "administrators":F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2008

C:\Program Files (x86)\Arc Symbolic\Patcher.exe
"C:\Program Files (x86)\Arc Symbolic\Patcher.exe" -addoverwrite "Resource Files\Patch\SysWOW64\zipfldr.dll", "Resource Files\Patch\SysWOW64\zipfldr.dll", "Resource Files\zipfldr.dll.res" ,,,
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:636

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c icacls "C:\Windows\SysWOW64\zipfldr.dll" /setowner "NT Service\TrustedInstaller" /T /C && icacls "C:\Windows\SysWOW64" /restore "Resource Files\ACL\SysWOW64\zipfldr.dll.AclFile" && exit
3⤵
PID:752

C:\Windows\system32\icacls.exe
icacls "C:\Windows\SysWOW64\zipfldr.dll" /setowner "NT Service\TrustedInstaller" /T /C
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:600

C:\Windows\system32\icacls.exe
icacls "C:\Windows\SysWOW64" /restore "Resource Files\ACL\SysWOW64\zipfldr.dll.AclFile"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1160

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c del /f /q "C:\Windows\SysWOW64\zipfldr.dll.iPtemp" && exit
3⤵
PID:1980

C:\Windows\system32\cmd.exe
cmd /c ""C:\Program Files (x86)\Arc Symbolic\Resource Files\reload.bat" "
3⤵
PID:316

C:\Windows\system32\takeown.exe
TAKEOWN /f "C:\Users\Admin\AppData\Local\IconCache.db"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1888

C:\Windows\system32\icacls.exe
ICACLS "C:\Users\Admin\AppData\Local\IconCache.db" /grant:r "Admin":F /T
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1672

C:\Windows\system32\takeown.exe
TAKEOWN /f "C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer" /r /d y
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2036

C:\Windows\system32\icacls.exe
ICACLS "C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer" /grant:r "Admin":F /T
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1480

C:\Windows\system32\icacls.exe
ICACLS "C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer" /grant:r "administrators":F /T
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1916

C:\Windows\explorer.exe
C:\Windows\explorer.exe
4⤵
- Loads dropped DLL
PID:1320

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ATTRIB +H "C:\Program Files (x86)\Arc Symbolic\Uninstall iPack.exe.config" /S /D && exit
3⤵
PID:1976

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x538
1⤵
PID:1296

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Privilege Escalation

Defense Evasion

File Permissions Modification

T1222

Modify Registry

T1112

Hidden Files and Directories

T1158

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Arc Symbolic\7z.exe
Filesize
148KB

MD5
f3d2f74e271da7fa59d9a4c860e6f338

SHA1
96e9fa8808fbe176494a624b4a7b5afc9306f93a

SHA256
d2c632a87f70039f8812f0bd5602379e288bfac237b0fce41cb5d8c757c70be3

SHA512
1553ba5d27ef59015ee4ff05e37d79a3da5d2257de193e61800f587917dbc5ba97e1d499448b41e370962b977570a4ea1c936e791d886e71384edaba39d5fe30

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.exe
Filesize
465KB

MD5
e92786023781296f23db1d42be4148dc

SHA1
f905ee76e91114db5278943a9b0db5493748dea5

SHA256
908a411ec3b024b1af6538a6ed00dd0ffc98c9337a657cc4c9531a24e852ede8

SHA512
2c5e78e5fe3b63db4919976e2273f398a04928f0ed7f1538aadba82de98b862bc0cef2ee4607be139169d4f1d6ae5a0388f2f88f9d5ec30331eb95a4da0082e0

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.exe
Filesize
465KB

MD5
e92786023781296f23db1d42be4148dc

SHA1
f905ee76e91114db5278943a9b0db5493748dea5

SHA256
908a411ec3b024b1af6538a6ed00dd0ffc98c9337a657cc4c9531a24e852ede8

SHA512
2c5e78e5fe3b63db4919976e2273f398a04928f0ed7f1538aadba82de98b862bc0cef2ee4607be139169d4f1d6ae5a0388f2f88f9d5ec30331eb95a4da0082e0

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.exe
Filesize
465KB

MD5
e92786023781296f23db1d42be4148dc

SHA1
f905ee76e91114db5278943a9b0db5493748dea5

SHA256
908a411ec3b024b1af6538a6ed00dd0ffc98c9337a657cc4c9531a24e852ede8

SHA512
2c5e78e5fe3b63db4919976e2273f398a04928f0ed7f1538aadba82de98b862bc0cef2ee4607be139169d4f1d6ae5a0388f2f88f9d5ec30331eb95a4da0082e0

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.exe
Filesize
465KB

MD5
e92786023781296f23db1d42be4148dc

SHA1
f905ee76e91114db5278943a9b0db5493748dea5

SHA256
908a411ec3b024b1af6538a6ed00dd0ffc98c9337a657cc4c9531a24e852ede8

SHA512
2c5e78e5fe3b63db4919976e2273f398a04928f0ed7f1538aadba82de98b862bc0cef2ee4607be139169d4f1d6ae5a0388f2f88f9d5ec30331eb95a4da0082e0

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.exe
Filesize
465KB

MD5
e92786023781296f23db1d42be4148dc

SHA1
f905ee76e91114db5278943a9b0db5493748dea5

SHA256
908a411ec3b024b1af6538a6ed00dd0ffc98c9337a657cc4c9531a24e852ede8

SHA512
2c5e78e5fe3b63db4919976e2273f398a04928f0ed7f1538aadba82de98b862bc0cef2ee4607be139169d4f1d6ae5a0388f2f88f9d5ec30331eb95a4da0082e0

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.exe
Filesize
465KB

MD5
e92786023781296f23db1d42be4148dc

SHA1
f905ee76e91114db5278943a9b0db5493748dea5

SHA256
908a411ec3b024b1af6538a6ed00dd0ffc98c9337a657cc4c9531a24e852ede8

SHA512
2c5e78e5fe3b63db4919976e2273f398a04928f0ed7f1538aadba82de98b862bc0cef2ee4607be139169d4f1d6ae5a0388f2f88f9d5ec30331eb95a4da0082e0

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.ini
Filesize
311B

MD5
796935772ac839e1d1efe29ae87a87f8

SHA1
24fe87b39d5f0065584d9167bb2a0a534d200dce

SHA256
c856b849708f175d087a09cd0b1fdf2b64e8a6de77f9dfdb9ae85640e642c62a

SHA512
1f0d62370694c6216e0325d61446cd63247d1a64b0270d91f1e20eda6df6c577555c6611aa63a048f4ba2019e045af34c855340f9d07d164216c2ac56791fc76

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.ini
Filesize
395B

MD5
7448124047ee15a5aa32dbb38ce6a3a0

SHA1
9f82fbac739a277bfd310bfd8246e48516d50ccf

SHA256
20980506d492f11dbc6700b9803c07ac2b7f8ad5d4a304d76cc95f8213132f2f

SHA512
6204c583aa1273a2c597f92cd975446b7895f64bd3a0d361a5a514a644d3a674845e8c000be2f335c79ba431e551a5ad932c399b472b5831840c399df625e89c

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.ini
Filesize
395B

MD5
3343f400c1c0ace29197c5e8490481f4

SHA1
d34e20624a92e94436781460586a6343b5a8936c

SHA256
9f232b5d64d51d28712ab9ca37c6d47fea956becff939fa556decaf4f1983224

SHA512
fd69fc2809e257d1711190215e85b039c55b3530712c6a475e4806269f9fa5dbe3e120a4f0d40a85825951b56156fc8944c791d9274aeb1161f7b0b060c1d7fe

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.ini
Filesize
436B

MD5
f68fde6abc136b58ffca27ae942e25cb

SHA1
ac28f8e4f20b9808f845287e1e168a02f87b768e

SHA256
9ad6287507208059a29b3acfb02ecda28abe24546d101fbae529737127286e67

SHA512
b5b55b38254dd8572c913d920110708d400e1e214844e43f808fbd10306cd3a7c79165311063793584c2a111fe2c52b4d26b1461bc3885e2be785ecfcd30398a

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.ini
Filesize
435B

MD5
e3f11fee78f84221d94a65072e04c8cb

SHA1
38ab53b2d59571c5908be854593bc70d77cb31a0

SHA256
dbb0f33f038356cb1f9352a847cdaccd14c5141dc59d2f580f4a6bfaa4d070b4

SHA512
239ba71cb411377c8945dce2e5c06e539bf5508b86c6688aacf95e7bc35bfeb6447a04c499da0e8f31f440f71ac7485aeadc5cb3c65be864d99130a66f71a2f1

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.log
Filesize
220B

MD5
cdfe5578f65586adaffc0404077ff9c7

SHA1
262991698ccc91fe099e724343d3b38a3c1b04b4

SHA256
b1213dba145c1d5aeb4ab124e7cf53919ddcf100c42daba933de1b66adb9f522

SHA512
88da84f7148ffd1fc911498be33b2069bb1cd7e2dc116a594f678c3e4578ffe8f7ba1f87c96305710e3c9c7a7e004d94ac778281c950f6e228bc8d85c4ed06c7

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.log
Filesize
246B

MD5
fcadf78cc8875d67b76681dbf4bed34a

SHA1
d83c72996a3a0614e430811ba60c0f08506d7b63

SHA256
b4f1a34d4fd8ef7ee068a3e460f368b2c485dce33ea103078c0dfbf2309db67b

SHA512
afe669d46a68d61b1a93a32f9caabeb97e135207cfec77a09f9c55b40efb81cf14ee6baf5c67df28de6aa57da4838b9028e9095100819ece13962c586a92bb99

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.log
Filesize
220B

MD5
14dbb03ebe14100bd4d81a8550737f0d

SHA1
1e3af3276e20a170aef70bb57ec1e900477e2b63

SHA256
37a887f82698b95dfc6ee6d5f576aad61ffb83b50e82aaee07042f310c947eb2

SHA512
9b17651d777c898d980824c7529098b2e0296e199cb08e3141f5f92acac247e755e271f78081332e3b0220732ac9bbf6bcc2c91c430f3efc3e746534b871314d

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.log
Filesize
291B

MD5
07d6d44eac3bd24aec321742b9b040fb

SHA1
214f23a45cebdd3b0e6adc0e357c8349976d4c0b

SHA256
27221d1f74101a5dcd0fefab6434e512b3dfdf03eaf8afca4581d36858326e50

SHA512
c90ed8e3df3a0f93776a103440977afebafcbc2e349922627ca25b365e66113b69bc9d49cee48f1c07f4db11da84512fddacafd6323075e5951a529d6b903763

Download Submit
C:\Program Files (x86)\Arc Symbolic\Patcher.log
Filesize
291B

MD5
3cc710e8af295d92ae97f55f63b1160b

SHA1
742ba105f53dee83a5e2baa7019849bb684cffc8

SHA256
509a87e7b68e21195c6a0a742f1f9868078e2b8e1cf69065c497146ed2aac963

SHA512
946b6f5d984dcc54e5869e7e3245830a2853d71cde6e47faf2539380da2b278ea3d89d10c6e5efad4b19fae79b97955a01d87994206c61cff67edc2f2bf193d1

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\ACL\SysWOW64\imageres.dll.AclFile
Filesize
302B

MD5
e215cac62f4c9190a204172e06952ab0

SHA1
76837f17825e729cb2ccf4362d7fef00b00ed240

SHA256
0a79f07fa1280e5cf07acef948aa6c3874fc5ad8e51d231cbc90a7ac05e779d5

SHA512
5e63a1131b38e57b2f2ae4f76f1c149520cc41df2ae70ce1a2851aa0f219f299aba46b74efd5b4c5bf01a004901d46a06c7f97a37ecf829c7db19f5bad6af1c0

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\ACL\SysWOW64\imagesp1.dll.AclFile
Filesize
302B

MD5
184bb2fd0f9c86a663ac223f156d3e8e

SHA1
d0010ac02415f739f6824d74ed8c6dc73422f115

SHA256
81b47bca422daccea5470c483a694c0decd14e6002b84098c8c825d04f8ef49f

SHA512
a5b0e6f3e1b1524b25e380799bbfe0bb67967e8feaf69a25f7bc81ec645b85415b97ce15f72e39c4a71d620c59d75db22a86f5396e3732062ac072cd05188b3f

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\ACL\SysWOW64\zipfldr.dll.AclFile
Filesize
300B

MD5
5ca7c7e8bf0146f7f3505f269f631178

SHA1
e1e3b85489661ca0c491af95ca1f552415f1f67a

SHA256
3bc1b8b7cc953074e626034c66e73dcdd060fb7317e02f9d0439c68af5c6fac2

SHA512
74a33b871f0abb39d9b18f91f7a84f345fafb75d27921b9ef8540d0de18484250047fb856ee6d7f52e97989031fbae93dae020b4e5037d1064317d2627d8b0cc

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\ACL\System32\imageres.dll.AclFile
Filesize
302B

MD5
e215cac62f4c9190a204172e06952ab0

SHA1
76837f17825e729cb2ccf4362d7fef00b00ed240

SHA256
0a79f07fa1280e5cf07acef948aa6c3874fc5ad8e51d231cbc90a7ac05e779d5

SHA512
5e63a1131b38e57b2f2ae4f76f1c149520cc41df2ae70ce1a2851aa0f219f299aba46b74efd5b4c5bf01a004901d46a06c7f97a37ecf829c7db19f5bad6af1c0

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\ACL\System32\imagesp1.dll.AclFile
Filesize
302B

MD5
184bb2fd0f9c86a663ac223f156d3e8e

SHA1
d0010ac02415f739f6824d74ed8c6dc73422f115

SHA256
81b47bca422daccea5470c483a694c0decd14e6002b84098c8c825d04f8ef49f

SHA512
a5b0e6f3e1b1524b25e380799bbfe0bb67967e8feaf69a25f7bc81ec645b85415b97ce15f72e39c4a71d620c59d75db22a86f5396e3732062ac072cd05188b3f

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\ACL\System32\zipfldr.dll.AclFile
Filesize
300B

MD5
5ca7c7e8bf0146f7f3505f269f631178

SHA1
e1e3b85489661ca0c491af95ca1f552415f1f67a

SHA256
3bc1b8b7cc953074e626034c66e73dcdd060fb7317e02f9d0439c68af5c6fac2

SHA512
74a33b871f0abb39d9b18f91f7a84f345fafb75d27921b9ef8540d0de18484250047fb856ee6d7f52e97989031fbae93dae020b4e5037d1064317d2627d8b0cc

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\SysWOW64\imageres.dll
Filesize
19.3MB

MD5
827cb0d6c3f8057ea037ff271f8e9795

SHA1
4f8385c0a9f37b5c3c3fd3e339b680fb08758570

SHA256
82760dbddd38d2a31caaf51d065df4e7e1d0f0c22733a0af653776ebf7b79470

SHA512
6e65491629717a260eca32e3f1b65baf16f70fede0717391af4acaf0e9c83da479d62e5de9734f9bbf7773b0904f5623df717a7ca9a0f6806ca4807fcfaa6a09

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\SysWOW64\imageres.dll
Filesize
49.9MB

MD5
9c8d7684f46242d7d17f65bbba41f5c9

SHA1
411f1f5174839578e0fb01f06effbf3981ae6d16

SHA256
082ab2e6e79a0079fea377b207604bdf0234842a4fb485b4130dd99fc18e0422

SHA512
35380cf385823044fcabf51a45be719c0bfe26f12221b3879cc44294f2a901b8767d80185ad90f840c8c54fa8842f47666d9d7018638f0721768752baa378405

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\SysWOW64\imagesp1.dll
Filesize
689KB

MD5
558eb49400fb208c508dd9efc7ccdf02

SHA1
111eb187d9fae1a64b5377ea776fdbe8d0f4e096

SHA256
42ba2645ddde8f991f6d95330834e8e29dcff3b76695b089f5803e74cca8caae

SHA512
cae0dc46931925cabcb5c8c23b07a6ddd2e7177d865d70b5b97f45a60ae8b051a9fc1475df8908a4d45e9f1b99863d03c071f91bd341b34532902d73a6ed45ec

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\SysWOW64\imagesp1.dll
Filesize
3.1MB

MD5
c2df540fef66d284256e87573b091b49

SHA1
cf29fe0b7bb83d667c4f5fc2336621b21d716572

SHA256
57839c7b0f12cf2b95445368c52cbc157d5fadc5da5ce369c45502bc39eb5341

SHA512
4a3e3bfa054cd4268ac77add8171337d5a71056548e8257cee42490d91d3f305eff58f4a3ce4d2efd0390081603bebe6b52268ab485f1f81235c3b608744b5c6

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\SysWOW64\zipfldr.dll
Filesize
882KB

MD5
4c8a900aeec216e314dcc2b61855b24f

SHA1
568ffdb158d680c2925903c295422187ac7e9fae

SHA256
b63a5dfd1c0973df27b43cda6550303f820525ee3252182b88c255621837e196

SHA512
821729be6b4f559b5d9d768e6c07b3f239b6c2f2410d1febdc64f38476cf969fdb9aa5e4b9acd73f0018776f7f7c818b6e7a14b7c2610f179101b8c41eb4cdd2

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\SysWOW64\zipfldr.dll
Filesize
882KB

MD5
4c8a900aeec216e314dcc2b61855b24f

SHA1
568ffdb158d680c2925903c295422187ac7e9fae

SHA256
b63a5dfd1c0973df27b43cda6550303f820525ee3252182b88c255621837e196

SHA512
821729be6b4f559b5d9d768e6c07b3f239b6c2f2410d1febdc64f38476cf969fdb9aa5e4b9acd73f0018776f7f7c818b6e7a14b7c2610f179101b8c41eb4cdd2

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\System32\imageres.dll
Filesize
19.3MB

MD5
5aa945234e9d4cce4f715276b9aa712c

SHA1
dba3c8cecb3f8d4b1d96265d8519dbe0e911f446

SHA256
65165bd131056816f009d987fc78ac86ffe0c3c38a27e73f873586b7ff4d59cf

SHA512
acf0d5706662b3f4abb68b94aad9155c17dc74ccf3a92ed97c9bc2abdf4f8fd32705bb7692836452304301605561121b4ef2b82b81563f9bf2a9d1c71e8c6233

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\System32\imageres.dll
Filesize
49.9MB

MD5
c96abb4a599e97032cb7ac5e7ae579d9

SHA1
eaaab1cb5129caaea4f379bfd52f6e8aadee0f40

SHA256
7c0f00bd12e4e4801c94aea20731b8a8e3998571eb9e15eaf209336c9562d5e5

SHA512
bf6f58cec675355efe6e21db7735dd6a6b0c6bc152eee311d6d1ee6aed9b36dcc37b07b6bf62e8b146ac7ce38989340d574b17db94411b58fa039b2fcaa512d9

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\System32\imagesp1.dll
Filesize
3.1MB

MD5
57750ffce9e0a0e781f4ab96af2239e0

SHA1
3e854d2d5cc437c3861f53ee6c0d7384c61eaffc

SHA256
9bb3db2f1bc6680e962999f054f53cbfb3909d1af1bccf1f9bbc079577c3d06b

SHA512
b199808e5b955219aba3a24caebd20e40d20324109ed57862b7bfb5939b268aa51054d217adcb7801b10ab21c193025d97d81a9f0022dda421c9aeb56cfeb8e8

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\System32\imagesp1.dll
Filesize
3.1MB

MD5
bb22ea111e8048c52d510ffa970eb93d

SHA1
122e6faa55a129f4cde9e4746f61c9926f5aa87c

SHA256
ca87fd31a651b1c1cbe300b8c771cca1b543dc0f8f658e20c21ace8b30fd65b9

SHA512
96b004016a7b774c839b2148b3f8f81834733c1f7ec5887eb39f6ffa166c6379a064b9b59749c095d4b16f730e7beccedfcdc7f751868f9deacdac01bd8fa800

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\System32\zipfldr.dll
Filesize
920KB

MD5
b6736dddc79b4b511828c63e8513db6c

SHA1
af51ecc56a75cd1bb97e7cec0f5851ce5c2a8605

SHA256
52004a33c83d7e23cedc754ca0c39bdd76b44cdcd6b606502d51d45ed6e9210c

SHA512
9e66741cf8f3b32c6099a01908b1f95266e4ef4b89bf54bc6669b4edcd22d49eabfde7fe3d80680ffafe2c987879f7d5e9172bca1fd7996a1ab87a4763b2547a

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\Patch\System32\zipfldr.dll
Filesize
920KB

MD5
b6736dddc79b4b511828c63e8513db6c

SHA1
af51ecc56a75cd1bb97e7cec0f5851ce5c2a8605

SHA256
52004a33c83d7e23cedc754ca0c39bdd76b44cdcd6b606502d51d45ed6e9210c

SHA512
9e66741cf8f3b32c6099a01908b1f95266e4ef4b89bf54bc6669b4edcd22d49eabfde7fe3d80680ffafe2c987879f7d5e9172bca1fd7996a1ab87a4763b2547a

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\imageres.dll.res
Filesize
46.5MB

MD5
10d5d5b4d88452fd12a8610477aa247c

SHA1
2a1309ff5f22e3d7cf478eb6aace8e31e07f88b7

SHA256
d16c65d4eadba10d3e3bd3c46967042cb1570df77851882e280aa6d112d538f9

SHA512
dec051cdc026b936570f6d58377b127bfa7fabd4639e64bbfafdb9b770b2f91322927087334b16df8261ba7bce5cfdd8854cdd469688f2e23d636aec847118aa

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\imagesp1.dll.res
Filesize
2.5MB

MD5
d1aa1d0b2e1e50c198282d8a4b479417

SHA1
7a786f61e18a99b4d298f39aadd3242b3214bf24

SHA256
520ff6bfeccfca4e674dee08fc6d5ca19be7fc16a411464e216391d48f234343

SHA512
cadab1dbe15b7f1d0f166ac0263b68e4c2b111091f5a213985be90d9f0591457d6528e6fb722efd82a5e77380c6f10626437664d40b2f113a3ef6074cb726b29

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\reload.bat
Filesize
627B

MD5
50a07ee683b320659268a73f82447c84

SHA1
c3211db99b4542f838b862fb8729b09cbb92d023

SHA256
a01128b17fa92074723e1289a5af6efe203194d606ec60d729312b28e36d0746

SHA512
b0b26e4c8f293635dc693b624bb5b772ffbd7bfd54956236fd9ec85b8b50264a25ca92a6ba1728d9abec6e709217b89ee794bda10eac4c14a015de496385fa04

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource Files\zipfldr.dll.res
Filesize
562KB

MD5
fbf2683b133e0a34649351cb9bfc2c6f

SHA1
dbb6678b727ac379a1dc0b442372bf97b2344e19

SHA256
959afd99a8d8c2e9396bc09fc31d2285712afa703e8aa782800c00aad93463a1

SHA512
72efc015ee5cf54aae88aa965c4bb3bc68a4312fb8b818b2da9889b11c2630040f02c6f226e1528517989f25a282140d1944a3722df8d8f14b763cdd65f67eec

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource.7z
Filesize
1005KB

MD5
aabb74f35e233e43077676cf47fa4d77

SHA1
7314da4c8b2ffaa6f48d07667a16c106df70f9c1

SHA256
32e1fd9aa2d07bc9458e788e86ab6f6f9d65c4b6d9890f32f6a4c9fce53f20c0

SHA512
fdb8b58f2e58f55cf1a12b017b1ef97ba239c74dc7662053e6204604bffb0ce1230d5a50042e08525bb8e55917aa6a71e15fdaae7e71ffb8f27cfa25a1d0b815

Download Submit
C:\Program Files (x86)\Arc Symbolic\Resource.iPack
Filesize
1005KB

MD5
3d009005cfe1791809f9e632af223302

SHA1
8336af02d7ad736082b7ccc823b537e31da0b0b1

SHA256
28dacd413b33d3077ef6331fa1df8314a91b19dcc41712e561b3485a3a154da3

SHA512
0bbf27ed24fdf03234ec60d62596202d1610c3e5499cff2338ad2824cd11348966cd11a3f94bdcd320ba70731b90340b44c339511e81b44036583d89bb153767

Download Submit
C:\Program Files (x86)\Arc Symbolic\Setup files-iPack\Configuration.config
Filesize
229B

MD5
1c63e96e2999e643c126741e422594f4

SHA1
1e7f84c29d0446f5a061a837de1b19fdb29a54f2

SHA256
6eb25a598d70ed6ce3334ef31c1ee9323e0b33d2036d84e32b29e7b87df86f2f

SHA512
dc9d87102140c6934099827b00801ad40fb13f16443214e2e91293c8472044d2f76d56e97be288b8af3b2d55b430761e0d4a312088f9f0ac45a43ee9e16d5c66

Download Submit
C:\Program Files (x86)\Arc Symbolic\Setup files-iPack\License.txt
Filesize
938B

MD5
7c7ef0ea0aee71277f40ea6228aa0942

SHA1
2f808a4116dbe65a55d19bd96bf0268e2e19bc2c

SHA256
fc5dcb8d80c94a002cd6f48dc502bd68ea833e918083b2881e86bba99ad2f7ea

SHA512
bac83e2375c09f4e822267b9f91933e5dbf91705ecd322161b951e44e76b88e9ff3ccc45ba401e8c561dc04e3ca64e3259c7eb096a2a3df4a41b7da5cea26149

Download Submit
C:\Program Files (x86)\Arc Symbolic\Setup files-iPack\header.png
Filesize
18KB

MD5
05881c368816adce83f69ebe8cdd1e66

SHA1
f96830c41d327e818c36662e1e08bee2b3fc30c7

SHA256
95debde2e09114ccb0838aaa2a35dba65061c87cd3430bc1a1e0f05d14d930a2

SHA512
28480acd811e0ef863b96aa141b5278f8ee16820c400359d70c6b2c8780f35a217c1e5f563aecbc6b4f80eddc399a3884835d1e63a03bc3a69c09d6cd26f573a

Download Submit
C:\Program Files (x86)\Arc Symbolic\Setup files-iPack\logo.png
Filesize
21KB

MD5
21da3154a1bc6d1d582ba74191f6756e

SHA1
2e48ce7cc1c888d2525750200e6dd21c14b7f59c

SHA256
dea6f44854346692fc183119abed2de5848cadd47aa32d953a0b78ffa2a1868e

SHA512
eb169f932b0741803f8f8d6adfac3253f86f57e103e8512d4da53775cca0d344fab8a83313c9014464d581210131b27c2170d1b198a17318c1090239a860d7b6

Download Submit
C:\Program Files (x86)\Arc Symbolic\iPack_Installer.exe
Filesize
1.2MB

MD5
2d3893786a56f90d7ec618e1f12a5f26

SHA1
09cd9d0ba3118a5fcad652e80c63a39b8f232ab4

SHA256
764b45b79a0e6834bbfe8855281ceae0eb1a454d1a3f2dd0c28db2441a4a26c0

SHA512
b5a74f54b9b2eb94b864d5d04e4ccff7c476392c97c87d7594f276ade132b07a0e62fcca50248a2233b146a0001b70c62ba46e9f732970f411483206185e1ceb

Download Submit
C:\Program Files (x86)\Arc Symbolic\iPack_Installer.exe
Filesize
1.2MB

MD5
2d3893786a56f90d7ec618e1f12a5f26

SHA1
09cd9d0ba3118a5fcad652e80c63a39b8f232ab4

SHA256
764b45b79a0e6834bbfe8855281ceae0eb1a454d1a3f2dd0c28db2441a4a26c0

SHA512
b5a74f54b9b2eb94b864d5d04e4ccff7c476392c97c87d7594f276ade132b07a0e62fcca50248a2233b146a0001b70c62ba46e9f732970f411483206185e1ceb

Download Submit
C:\Program Files (x86)\Arc Symbolic\iPack_Installer.exe.config
Filesize
171B

MD5
cb143eef30f7ad481e715926b63928f4

SHA1
4bb8ae8914d07d475c4c5bbf97abfa8c60544e00

SHA256
6105a59eaa1401813a363239fb193a79179d3abc93abc4f65f180e60770b6e17

SHA512
e3067b72b255772a73d8ea4564e4874008fb52de9e18cfcdfda547408288826629f1f2ce7c0efb07b9528d34e0efd0635b91560df50f12edd4b5c19cef5af19d

Download Submit
\Program Files (x86)\Arc Symbolic\iPack_Installer.exe
Filesize
1.2MB

MD5
2d3893786a56f90d7ec618e1f12a5f26

SHA1
09cd9d0ba3118a5fcad652e80c63a39b8f232ab4

SHA256
764b45b79a0e6834bbfe8855281ceae0eb1a454d1a3f2dd0c28db2441a4a26c0

SHA512
b5a74f54b9b2eb94b864d5d04e4ccff7c476392c97c87d7594f276ade132b07a0e62fcca50248a2233b146a0001b70c62ba46e9f732970f411483206185e1ceb

Download Submit
\Windows\System32\imageres.dll
Filesize
16.7MB

MD5
df1866b5bce8146b62dbe4f014202c4b

SHA1
0ff1bc5fc5c4816f95b525bb5dc08ee0deaf7fa3

SHA256
1eae5a4015fec15fdbe7b2c1f199d3f41eaff58d27d465e246a1fe2f427ced13

SHA512
49aaf1cf2c1b8e6914f7ad2bb596e8557d7c0540e57d7a6b812712e9241746e85aa5981ed362dd3c0ffe01a7807d80d8ae19acf5a714929b8c00e200edfc8e97

Download Submit
\Windows\System32\imageres.dll
Filesize
16.2MB

MD5
256e2d8fb53e3969fd808ee913bb4dd1

SHA1
c2054499a5744cfada97bd4647a8d5fcbdf66266

SHA256
0f01b853e57e18ef7f86f1d9c311d0cdf0faeead80b65996603d51991483c9fd

SHA512
2caefaa899c110e0e54a0bbf814b8f78fa1ce23b205c5001c8a51b8475f13d9ed28a668728d0172174fb9f78a45a70d00cd655d9654e16dfff78d2ee6ba23095

Download Submit
\Windows\System32\imageres.dll
Filesize
11.5MB

MD5
0fa0fe43bddcc051b37b3552c567a6c2

SHA1
d2949bcdb6849209be1c82a2aea517f77ac4b10a

SHA256
b888c1e463742bf5753bb8a544920e9d34a542e099bb3f0317556b914fe45a80

SHA512
cf7a681926b20f1cff6f281c5a56441e93f1d16aaf829ab1c1b1190f180feb6543ca1282407b0e2d8c2dbece23e6a5bcf04a953a16327b40ce5229a7c1f49571

Download Submit
\Windows\System32\imageres.dll
Filesize
16.4MB

MD5
3b537083bd9d582fed8e88c1cc4f66f6

SHA1
6ecc5e0a1e05ef0aad0c4bd08d85479737eb4e43

SHA256
5ad29255be79c6300d477fd60da5bfd600eb2c4d95b7ef1e0d5ff8a5da868e50

SHA512
be580eb5e1313b845e3d07178703cb1f0969379604e70f2ecd5d0f339ba4c2cb6e3c08744bc25d546f5cc1873655dcf2cf9677d4f0c3f44b0fd539dbe39be711

Download Submit
\Windows\System32\imageres.dll
Filesize
16.4MB

MD5
3b537083bd9d582fed8e88c1cc4f66f6

SHA1
6ecc5e0a1e05ef0aad0c4bd08d85479737eb4e43

SHA256
5ad29255be79c6300d477fd60da5bfd600eb2c4d95b7ef1e0d5ff8a5da868e50

SHA512
be580eb5e1313b845e3d07178703cb1f0969379604e70f2ecd5d0f339ba4c2cb6e3c08744bc25d546f5cc1873655dcf2cf9677d4f0c3f44b0fd539dbe39be711

Download Submit
\Windows\System32\imageres.dll
Filesize
16.3MB

MD5
e60df28232ad0b31f87be1b7fb1736f5

SHA1
9b5bb98f546f24bda89863365c02a404d77babef

SHA256
f891093a48e35e16463e60ab1795ec0a3666391fff08e1c3fe7b167e75bb83d5

SHA512
fea88397394f31e642f34ef063465a5ed05c5138e5c8560cb49216a50893ecbd6f49e58e208cdcf6ed2038c18ea1864ecffc5e7d9c94da346c09c609f4dcc264

Download Submit
\Windows\System32\imageres.dll
Filesize
16.3MB

MD5
e60df28232ad0b31f87be1b7fb1736f5

SHA1
9b5bb98f546f24bda89863365c02a404d77babef

SHA256
f891093a48e35e16463e60ab1795ec0a3666391fff08e1c3fe7b167e75bb83d5

SHA512
fea88397394f31e642f34ef063465a5ed05c5138e5c8560cb49216a50893ecbd6f49e58e208cdcf6ed2038c18ea1864ecffc5e7d9c94da346c09c609f4dcc264

Download Submit
\Windows\System32\imageres.dll
Filesize
16.2MB

MD5
b986d5f86267e7c41467757783823fde

SHA1
5a98e34412c053e979fa3595af2554440d555dc8

SHA256
3e1f67cc31a277bb87d36d20f0281ae1aa9da590f6142d11e99602fe23e557b0

SHA512
d4de7b12e29f3fc4ab2ee6c2be11308c547ca314ecd1fd451d9221227d8e581c3da82bdeceb694c62ed33d14cb80849d31b3eb3edd550db54f5193bc21b0c595

Download Submit
\Windows\System32\imageres.dll
Filesize
16.4MB

MD5
71a31529f9e0eb79161298d68c8b5406

SHA1
f07ca0338b8c85f5c0f61b152bbd928ef7b77963

SHA256
49ec583c8442b83d5cac80533447d177c4482f0a7c69b56c73ce4a1bbe4f97d0

SHA512
36d9b76bef3c4c090f30d4cc3d4a4a4633310cc60de6a96c944bf5602c9edddcd72f358e91c9674f44ad54c7f15805214551274670c47f177718e3dc209e6711

Download Submit
\Windows\System32\imageres.dll
Filesize
16.4MB

MD5
3b537083bd9d582fed8e88c1cc4f66f6

SHA1
6ecc5e0a1e05ef0aad0c4bd08d85479737eb4e43

SHA256
5ad29255be79c6300d477fd60da5bfd600eb2c4d95b7ef1e0d5ff8a5da868e50

SHA512
be580eb5e1313b845e3d07178703cb1f0969379604e70f2ecd5d0f339ba4c2cb6e3c08744bc25d546f5cc1873655dcf2cf9677d4f0c3f44b0fd539dbe39be711

Download Submit
\Windows\System32\imageres.dll
Filesize
16.3MB

MD5
e60df28232ad0b31f87be1b7fb1736f5

SHA1
9b5bb98f546f24bda89863365c02a404d77babef

SHA256
f891093a48e35e16463e60ab1795ec0a3666391fff08e1c3fe7b167e75bb83d5

SHA512
fea88397394f31e642f34ef063465a5ed05c5138e5c8560cb49216a50893ecbd6f49e58e208cdcf6ed2038c18ea1864ecffc5e7d9c94da346c09c609f4dcc264

Download Submit
\Windows\System32\imageres.dll
Filesize
14.1MB

MD5
ff36e2aed09003343601e284fa1c479d

SHA1
8b13244caba4bf2adaa3a482a24bd9cd1d797f33

SHA256
909e173df4af64fc77fe3729ab7ba39341d68cb62659cf104c2447681a8b3b71

SHA512
67939feca68bf82f3bf4199b63fe9db9c4e2f2f626b0086181d5dd9a5401fd4587ef5813d69ea1ef0de61065750895e1daf181753fb09a8185d2cfade18aa639

Download Submit
\Windows\System32\imageres.dll
Filesize
16.3MB

MD5
e60df28232ad0b31f87be1b7fb1736f5

SHA1
9b5bb98f546f24bda89863365c02a404d77babef

SHA256
f891093a48e35e16463e60ab1795ec0a3666391fff08e1c3fe7b167e75bb83d5

SHA512
fea88397394f31e642f34ef063465a5ed05c5138e5c8560cb49216a50893ecbd6f49e58e208cdcf6ed2038c18ea1864ecffc5e7d9c94da346c09c609f4dcc264

Download Submit
\Windows\System32\imageres.dll
Filesize
16.3MB

MD5
e60df28232ad0b31f87be1b7fb1736f5

SHA1
9b5bb98f546f24bda89863365c02a404d77babef

SHA256
f891093a48e35e16463e60ab1795ec0a3666391fff08e1c3fe7b167e75bb83d5

SHA512
fea88397394f31e642f34ef063465a5ed05c5138e5c8560cb49216a50893ecbd6f49e58e208cdcf6ed2038c18ea1864ecffc5e7d9c94da346c09c609f4dcc264

Download Submit
\Windows\System32\imageres.dll
Filesize
16.3MB

MD5
e60df28232ad0b31f87be1b7fb1736f5

SHA1
9b5bb98f546f24bda89863365c02a404d77babef

SHA256
f891093a48e35e16463e60ab1795ec0a3666391fff08e1c3fe7b167e75bb83d5

SHA512
fea88397394f31e642f34ef063465a5ed05c5138e5c8560cb49216a50893ecbd6f49e58e208cdcf6ed2038c18ea1864ecffc5e7d9c94da346c09c609f4dcc264

Download Submit
memory/188-158-0x0000000000000000-mapping.dmp

Download
memory/316-191-0x0000000000000000-mapping.dmp

Download
memory/316-99-0x0000000000000000-mapping.dmp

Download
memory/336-157-0x0000000000000000-mapping.dmp

Download
memory/340-95-0x0000000000000000-mapping.dmp

Download
memory/520-66-0x0000000000000000-mapping.dmp

Download
memory/520-71-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/540-77-0x0000000000000000-mapping.dmp

Download
memory/544-117-0x0000000000000000-mapping.dmp

Download
memory/564-137-0x0000000000000000-mapping.dmp

Download
memory/568-134-0x0000000000000000-mapping.dmp

Download
memory/592-115-0x0000000000000000-mapping.dmp

Download
memory/600-187-0x0000000000000000-mapping.dmp

Download
memory/636-178-0x0000000000000000-mapping.dmp

Download
memory/636-184-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/684-136-0x0000000000000000-mapping.dmp

Download
memory/752-186-0x0000000000000000-mapping.dmp

Download
memory/752-119-0x0000000000000000-mapping.dmp

Download
memory/792-97-0x0000000000000000-mapping.dmp

Download
memory/832-156-0x0000000000000000-mapping.dmp

Download
memory/876-131-0x0000000000000000-mapping.dmp

Download
memory/956-79-0x0000000000000000-mapping.dmp

Download
memory/984-92-0x0000000000000000-mapping.dmp

Download
memory/1044-139-0x0000000000000000-mapping.dmp

Download
memory/1096-154-0x0000000000000000-mapping.dmp

Download
memory/1096-118-0x0000000000000000-mapping.dmp

Download
memory/1108-173-0x0000000000000000-mapping.dmp

Download
memory/1160-188-0x0000000000000000-mapping.dmp

Download
memory/1260-155-0x0000000000000000-mapping.dmp

Download
memory/1320-193-0x000007FEFC621000-0x000007FEFC623000-memory.dmp

Filesize
8KB

Download
memory/1364-151-0x0000000000000000-mapping.dmp

Download
memory/1376-150-0x0000000000000000-mapping.dmp

Download
memory/1392-96-0x0000000000000000-mapping.dmp

Download
memory/1444-166-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/1444-159-0x0000000000000000-mapping.dmp

Download
memory/1452-87-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/1452-82-0x0000000000000000-mapping.dmp

Download
memory/1452-89-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/1452-88-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/1484-138-0x0000000000000000-mapping.dmp

Download
memory/1564-107-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/1564-101-0x0000000000000000-mapping.dmp

Download
memory/1564-109-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/1564-108-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/1572-98-0x0000000000000000-mapping.dmp

Download
memory/1580-143-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/1580-140-0x0000000000000000-mapping.dmp

Download
memory/1580-147-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/1596-116-0x0000000000000000-mapping.dmp

Download
memory/1612-81-0x0000000000000000-mapping.dmp

Download
memory/1616-112-0x0000000000000000-mapping.dmp

Download
memory/1620-91-0x0000000000000000-mapping.dmp

Download
memory/1624-113-0x0000000000000000-mapping.dmp

Download
memory/1628-80-0x0000000000000000-mapping.dmp

Download
memory/1652-168-0x0000000000000000-mapping.dmp

Download
memory/1668-78-0x0000000000000000-mapping.dmp

Download
memory/1704-100-0x0000000000000000-mapping.dmp

Download
memory/1736-130-0x0000000000000000-mapping.dmp

Download
memory/1760-54-0x0000000076181000-0x0000000076183000-memory.dmp

Filesize
8KB

Download
memory/1760-73-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1760-56-0x0000000075281000-0x0000000075283000-memory.dmp

Filesize
8KB

Download
memory/1760-55-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1760-210-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1764-58-0x0000000000000000-mapping.dmp

Download
memory/1764-62-0x000007FEF4990000-0x000007FEF53B3000-memory.dmp

Filesize
10.1MB

Download
memory/1764-63-0x000007FEF3520000-0x000007FEF45B6000-memory.dmp

Filesize
16.6MB

Download
memory/1764-70-0x0000000001FF6000-0x0000000002015000-memory.dmp

Filesize
124KB

Download
memory/1764-209-0x0000000001FF6000-0x0000000002015000-memory.dmp

Filesize
124KB

Download
memory/1764-74-0x0000000001FF6000-0x0000000002015000-memory.dmp

Filesize
124KB

Download
memory/1796-169-0x0000000000000000-mapping.dmp

Download
memory/1860-172-0x0000000000000000-mapping.dmp

Download
memory/1868-135-0x0000000000000000-mapping.dmp

Download
memory/1896-132-0x0000000000000000-mapping.dmp

Download
memory/1912-76-0x0000000000000000-mapping.dmp

Download
memory/1920-174-0x0000000000000000-mapping.dmp

Download
memory/1936-111-0x0000000000000000-mapping.dmp

Download
memory/1940-149-0x0000000000000000-mapping.dmp

Download
memory/1952-170-0x0000000000000000-mapping.dmp

Download
memory/1960-175-0x0000000000000000-mapping.dmp

Download
memory/1972-93-0x0000000000000000-mapping.dmp

Download
memory/1972-120-0x0000000000000000-mapping.dmp

Download
memory/1976-176-0x0000000000000000-mapping.dmp

Download
memory/1980-190-0x0000000000000000-mapping.dmp

Download
memory/2000-121-0x0000000000000000-mapping.dmp

Download
memory/2000-128-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2004-153-0x0000000000000000-mapping.dmp

Download
memory/2008-177-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads