2b88fbafbb0a4f3d6737c12ae3eff403aece838696692a3d81190e6e63f32fdf

Analysis

max time kernel
90s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/12/2022, 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b88fbafbb0a4f3d6737c12ae3eff403aece838696692a3d81190e6e63f32fdf.exe
Size

6.3MB
MD5

768a0296a3656c45efb7497835c1f57c
SHA1

b42f7878e1fc46c3d8ff9b524e03e1c6252e6f3a
SHA256

2b88fbafbb0a4f3d6737c12ae3eff403aece838696692a3d81190e6e63f32fdf
SHA512

63f0de114e761d75c63afea6a07c85c2eb2225ac5aa0d81ab1d44d5f9bd6a944449c4a2e162bf44f9bdf4b3a44bc36091177793872a38ecdb768e22ef127ea61
SSDEEP

98304:j+Fx/AJ7R01UKPPpqv3qQoGFq7QV9s8TBvL/ZGaQViDSDOTNt/BiyqMsYc1xbAT5:N901hPpqvUaVrTBLkxD4t/ohhxbAA3Wd

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4860	CheckExist.exe
1440	FDReader.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	2b88fbafbb0a4f3d6737c12ae3eff403aece838696692a3d81190e6e63f32fdf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	XCOPY.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 4860	1744	2b88fbafbb0a4f3d6737c12ae3eff403aece838696692a3d81190e6e63f32fdf.exe	79
PID 1744 wrote to memory of 4860	1744	2b88fbafbb0a4f3d6737c12ae3eff403aece838696692a3d81190e6e63f32fdf.exe	79
PID 1744 wrote to memory of 4860	1744	2b88fbafbb0a4f3d6737c12ae3eff403aece838696692a3d81190e6e63f32fdf.exe	79
PID 4860 wrote to memory of 4696	4860	CheckExist.exe	81
PID 4860 wrote to memory of 4696	4860	CheckExist.exe	81
PID 4860 wrote to memory of 4696	4860	CheckExist.exe	81
PID 4860 wrote to memory of 1440	4860	CheckExist.exe	83
PID 4860 wrote to memory of 1440	4860	CheckExist.exe	83
PID 4860 wrote to memory of 1440	4860	CheckExist.exe	83

C:\Users\Admin\AppData\Local\Temp\2b88fbafbb0a4f3d6737c12ae3eff403aece838696692a3d81190e6e63f32fdf.exe
"C:\Users\Admin\AppData\Local\Temp\2b88fbafbb0a4f3d6737c12ae3eff403aece838696692a3d81190e6e63f32fdf.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\CheckExist.exe
  "C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\CheckExist.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4860
- - C:\Windows\SysWOW64\XCOPY.exe
    XCOPY "C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR" "C:\Users\Admin\AppData\Local\Temp\FR" /e /h /y /c
    3⤵
    - Enumerates system info in registry
    PID:4696
- - C:\Users\Admin\AppData\Local\Temp\FR\bin\FDReader.exe
    "C:\Users\Admin\AppData\Local\Temp\FR\bin\FDReader.exe"
    3⤵
    - Executes dropped EXE
    PID:1440

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\CheckExist.exe

Filesize
246KB

MD5
462088931470aca400cca37f22c0478b

SHA1
cfb9340144128914dc16b86f98aa779c7c2c7a11

SHA256
c90d1de6b1b17a0ed88ce8b48533e14363cefd6f440eedfec53f13e6d7407bfc

SHA512
e3c6ff746885ba5ee320bae2afed127204a2e59cfb46cf2bfd8a3aba88c8aeffdc4658336ab48fd020e258b02a850b10fdcf338bd2c2e1c391002778d4db2eea

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\CheckExist.exe

Filesize
246KB

MD5
462088931470aca400cca37f22c0478b

SHA1
cfb9340144128914dc16b86f98aa779c7c2c7a11

SHA256
c90d1de6b1b17a0ed88ce8b48533e14363cefd6f440eedfec53f13e6d7407bfc

SHA512
e3c6ff746885ba5ee320bae2afed127204a2e59cfb46cf2bfd8a3aba88c8aeffdc4658336ab48fd020e258b02a850b10fdcf338bd2c2e1c391002778d4db2eea

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\1FFDC4EC928547ffB03E3041CD75242A\下半岭修测.dwg

Filesize
770KB

MD5
00482deebda08c3528ef1fd482420a00

SHA1
a1cd255aff0f90cfe3d66edad94dc55b7f0f0c39

SHA256
3e783bd5283f9be95a53f0f9f05c61a597901d80fb45435e7ebc41ff2cbc4a78

SHA512
ca83e47eaa48505bc350814011ae98ae47026458aa1cadf3de02cae066c7d92d51f786c74d16cbbf8c3b9282d6d1fd71a00c86a2fcb86d9512966cab51a04e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\DG.exe

Filesize
849KB

MD5
f9626e6a5e43715be930a82f08fe7142

SHA1
576d4bfd639d9a74cf51c36e8990128289b1d39a

SHA256
3fef86f0e62f409fdf5c4fb72be6b8c6b09e17fa4f707dbd4b4ce0dd89807472

SHA512
b087c85f099d122098a7d2b2cc408e2dcdac7dd35fbc67a5560cc6af594a2b05c5c4c7ea45479fdde4941b8ae5c5b0c4263343b0aae38b2918b6125cfa93ed44

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\DGSKrn.exe

Filesize
197KB

MD5
23d19bc4fa0cff35e677554fc09efa16

SHA1
5ad79161b301e58d15a712463ade0965b81967fa

SHA256
0b6a84ab24eed7f3d7c9cd7d9e7347e3d0cf04386180db9c090c9f842c16178d

SHA512
daafb1d07a8c13a681c705fffd0f6706c62ec57338e246eeff3a9b5510286dc4b99a47b35a123a6b124aec07006acf60d06b73b854d526251335db4a1fe448a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\DGSKrn64.exe

Filesize
215KB

MD5
c922c9e9f8f7ea50679ecfda9058784b

SHA1
9bec04d72a34aca395458d2ca117931d9f3fa479

SHA256
6945bb9fb5e98e0450bcbbb0cc8d9a93aec583cabc8106225945f8788a546d4f

SHA512
55d816688e0d0f53736d2ded7adb79be7d07b820ea77afada73b9da6a9a56c9ac915d849727c5d04d6f9775df39824afdb4457d1f3539a754396265c90f9382b

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\DGStrategy.dll

Filesize
402KB

MD5
a36bf45c2e6b5a5d3240d24f0ae72d81

SHA1
29a02554d7f287b9d5bcf6b3a526fd1f878d3d3a

SHA256
838ab9b3e6917d871b5b4dd2f557daa83a1127482a05bda368221d003a35dd03

SHA512
b002af068db7aee68bf41ce7d125b7d4a74c80b56c8115c24fcd67e81d3cc4c0da5175f21dd1389a1565936f1763a4f728bfa3cb4beaf06566a204ce5e4a1c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\DGStrategy64.dll

Filesize
525KB

MD5
457017148b4f9d4992b83e6f3cc20ec1

SHA1
09568fb1b599a370c5eb20be9fc7b30e5e102b27

SHA256
d59faf34842e18227fb8d9a62a6a6dd369083c24d7d8d6171886eb58e8f09296

SHA512
04d28848ea3d7361a2ea982f62ebf1b72e00c0a36068c6c071604d044cb3150384244aa5cd8e49eee39bb222ebe72d5bfa8d154fb1906c10f95c32c0b6722fe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\FDReader.exe

Filesize
4.0MB

MD5
4b48d14f3f79df595a569594237c18ee

SHA1
c24d4e724aa9f5f67aad3adfc2a61dc15ab85f53

SHA256
8772c8acd7e14a3e3d169a1a8a450b1a66f5eb49c166070b47423faa08cd1b43

SHA512
2fdb9f72b8451921503dba7d03dde87c3e32e4ce21ce798ae05e1439b51c4fdd3de3bf84839f9602919e4107fabf8cbeee696c34a8257f0cf66a2cf1b3192149

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\InstallOption.exe

Filesize
183KB

MD5
f70f343434220136349d03c994fa1109

SHA1
a88bcf79871c863133f4399fb6f0d072726ea225

SHA256
71a28c3bacd2d4390f45fa48f28fc1b4a2171cc866a4ce3336e52a6be8eae779

SHA512
61418c3afcdb64861f1e0a253955220a7ab1e07506d226135e9bc4e15fc2da60676345dd045fd25ae9a432636a56f1cab9ff2928c787d4ccfc974977602de30a

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\Krn.dll

Filesize
200KB

MD5
809fd74e5f6a0b79af5d5c6d4986ff96

SHA1
7cb246d9b24f0eb84323122f07c77701b8fdd8f1

SHA256
a9c452f033d06a9cb096b0ee559451460c298cf59d835147f4ff1716be57dc80

SHA512
23733c709e29095ab926d1ee77c5db82a7755eb9f09c6420a343c2d3185d9376f854b73dda8138bec88f27df7b2b8b2461ebfa7e503200f2434ab391eea9798e

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\Krn64.dll

Filesize
235KB

MD5
e5ef5dd7aee26ae6162e65bb0f576c12

SHA1
ddc2b76ca39f0b6a8042bacf1b657652c80ae614

SHA256
15200ce2d194d04e0a06b89c2afef0481fed325e748a5220483c68645a8b62dd

SHA512
42b984b676e34f5f2470742aa3627b18a19bf9aadc029942c822db4b4276f9c6ba9dc0cd1624ff38dff5421468d2452a0593211a579a6cc74dcfb50db77eaf1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\RJ.exe

Filesize
49KB

MD5
568b05943681e55112e9684ed8147781

SHA1
4e1773cf770d66d446d202937dd05290b975e301

SHA256
05bf43e1a06b529dc17653644736dc55a7a40611a323740e29688b7b111910ad

SHA512
fe58432ae5600adaf7a3a275d597fb2577d5f8e273856fed99e30be357245651629400a2d89306a05d65f2b3da4b06d4a5f66b3055d2ff8ad0d6f163a1a76626

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\RJ64.exe

Filesize
48KB

MD5
ca91a7d95822eb42a01fd5ad0aca9c0a

SHA1
9357b9ab683bc718f005ff228cf52cffef79e521

SHA256
6a5d7a5dfd43b5f0ae6d79e966773da4b1cc7dc04e543cbfec5f3b48ae3a14e5

SHA512
70b11b8fa7e8f54c07e96c548dd7d00fe1ed81224b5c4abaf713fb461587a86eef45cb7780cb64a6478cf296a4e056398ed978a4e83baf92763af622fd4a254d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\Strategy\DGStrategy.jdgs

Filesize
1.1MB

MD5
e11763663d1ad3febbabd8a76eb0b999

SHA1
78e4d03bbd788f8e143e66eac54f308285724703

SHA256
c49a791f967c8d915d5b771a69ccdafee60a0f5cd7ad43d9e9b1aa118939649b

SHA512
b9a9bee4358e7a850bc56df78d75b01f0b86e3be1ce9e019e2b669a8eabec9ebc2bdae0aa77abac83de4cf2858271d78cd4a10abbaa9a103b92561dc342e31bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\Strategy\FDStrategy.jdgs

Filesize
988B

MD5
db924cde74b83c001a73d865c6f16b62

SHA1
fddfff780b15f734d0b99ea1cd987157c6cafdf4

SHA256
afee994e73a9772abaf7a51742654573060d0f54e0b8d0ea63b24dbed42dca8e

SHA512
4ecf37f71aa8b791543f71394700f71ed1595505895b4ba384284e6f3a7d029ac6f99622af6478c0e38318c262064fe2d3f7d7f6b3b28f080b78b1e568625606

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\ac.dll

Filesize
226KB

MD5
56a93e665d58ca22ee3be29a11df9f65

SHA1
0dd810642ec09cf4d71fe7a4f28df2f34101babf

SHA256
37d3c254fb033f7ac7f317bdefb6d8b9ad96b7d92a133006d839f842c82d7b32

SHA512
4eb70e2f4c8f9d85cfe3920231e55195b062956197f774501c46fc63b07e731c35ff157dcb1363385102b7d25a0b91b73360780c48dfed41e291a1916305470d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\ac64.dll

Filesize
270KB

MD5
9ec1ed8dd4b31349ef46d5a8b1cea7cf

SHA1
fdcefe233180beeb42fa2d810a1919dcf9113688

SHA256
916c1ae4fd7c170048b8d060a0f64f345c4bdb420f3e50845c5f7c3449cadc5d

SHA512
7785a0bf5668544cd878f7b9b79ce6a8cb83c21fbacfefa1a2c779e608fd805d5ae9252ba368117a83827f699713733a154f0d6da6d9dcb151e188bd265abcca

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\config\ActionControlConfig.jdgs

Filesize
5KB

MD5
7ae766bba7c0bf88d1a2af132636d481

SHA1
9f5f68a45d6d48488a1fe1f1159a615b77796816

SHA256
feb5b8afb2d300349f153f8323924e28f431b40cc606f241e335d3a50f834426

SHA512
7c593ee0ebfd0b64aab9e0f537cd7acad75cc117b6216ead2d0879f3ec75edd5e97272186bfaf44f3eb75d3a9d87bb5688a5f331a5b4769ede61e0af1eacfb6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\config\CopyPasteCtrlConfig.jdgs

Filesize
4KB

MD5
6d3161c7bb01b1010ac1066cba70be4f

SHA1
4e805bbae33023688f0995507239aebb116b6609

SHA256
3493a7f7a8a73dbcfa448e17bf1757493b3aa2975bb181d354b8985046e2f7f6

SHA512
83d5036090d8f46429970a619e0b0def9919452fd1052185183ebc9eec9d98589645d40884e7005ab6231855a8703f6b8e88dbbbcc3a05796e57550685fc4cf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\config\DGSKrn.jdgs

Filesize
2KB

MD5
94736d37248682883abaf523d59e63e7

SHA1
7bf12eb917b971990e20cc3cdfb9924738425222

SHA256
32b844ecf14be04f964185f93de83dfc42a1b4805dc7f88399ee09d70411f480

SHA512
d469b267645f3b65567b196330ca0f61779871d2402d60b3d6f88d965b0850c26b4d02ec08931daadbcfd2781885d91df9207d35c13397c3316a3d618d6eac94

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\config\DirectoryName.jdgs

Filesize
54B

MD5
6f85beaf859a5fe0cf3ad47294a6e958

SHA1
63ee82c907cc1093800ee3dbb3304930b87e8a6b

SHA256
9d3a7287d57efb0f6da472444c0e8396bcb9b2456a01f914e4f7d70f4c131a1a

SHA512
2e1648b4fcf85761b7e91233a498db547f7661da572c4b7c942c69299501024b90eaa2254f3d8f1966f568c62d72ac97c49546e4a14104fcaa89f23cedbec39e

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\config\FDCompanyID.jdgs

Filesize
107B

MD5
b3bc859cce8f2754c9b2907e37142d53

SHA1
dd07a2e4bc82d5aa88713aee84a259f7cc073afd

SHA256
eb136acaf95feb687ae73fbc4c34c8d364f6604e14f5771e6270de44de2718d6

SHA512
faf58654254cf6b04685ab8bc75e44921b70a55d51699a35c745da713c10db014617ac4e06bc4582ba5739497a189d739204be7e909956abbcde6c96a324e9f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\config\ScreenCapture.jdgs

Filesize
621B

MD5
c5b9c2d14016eabfc321dc77f8251626

SHA1
5c420417beea5166d5be174f56416a7c53c78c80

SHA256
f23c434ccb204d2a8b1caefcea2165f9484f6971b3fb8d79c45ea8c4a5eee4b3

SHA512
8ebfb539d8ae2ebdd0abe2c41b20e67006cc9dd31bb90cd1decddb80c80eb7546d2980aaf27e4a5a7a61abb1f1d72995a11c34130c3f94499ede9b26cd2062f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\config\Version.jdgs

Filesize
119B

MD5
c23ca14d420411f74146002d4ccc13f4

SHA1
8c65f9bda967b7b772f727d523518ad5098af6d4

SHA256
088dde2f68a34662616fdee79641c9c9ef255d8e9b87c8b996651d569f8f0f60

SHA512
1be089fd8f4448c4ab8e251180c6146600edb5cba52f6d51a5c66de22025849846b43ef8e4172f59e0507157e0e8ccd74139bffa0b0b4677312d59e4874b7aab

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\config\flag.fd

Filesize
15B

MD5
81327a8ed7abe5c54ec5bda6194351dd

SHA1
82dbef94c8b309afa5f2a8d7fd95434eba7c2af8

SHA256
7ef14d5638d154964a7e030401b5a12ee8bf5be2eecae894029f4729802eb2ce

SHA512
f72de25aae6cb9735c6e3319895eec19906a3a72c79f1f8bdeb9e3c6f5aeda2dce900674525f43d797fd354cf30d12d26b15047764e73aac4518c1e2c201f9f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\config\log\DG.config

Filesize
357B

MD5
78ea13f59883371dc351679b5e2a2a65

SHA1
1f92a92586e034ced302ca8ac3e7ab18c639d7d9

SHA256
9366e130d7bb538a51c9ecaafcd23dc820335285785d5b8fb0986e73edf657e2

SHA512
d968e610cce7856c5443f39d2b852c26a6d06838fb0d4550f13ca74f84acb8d3d3760d4106b89317e030f33e3a22e1e372372007902ad678398ea7dcb0ede8a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\config\log\FDReader.config

Filesize
362B

MD5
16618d7135fea2ceb6580572b309041c

SHA1
0d6903e1f0683068b56082ffcd02b74f0d737f12

SHA256
c3e1645bc69ae1a610bab1b0fb771e3957db9363508ca20f9170c0a7b9f4eaa3

SHA512
e4a23a4a21808dbc248d4e72c0c51cf61a44787af78decd2ef0b6407b3146744d0e441ceda8b284664edec419748c21e6230fd5a220219e5ddda5929941b9b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\config\log\SWM.config

Filesize
358B

MD5
d863394d9a38f4210398d9f0bffc8c2a

SHA1
a6047ea0746b0b34d93ffacb8f4ecbb4473a8136

SHA256
720014112430da814e0cb0e85182ff34b5e84497c480135c9c0924d61b423515

SHA512
f446764523bfcdd4c30c1a4f0a8280b9a22b15eb8b289090192f7404661da25390613cebf6aa69716e98a4044228d6a592d7b7c5aaac46a34bd06b35a1e93281

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\cpc.dll

Filesize
240KB

MD5
c9bb89c27b5b95bdb576a389f1fe877e

SHA1
0cfebcdd0a9554b5deb09b1ce034bcddeeb2efb6

SHA256
281e56d816ef19c192b5c4383c3233954c4b43d35dd6b793f83decc590b6dacb

SHA512
65be80347b1932bc19b5edea192ed23836ea3f1bd89113439c352d2ff5470522524bb9ce6fe2731ebde11b1da38122cd304ee6a3bf640ccf6415523b67e91942

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\cpc64.dll

Filesize
296KB

MD5
f4a44a03352159c2cd1cabf49b3d8b8c

SHA1
bbc434938323d011782759d9e37b36284b0c7ffa

SHA256
40ffa90bb932ef2f9a0e657b65947d9490686769e08c84bae5df9c9fc238c0a1

SHA512
8308034b54e4a31af31cedcb050373adb8d7773447f0634c70226e185b56df2f3fb5f89df5ef09fe60e619a01416b7dffd0926c69c90c7f0f5db6c9e838eb3de

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\ff.dll

Filesize
400KB

MD5
15dfc77b676d95b9701acca2866c7712

SHA1
6e9296f882c87630c3d531215d138b9e0c108f2a

SHA256
0ec3ef2d02317bf68e3a48a67086674ec62025780d1fa59e5ec86a4cddc0134a

SHA512
a58dad9860d626bbfba2b72f4c7744dc47abb9dfa61d69d40a6b2dde5b203fdb05122632d66239ad3ececd96db73aeddb045083acc2bf261bea69199cc94443b

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\ff64.dll

Filesize
532KB

MD5
92995be7cca8edb3acae95e8fb2480f3

SHA1
cdc42d10f02f17eedac28f2829f9b06a31204aaa

SHA256
b33e4cd29bd4612b3cefe9fd1f5a247bf3a28d755e5ea98dcfaa4018a5354ef2

SHA512
c872776a859e72db2232b46a9277c802a20fcece6f4604cee20b76bce95c2a5ca6751190a900f89a7b28cc28a2f21a4931a6d46b60e64c50ff0bb8b89bd15e37

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\pc.dll

Filesize
96KB

MD5
a881e59f9adfae28cd05f43ca75ffe6f

SHA1
2e895d48de9579b02e45c2bab21e36e7d9d77107

SHA256
6b12b1ca070c9a47f32a76ee20e89f12907771296be2859c46ba94122a85023a

SHA512
b5686c77a2b9e399d41eef0681f620179ed94c07bacded1e77e3fcbc0eb4de9b9091329ee2318eac50dc2ed7be015d4326aae8bc8f573f638286d3a714d45272

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\pc64.dll

Filesize
110KB

MD5
689329066fbffba37cbbd309cdce7d71

SHA1
7ccd96b2f34111769716aee29357ac8fdac1401a

SHA256
075c7c3661c27339cdf4d6390fa96a354062758db295874d5f7b18fa49479912

SHA512
f62f8fad9925189209662a50614038448c5bb0fb77aacd946437d705c85faa66ef400cddb8d4a3f814a5e22d7d122059cc4185ac77add5f1628ecdfaa60c9eb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\ps.dll

Filesize
177KB

MD5
759f82c45dfc3c7096d0f31542208b27

SHA1
6cf896cdd71886825e2737d20cd89e1182134826

SHA256
4c1a2a9b3bdb64f31bbf69951863b63ecf65c9d11196ca853acbb11fff25a699

SHA512
dd4ea829bbe970a094f356c47faf5635d5fc16fa09ee49ffbca8c10f7e6ec41a9b468f09d167003416067437e2a3b4e67d0caa1656842ed555eb5eac1f10626f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\sc.dll

Filesize
413KB

MD5
a9d50ca15a2b48df4e8206a9f52d97f9

SHA1
093716d8d000d9cabbed74998a0f1975e71466c6

SHA256
dacbb325494c4b8adb5071ac56cc6078c2a2419576189e0c0644428b4e459e74

SHA512
d1c4589cfb16ea6a721f9dd9f3d24b1f5ce6467ee0d45db3373a33b464cddb87d86266fbc974f5c78b671921d8600116b95af6d83bf1cfe9d8701f879abcae5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\sc64.dll

Filesize
540KB

MD5
6585fe4dd0025c3c854ab9412e63c31d

SHA1
8e325626c24a908883f4b88a54080e6693d9b300

SHA256
22499aaac8cf2c2764f74d0168df4b6a1601adf5201db26e3150c2cf850bf4c3

SHA512
b08f5e48e5910c515b3d3cd736177212f4dc6fc6d0045e048a5f7a03ce76a84df2ffbd8608c7296533d488d191aead99ff5aa052c48749b01bebd7e5b520c4b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\swm.exe

Filesize
902KB

MD5
1acc7072639d118988c835cee75bbec0

SHA1
d835c98a20cd39d178fb4ad0fbca65a6db1c1778

SHA256
4dc839fd21a87dd39ba75b49bd85c8d95b3d16dfce246691126dda3067540e57

SHA512
1d6ea497ea943287ae5b4dae085ea4393a78aed8218baa0cb51a9072d1178f8c81c6fb663acbb61bfaec557201ad161a341a291a717cb39bdb59c44c77116384

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\FDReader.ico

Filesize
24KB

MD5
d2e8402ab4a5000d4dffae8669bad58d

SHA1
d8549b7df0c105a8ecb9a47b8741b0a0bbb8138d

SHA256
d7281441cf2050c849f6155d8669fbf213b60e148b61ecef36a4cf082b634b2b

SHA512
92a990721578ae4028b5c0ad1dfb549ce3ebab9e43ff160cc82be5848630c24f8af81634f4419733b0f0b40a7296e44d1e1a63e5b2623b03449b91e85e148875

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\about.png

Filesize
99KB

MD5
4fdb4d16bbc720e59904b6658a91d7b3

SHA1
c87292215805533c5721b52e13ce9c0d0384b42e

SHA256
3e17af34768978c403c23a6737b5e65303c6295c100e8ed306023172a03f3105

SHA512
10469912dbc2046469d1adaa37daa800173873e347d99c286961bb3f01f1afa45dccc8f6cda6c81a405aa7b9411b309acb2a3cad3a4f6d09eac81c0b695eadb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\about_ok.png

Filesize
4KB

MD5
cd310285003f4e0f99d3abb8c11ad9cb

SHA1
6deef38fafed3c8e293baeca4354f705c0b3bcf5

SHA256
4ccb310fcc7526e1ccd091d2d8ce73109e446c2816c19bcf7a393f7af3b75f8a

SHA512
8e4758a52b83d1167ed6f6f9e3bb50b1b4980d92ce4b9c4508001b0c84922af7fdbe4401d66b19044443ba6ca7828e612f54a1f72330c42ad396fccbc1cc1388

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\about_ok_en.png

Filesize
7KB

MD5
f40a7c3ee4fd8ec083e8e5c1fd701bb1

SHA1
965d9c18410836227d3cc6bbc2403806d0f1f6da

SHA256
1e117e0f34e8829e2d0a210850c465a705d2f64cb010c4526f8a6af359de38f4

SHA512
d550fcf9234d524eb9367f96fb0d6599e75557ee6e81898c69f567d54f79aa8ff3efa62bfd71d0598074eba0852dd370b2bbe004d399650e675c311a26282fca

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\bkgnd.png

Filesize
64KB

MD5
cd4a66a1eb7564977a5e6040bee809dd

SHA1
97fbaa7c65f7b6065cd5a7d5c46453da37b01a01

SHA256
ae89982feedaf464b89a696879f2053dfb56182fc15fc86da7add64614cabf1a

SHA512
36e897fca29c2cb1ea7a4a080db555e80444291f28a02d9851e773abbcd0c8e197d3e6bb5619ef2a511e06fed36de9574b958d1d5571711df2f82e1d9066b2a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\lcex_header.png

Filesize
1KB

MD5
f2e9b590761bd30791b7b73671078237

SHA1
2e9fcc7c65dbbecdf33195f602caea26a97af7ea

SHA256
05a8356258239f7c42bf3dfbcc4424c9d4ac16717280380b95941bd3dd12a831

SHA512
ba151978f046391e96591fff983063be4ddee000a1fc1a7f3f79eeeffd4500c0e77d41fcb49ee2c77704a2acbe9f784623a192c09e5570268e398b8d6ca283f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\lcex_header_arrow.png

Filesize
2KB

MD5
320b5784ae6fea133e28722afac616a5

SHA1
7473601a48898508a0db3e5c3c9736c43d575bb4

SHA256
78bbf6632312bda5092b3113d1be092929cecd262f570431ad4e5f95b3cf2994

SHA512
f191482b26c84285c421249921ad120211264bec8c004f0abd4955bfd2d414fcee1063c815a498651d29f1c19693a4549c515d20df50e03364fcc9389216ffbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\login.gif

Filesize
11KB

MD5
836d515cd9aa511076e2dad8de33d0c8

SHA1
106e54142ddbe8272f30619ac4b4c335d85208ab

SHA256
22ced47119134b2aa0575601de1ea9866ce7bd1158726b4acf8e9925bd993b33

SHA512
fddf3c7d3feedef7e5600a68a468f4bc82e228514e16c0b371af72614f72c050a9fa342f3edead580a0597845b11eb5d83d37be42328007faa343a87a0046e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\login.png

Filesize
2KB

MD5
48d5e276ebe7ef191cc00f84d78af714

SHA1
1abe1e118ba8b535dea733f16deedb47708d252d

SHA256
16f590fdafab0f6572545b37753fc53cf49817d80d290fb41b708ee5e8610424

SHA512
d75c3f0a761c3fa0e257deeec661c6a08627a224d1937ad40a0a4020c5500f4221bea7282e83395d24232fe80b374c8cfe5b9ef646d4c7e18f65dfa899589c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\login_setting.png

Filesize
5KB

MD5
2251d9c75eacd1f91f85c4fa6c2042e9

SHA1
dbe2d2276dbf7a2dadf17291f35330e2717a6b6b

SHA256
6aa08ab6f1dbb43b229f7e40fc6eee94343da1a981777040e652a7db59795aaa

SHA512
ee49b9c2d310d8d848871942b416a057d016498c258ba8d9862459ed0751046816844aa898b3fe6e5926ed6e6e73f74770344912f3290d2addbb8958a22f4088

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\netfail.png

Filesize
3KB

MD5
3888565c20db5c63fbca2b1209cc9d55

SHA1
b900adc440ca57fbdebcf2b5727c2e5403553c15

SHA256
19b1e0cf65872fc149958656428a8c0d244b11b300d229974c43afc4dd916943

SHA512
2714f48b5e395dcd3479e1341d0201b0b527085a3a7964088ab29ea440cec3f036caeca3f67a9d8a3834fe7915350c478cb5427173322c896e8ba9d0d05451c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\netok.png

Filesize
3KB

MD5
e49d93cd9edfab2a2b1a6efa736e0aeb

SHA1
22d023157697ce7f1d190501c8bae72bc3a807e0

SHA256
eeb36c209af6f7a859b7e5e57465973b5011abed8ff9edefeedbdeff556cce39

SHA512
47e2643aa87a36d11ea6cdcff8563f30f0b91f811379b9961fd41a8da4c6a1312804e8fb0c80cc156f1df10f2ce00cb5b762660d88fb50ccabd58d0935a03e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\offline.ico

Filesize
24KB

MD5
e6edd3a72611d78e0cfcb38ac763a112

SHA1
74d7a99d8e5f7ddd5d2213df23399e04b9d514a6

SHA256
d2b2b4d01fbe2cd033bfae9878b8a5598867d05001fa48b87a9b4fb8b4cb6336

SHA512
8fdc17a8dafee2970d24d578fe8f24fc441e8b9d48c367ea281d411e1612f3a75ba26930b1b2f8a8c7f8b9b5d3dbb26309a17f501ba54e2709fec6222fb92e38

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\image\user_list_close.png

Filesize
3KB

MD5
76566ce661776a54382a07ac0789f591

SHA1
6b2f4832765d41e2d6cb64f05fb1a2a075dbf9f5

SHA256
01547e38cfcc836158f720c650d7ff9ac3cc0027246b50f6889b84e851f111b8

SHA512
e25a4bee9fe7803790f40239b16b9ac369f3f28596be294aa35f358a47ef47bd584932b17729ac41cddf62324525c17e7e22482e5b256383faacf4cd0d9c4c34

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\translator\lang_en.xml

Filesize
10KB

MD5
24d76013ae482d8cee25bd0ee9551845

SHA1
cd2e8e0ed767f4748052267db3f92a9adf0b1a3e

SHA256
65e4d45cbb5764caafd9138ff5d19ac7a53429f9e1dba48deea8bf9303c65583

SHA512
7de9a2b4798061b3f314ed667acdcfde624ec0ae8d60e2e1e34b67f545f92c3e06a8b7aa2e53ad53d322963a5b3ea5d48772af6eba8af73e859b2b0356cd55c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\translator\lang_tw.xml

Filesize
1KB

MD5
818972db3b9c615f61963510eb415233

SHA1
976078b506c2c0b052a7de978fcb448115a5a503

SHA256
375d00e0771f706a63aea73b39d8cfcf7b32e7b6704ef16118cbf2eefe8fa24b

SHA512
c8ce26e83dd01787b446c7ed32bfc88971c6145a6730c3c45eed8b005ae2d673456af8a192cb164bf9f4944c3dfaf352042bc22174751ca25963a170c3327c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\uires.idx

Filesize
2KB

MD5
f15d0280e710dc76ad256c4d8acc2485

SHA1
43b49d478f84c6ee202adfbc02dce471215875a8

SHA256
adc5c0deb4a9b95441dede9ca60dd263e162e870107abf1e4fd3d2d1b9be9ee4

SHA512
8b9986389ad1a7ea3d3518b702b8987c61f60577ac8347c57c006d1655388f2bc59e5d5bdb6e6b2859a162ece9c18dc3e32f766c25e98ccebf7feb5a974a00fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\xml\FDAlert.xml

Filesize
498B

MD5
c1c24996cf4fd00003e5cb57243d9522

SHA1
518293576e34afea1f9503fd8781f27c069af756

SHA256
24fbe33deaed6c7b5874f97a40e95db4b1361f0aa6dee96a07922b69131aa5f7

SHA512
2848432b841da31a4d930603aec7726cd3950889cf2b94f2fdb639776fc04c0ea00e62dfe7557287aa96391993e6f224284e3d0a88fe18b6a3ee8f27a756e146

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\xml\about.xml

Filesize
727B

MD5
599a84af171da778e76fe36fe54dcc55

SHA1
c650c66c7b9ffbbc2499a3c9424b459461c536c5

SHA256
8d00368abe73ade9a87f8092fba71ea2e6d65213552a5da4e1793fc8c8e25056

SHA512
bb826080055a4fec91dd65b453fc187f5b6eefb428d1710d2a13b93a1a68780d4cca9d669904f3932be8b5109d0ba18006f006394105fb8d1bd3a25c9f4f93a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\xml\about_en.xml

Filesize
730B

MD5
72625c48f2bb0ed19b6f6a7c1b402d1b

SHA1
50d9cc51eeee0d58462fe43bb8c615410fabd742

SHA256
0ded6e3f45a8268a9cc9c6fc6363b6ea09f97e5458faa1be42ef159fa6dc9ee4

SHA512
272f6871efdb4815cb2b83085472d2f0a28c03c5790fb369b26cd104a0b7516a9a8077043f197041c845ad9ba4d5dd3dc0b8a448e9b932efb10d57bb09ab6656

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\xml\check_passwd.xml

Filesize
1KB

MD5
3047132b5de2c10334b2104d33dbde64

SHA1
cf9fb79d4083b2f6357fc76b8a58876b40cdd0f0

SHA256
36e274987237c0acc103a294a2ac90089c6629971f4dc785a30e7eb738b90335

SHA512
9d6e07eafefd722a4482e47102627e92fdd3cb2a5050417798fb17723a9e7ef29ea5a49ceb11787e64ca0e4a0d23a8e01a851f578962ecfb804b18994e8279ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\xml\dlg_main.xml

Filesize
565B

MD5
b9b29ca32cef1be0ee6169fad34f9786

SHA1
cfd089a9144bd930f4fcdf0a52deb7184f69ca95

SHA256
505f2596632397fd31360d02e0f264537bf263fcdfda6b1bbe4768f720d9ede2

SHA512
5970fcbd00b261b9a95edfe27521500931736ff49c053eeafc09f6699bd39b5a259771d11525e69cf47075adb80901b726b115425d2fcd7df6cce619e4ebb3ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\xml\dlg_modify_pwd.xml

Filesize
1KB

MD5
f17a14d7905feb2541108368fbc0df99

SHA1
ac16f2804d3e29a1904e70cd73c61ef027510eec

SHA256
93f2fbebf2608ff635bdd67aae6afc8f51d197256dc8d6df8d431a1edd93bf80

SHA512
f7bf8446c45ac8102da342ac8a25252cc2abac9fe593ef7b6fdeee6bba5d0c17024c45c56f06f3089e9022d45cc5bce94f9aab218f99f150ff64b919f362b7e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\xml\dlg_show_file_info.xml

Filesize
1KB

MD5
7be9bb9201aa0596b562af57187c9ccf

SHA1
e560fc1b2d656e6e7537c635c4b000552893a0d8

SHA256
08f38fdd9a29cb586136555e751f4b98146339d5dd81f26ea9b39ba605499a23

SHA512
43f4fb12e5b03d4220aaa121cbeb78b8adbc0b07603466ff6ee592a8c60f94085ea8f0764772be90c363b91e918aa0ad03427072ab9d97031a79e0d474db0c2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgileTemp\Agile\FR\bin\uires\FDReader\xml\fd_file_list.xml

Filesize
2KB

MD5
c39b68c6dec13b5bb411d13387a6e4aa

SHA1
54e157be1b3b0b58a6fba7ef3396988d68155e08

SHA256
d69aa068e684834abe802e18c0303c750ebf17e763e2c4bf6774bb6570ff01a7

SHA512
5374b3e17f4fe737fa44d3a18eac017fa8a0a4580155dfbcf4d4a4a02629261bbd5cc701337d1e8300cf83c127fdfc9a78684c37418a9c47cc71bea1e17851b6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads