hxxp://arc[.]net

Resubmissions

27/05/2024, 17:48

240527-wdtnzscb2y 8

27/05/2024, 17:48

27/05/2024, 17:48

27/05/2024, 17:47

27/05/2024, 17:30

27/05/2024, 17:30

27/05/2024, 17:28

Analysis

max time kernel
61s
max time network
62s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
27/05/2024, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://arc.net

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2736	ArcInstaller.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Control Panel\Colors	ArcInstaller.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 114013.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ArcInstaller.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
2336	msedge.exe
2336	msedge.exe
3980	identity_helper.exe
3980	identity_helper.exe
2708	msedge.exe
2708	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2736	ArcInstaller.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2736	ArcInstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 4664	2336	msedge.exe	77
PID 2336 wrote to memory of 4664	2336	msedge.exe	77
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 2296	2336	msedge.exe	78
PID 2336 wrote to memory of 3300	2336	msedge.exe	79
PID 2336 wrote to memory of 3300	2336	msedge.exe	79
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80
PID 2336 wrote to memory of 2100	2336	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://arc.net
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe30463cb8,0x7ffe30463cc8,0x7ffe30463cd8
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,15103704668264652567,3833901138568099222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Users\Admin\Downloads\ArcInstaller.exe
  "C:\Users\Admin\Downloads\ArcInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Control Panel
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_FBCEF2048DFCB4EE55D00BA204530C64

Filesize
1KB

MD5
c043a47a53ac6a1b50f94d7893eebaad

SHA1
5fd36646368b56f55a455e6762ee9e60f9e4b29a

SHA256
7310ef5228a2138f6827a3064a542770b293778e0d742d45facde2c9dc1d5add

SHA512
d01e05c2ee88cd0caa95eafb9c54324094f717b88d18ad4fd525ca075d5421ff7a96f51c2572047267942f44afd7966b4a54f1f853770a4d3c057f327ee3913d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
e2bfc89863aa264f2b90733f88396dbd

SHA1
3299a42ca45cf4f215baf2143da810024e5e557d

SHA256
14fa73d72acc8ef20a14c988544c71edd7ab832479a4b9cfafabe1a7b41e243c

SHA512
d0b810350b6514ddacdffa33790518f06626d226f54e7e5d2955c9a28cc3bd3d58cdbb9ff55a4215ff25c558535f5c47098ff6e5198654afe1071be26c88020d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_FBCEF2048DFCB4EE55D00BA204530C64

Filesize
536B

MD5
a68b88f22b0a5a1ebf04c7e5842240d8

SHA1
cc8040cca29504bab0abce960ade23fad4bc6ecd

SHA256
b7456e2df4d6951770af03fbfdbe692984c967fa2bfb48e1b463776f796f36ca

SHA512
75521282306711efa94ee673cb4e7937996c2df03d596cf9979ba52a06450e55f41b99683e68c77f2bca06630db1d79996a75a2bae089542022222dc9bfbcaad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
52cbca21adea73a6956b0789dafbe9f1

SHA1
6f83e24f07ea0c87197308be5a7df63bddbb6233

SHA256
a1904af1073d9fcffbfface1dfaa85bca6659a3b55981438b2328b9aea1d986d

SHA512
683721b4697cc5c7b2ac7fa4c5f798df178a373b8ff90878c9b4da61f26e7fe7b18c512bd2469de27a66d466b85eb2ba57405dd60130b0b82428335db8dec78d

Download Submit
C:\Users\Admin\AppData\Local\IsolatedStorage\kchenh5l.z50\ziicdmlk.z45\Publisher.qkouhz2ds2gk0w5435bumkcrozad3zua\identity.dat

Filesize
2KB

MD5
a9687a21cdfe5a1eb84d2cfa4ddb7874

SHA1
73b9e2a1d7cc8881caf20db8eeed6204f8d46063

SHA256
a149fc62021d8db2acd3a1ab3f9486898d59ef2c21c950c8e52d98164e172e74

SHA512
030fbfb676ea727409d4f18438989c8039565f2144efced0ac22c68951946e64c85bc0c38e876081c35123d3d5baa9647eff171e7a1368832a04ad1ca92762da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
046d49efac191159051a8b2dea884f79

SHA1
d0cf8dc3bc6a23bf2395940cefcaad1565234a3a

SHA256
00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7

SHA512
46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d22039bc7833a3a27231b8eb834f70

SHA1
79c4290a2894b0e973d3c4b297fad74ef45607bb

SHA256
402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6

SHA512
c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
c8254119d64e848b0ad7611dc873454e

SHA1
083cb4cf5852c9b4cbda373cbae271531c8ff30c

SHA256
2b18e077ce059db38a8329fce06bc221f38065f7f756752e9189278c48260054

SHA512
493e99e60a9f36293faebd53b8ebb43b1a2c8bd283409cc23923d3339de23d57ac8886146648bad2255f9ddb4c73d40a7867b0dae9a5635bdc0e2bb85f1f1124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
b3e07a4d3461d682f7f408a5acf16169

SHA1
f3a61346f6f209ac0a216d306b4a30fe927768c2

SHA256
ab1daf793cd3b741721cb3e1c9fc862cc4c270a66ddb4c42c3a334a3f74bee8d

SHA512
5d49aeedfd392516ce1f0b3b320e71aa4ead76a6e1fee9b167e389fd7e86182c4b58ebd78d139fcbd53993fad154646e50fdf823b29ed54d3787cbab5e7e53b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b55bcadbf5e46b9189253d720f263435

SHA1
1059a8a9054b1d048f876bc8d4743d5ef50b35af

SHA256
beaa148f3cf2ff9cb360561368b1aa014bc99e4892057429c62dcbb71d4078f0

SHA512
4d965f5fe0b9dfa433df40350643a070daa8e3d1432492e2f1a1c9ac1ae2c56f4bfd987d402b2bda40ac413717dcfa829d500d6de635635f6531ec5595bc2a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4831993356c7223c5d81d52402b29f0d

SHA1
8f7a765ede37b96bc6bbd938cc29604fa674cb8b

SHA256
6228506fd2ef3e5811f054f150b95afa41b543ac3b8a21c2f8ac2a0269d08547

SHA512
2858f8cce412f9a3e0f4f19478a305c98159b38a15ccca04b16b51d19fcd2ccbb2e69e06abdbccbe5caf0402a5d5b8463a93a7895d04276da05ea61d3f82107d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
4e1ca88afb7a20e281c58096bd7ee80b

SHA1
3c47d850816f674b54372ff5a194cc785aeb5c40

SHA256
7bdb4c14b680ba6bf294d15f42b1faff12e2e1c32704f112293d669aa5d1963b

SHA512
3b00aecb4718998109b165943a90f9b727a77cf7b7240225d88a2fab92fcccc4a53da7284e11cea23cd9c8ac1c430c41f2f37a9bea885b556a58468595a06bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e465.TMP

Filesize
204B

MD5
2f41e0d274337c0b934d3ace667d2c51

SHA1
3ebb483dc296dc0596a9f619d7933bc6d13ab182

SHA256
eca7ecfac4651c0b88ee547ee9fa4c778facb9470a4ea1d29161387856aa8a55

SHA512
942aa5ee54d7f311bd5c3c4b103e77abef96a14ca8d51757c52abc74bbe80b034faf2cedc15d0393686353c0be0ef181d075ee1a098609aa6d89379a0e2b25ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
353628e7b5516b1f2d2dd76e25a9127d

SHA1
b35a4e64f03b0c77500db98e1d11b7bfeeee0757

SHA256
5b2236d52a2d67b60ac7db02270613ddcb008ed61e8f1816a633105e62679c51

SHA512
d7f1c92463b58b07a142f3c00ceca8327e096a618ac274c32ee564c4c1b4bbdf63052ac447a10d799206e4b26eaaefd4f803a3543c89a985f842a2a00dd76cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6b51a43dc97226969a225adf9e35c093

SHA1
4642167f3527f0a65e34fa9234dae6ba02b38f43

SHA256
31d6839b1169cd710fa2665f389421bbae1c5eb571f945da607f422df2e44df1

SHA512
79f8e60ba210700fb43322c88e095eb0790063a79a6d7e40e3aead9d0fb4cdb66e48c6521ed4fd58bac54177a4a3436160c727650c751a02d6124c3b2dfde099

Download Submit
C:\Users\Admin\Downloads\ArcInstaller.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 114013.crdownload

Filesize
1.9MB

MD5
19d292132925e6ddd808e273fd0fea85

SHA1
9da4b69e13fa0aee1c805838ba349a3b65f88ec4

SHA256
b4eb65dac50dda23598333ab3cdefb5cd8c767b88fb9b72432d23865dee6f440

SHA512
fcc05242ff2b7d63d9f5735090514e285bddd3fd4bbf84a819252e0b535777d1cbd851ee8a3ff554af5cbe196ec7f739b60c6e350b1ef8249268fa41b19efc32

Download Submit
memory/2736-222-0x0000019CECEA0000-0x0000019CECEB6000-memory.dmp

Filesize
88KB

Download
memory/2736-239-0x0000019CF0380000-0x0000019CF039A000-memory.dmp

Filesize
104KB

Download
memory/2736-219-0x0000019CEC310000-0x0000019CEC318000-memory.dmp

Filesize
32KB

Download
memory/2736-220-0x0000019CECD40000-0x0000019CECD4A000-memory.dmp

Filesize
40KB

Download
memory/2736-216-0x0000019CEC2C0000-0x0000019CEC2E6000-memory.dmp

Filesize
152KB

Download
memory/2736-221-0x0000019CECD30000-0x0000019CECD3A000-memory.dmp

Filesize
40KB

Download
memory/2736-223-0x0000019CEF010000-0x0000019CEF01A000-memory.dmp

Filesize
40KB

Download
memory/2736-224-0x0000019CEF730000-0x0000019CEF76E000-memory.dmp

Filesize
248KB

Download
memory/2736-227-0x0000019CEF7A0000-0x0000019CEF7C2000-memory.dmp

Filesize
136KB

Download
memory/2736-226-0x0000019CEF210000-0x0000019CEF218000-memory.dmp

Filesize
32KB

Download
memory/2736-225-0x0000019CEF7D0000-0x0000019CEF7F6000-memory.dmp

Filesize
152KB

Download
memory/2736-237-0x0000019CF0140000-0x0000019CF01FA000-memory.dmp

Filesize
744KB

Download
memory/2736-238-0x0000019CF0010000-0x0000019CF0034000-memory.dmp

Filesize
144KB

Download
memory/2736-217-0x0000019CEBC90000-0x0000019CEBC98000-memory.dmp

Filesize
32KB

Download
memory/2736-240-0x0000019CF0360000-0x0000019CF0376000-memory.dmp

Filesize
88KB

Download
memory/2736-241-0x0000019CF03A0000-0x0000019CF03D2000-memory.dmp

Filesize
200KB

Download
memory/2736-242-0x0000019CF0120000-0x0000019CF012A000-memory.dmp

Filesize
40KB

Download
memory/2736-243-0x0000019CF03D0000-0x0000019CF03E6000-memory.dmp

Filesize
88KB

Download
memory/2736-215-0x0000019CEBC80000-0x0000019CEBC88000-memory.dmp

Filesize
32KB

Download
memory/2736-214-0x0000019CEC190000-0x0000019CEC212000-memory.dmp

Filesize
520KB

Download
memory/2736-213-0x0000019CEBD30000-0x0000019CEBDDE000-memory.dmp

Filesize
696KB

Download
memory/2736-211-0x0000019CEBB30000-0x0000019CEBB3A000-memory.dmp

Filesize
40KB

Download
memory/2736-212-0x0000019CEBB40000-0x0000019CEBB48000-memory.dmp

Filesize
32KB

Download
memory/2736-257-0x0000019CF1CF0000-0x0000019CF1D00000-memory.dmp

Filesize
64KB

Download
memory/2736-258-0x0000019CF1D80000-0x0000019CF1D88000-memory.dmp

Filesize
32KB

Download
memory/2736-260-0x0000019CF1F80000-0x0000019CF1F8E000-memory.dmp

Filesize
56KB

Download
memory/2736-259-0x0000019CF1FB0000-0x0000019CF1FE8000-memory.dmp

Filesize
224KB

Download
memory/2736-210-0x0000019CE9560000-0x0000019CE9742000-memory.dmp

Filesize
1.9MB

Download