c9d475d146a04f730cbd437a3e544f59539c67c0907ed050d5440eb1c0154a32

Analysis

max time kernel
151s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2023 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c51866d585cd53_JC.exe
Size

15.5MB
MD5

c51866d585cd53bf068762f3090b244b
SHA1

5e14dd217c96d13c8a8a31ac07a2ecc220f15a05
SHA256

c9d475d146a04f730cbd437a3e544f59539c67c0907ed050d5440eb1c0154a32
SHA512

3a7697c690b6414b330bff020890e8059eabac07173f67ab4cdc5c2db778b894c227bc0c3c759b8fd1a4b790597bcfd1c5e1a3ccbbeddd80324d70bf6bc9d6e7
SSDEEP

393216:gUhIiCAJXAJEat0LBPAxuYE+SRKAWggQOtTcHVmzXibFTC3:gU2JEOIBPUn9ScAWgQT7XmFTC3

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\syswow64\drivers\Ldxghcore.sys	Ldx.Exe
File created	C:\Windows\syswow64\drivers\LdDisk.sys	Ldx.Exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Control Panel\International\Geo\Nation	c51866d585cd53_JC.exe

Executes dropped EXE 10 IoCs

pid	Process
2824	Ldx.Exe
5064	LdxFileServer.exe
4772	LdxFileServer.exe
3800	LdxFileServer.exe
4516	LdReject32.exe
1176	LdReject64.exe
3168	Process not Found
2852	Process not Found
2656	Process not Found
336	Process not Found

Loads dropped DLL 24 IoCs

pid	Process
2824	Ldx.Exe
2824	Ldx.Exe
3800	LdxFileServer.exe
4516	LdReject32.exe
4516	LdReject32.exe
4516	LdReject32.exe
1176	LdReject64.exe
1176	LdReject64.exe
1176	LdReject64.exe
3168	Process not Found
3168	Process not Found
2824	Ldx.Exe
3168	Process not Found
2824	Ldx.Exe
2824	Ldx.Exe
2824	Ldx.Exe
2824	Ldx.Exe
2852	Process not Found
2852	Process not Found
2656	Process not Found
2656	Process not Found
336	Process not Found
336	Process not Found
3168	Process not Found

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\syswow64\LdxHook32.dll	Ldx.Exe
File created	C:\Windows\system32\LdxHook64.dll	Ldx.Exe
File created	C:\Windows\syswow64\Ldxghijt32.dll	Ldx.Exe
File created	C:\Windows\system32\Ldxghijt64.dll	Ldx.Exe
File created	C:\Windows\syswow64\ghhlp32.dll	Ldx.Exe
File created	C:\Windows\system32\ghhlp64.dll	Ldx.Exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3800	LdxFileServer.exe
3800	LdxFileServer.exe
2824	Ldx.Exe
2824	Ldx.Exe
2824	Ldx.Exe
2824	Ldx.Exe
2824	Ldx.Exe
2824	Ldx.Exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe
3800	LdxFileServer.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
652	Process not Found
652	Process not Found
652	Process not Found
652	Process not Found

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
3964	c51866d585cd53_JC.exe
3964	c51866d585cd53_JC.exe
4516	LdReject32.exe
4516	LdReject32.exe
4516	LdReject32.exe
4516	LdReject32.exe
1176	LdReject64.exe
1176	LdReject64.exe
1176	LdReject64.exe
1176	LdReject64.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3964 wrote to memory of 2824	3964	c51866d585cd53_JC.exe	89
PID 3964 wrote to memory of 2824	3964	c51866d585cd53_JC.exe	89
PID 3964 wrote to memory of 2824	3964	c51866d585cd53_JC.exe	89
PID 2824 wrote to memory of 5064	2824	Ldx.Exe	94
PID 2824 wrote to memory of 5064	2824	Ldx.Exe	94
PID 2824 wrote to memory of 5064	2824	Ldx.Exe	94
PID 2824 wrote to memory of 4772	2824	Ldx.Exe	95
PID 2824 wrote to memory of 4772	2824	Ldx.Exe	95
PID 2824 wrote to memory of 4772	2824	Ldx.Exe	95
PID 3800 wrote to memory of 4516	3800	LdxFileServer.exe	97
PID 3800 wrote to memory of 4516	3800	LdxFileServer.exe	97
PID 3800 wrote to memory of 4516	3800	LdxFileServer.exe	97
PID 3800 wrote to memory of 1176	3800	LdxFileServer.exe	98
PID 3800 wrote to memory of 1176	3800	LdxFileServer.exe	98

C:\Users\Admin\AppData\Local\Temp\c51866d585cd53_JC.exe
"C:\Users\Admin\AppData\Local\Temp\c51866d585cd53_JC.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3964
- C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.Exe
  "C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.Exe" -srcfile "C:\Users\Admin\AppData\Local\Temp\c51866d585cd53_JC.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe
    C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe -install
    3⤵
    - Executes dropped EXE
    PID:5064
- - C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe
    C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe -start
    3⤵
    - Executes dropped EXE
    PID:4772

C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe
"C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe" -service
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3800
- C:\InetPub\ftproot\Tipray\LdRead\LdReject32.exe
  "C:\InetPub\ftproot\Tipray\LdRead\LdReject32.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4516
- C:\InetPub\ftproot\Tipray\LdRead\LdReject64.exe
  "C:\InetPub\ftproot\Tipray\LdRead\LdReject64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1176

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\InetPub\ftproot\Tipray\LdRead\Forbit.ini

Filesize
5KB

MD5
25a8a6e76c05c2e1cd7db5b1136b0b76

SHA1
7ddbacfa729657c74816edb8fab55e742340f4dd

SHA256
6af68bffb2c79fcaf8ca3a5a634d4e4f040945e977f1819642013c04c364c1b2

SHA512
ae66e5c311e1cbf8ac6c235f09d6c2658eec779d621208bb5e34b7701fa38dc1e3b3af8a3f82794ba78efd1fb4ed8bd26cb3f2f8ff86112ea80a3ae702c58641

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdCab.ini

Filesize
1KB

MD5
686697cdb722ef38b3d7901b65e7244b

SHA1
5b6ce23a308194fa899db183de84e6a26e62ba1d

SHA256
4b01f45b2b7566195551ddc79cbf7c8f0740819579d9cc4475189b3a6e9d5d63

SHA512
3e96db219dbd0660723e25cb2725c853dedcfa638822a4f063c9b65414b07370308d4b9af2b23ccbb43678083e3ab0eb974b4c572d4af3782282418294112452

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdDisk64.sys

Filesize
38KB

MD5
8949867dcb24455c32235b5868682d80

SHA1
833f3124c9057c13ba8ef89adb31ba561dad47b5

SHA256
dbb67d164122cd0a82b1afb46a2d4ab68d7e2642021181bb31e7e9d13ee62567

SHA512
ee771a9b0337cc0a05c20128e228f11971a41dff7fe23cfe466386fbc54b05a16d58e34249750747fbee22165fddf97e948ffb44073b81f832e28674121fa792

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdDisk64.sys

Filesize
38KB

MD5
8949867dcb24455c32235b5868682d80

SHA1
833f3124c9057c13ba8ef89adb31ba561dad47b5

SHA256
dbb67d164122cd0a82b1afb46a2d4ab68d7e2642021181bb31e7e9d13ee62567

SHA512
ee771a9b0337cc0a05c20128e228f11971a41dff7fe23cfe466386fbc54b05a16d58e34249750747fbee22165fddf97e948ffb44073b81f832e28674121fa792

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdPrintMonitor.dll

Filesize
824KB

MD5
3d57773347171b6d0c9b81074038b28d

SHA1
a776bc34080ec0a5d3240f9383f396654e763422

SHA256
2151443ea988397d17842612e7fdc74021c0e836c17b23eeba833f7acd5021e3

SHA512
5b313b63567a897d51a9cf5e12f8f52e740f2bc341b4043ac4d412de8ab72a48ef5d1da9c257ee160a82cf0d1b3f154b965bf52da53782028ec11a6ddbe6e13c

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdReject32.exe

Filesize
208KB

MD5
575287c553721ef2e34ce337bdb2f6f4

SHA1
04fd23ea97087dc120518e9f00f588033531ff81

SHA256
083ca7f7dcdac6f258a4b93cfbda4e097cce10f72edfa30405afa6261f479c71

SHA512
a9d3ca382b31e2d83750845548f54afe81b0f67301ebf4545455a002f45ad0f6dc867869460cc3332894448bbaa69a0ee4b64d6794679eb54337fb5f8ac52a2f

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdReject32.exe

Filesize
208KB

MD5
575287c553721ef2e34ce337bdb2f6f4

SHA1
04fd23ea97087dc120518e9f00f588033531ff81

SHA256
083ca7f7dcdac6f258a4b93cfbda4e097cce10f72edfa30405afa6261f479c71

SHA512
a9d3ca382b31e2d83750845548f54afe81b0f67301ebf4545455a002f45ad0f6dc867869460cc3332894448bbaa69a0ee4b64d6794679eb54337fb5f8ac52a2f

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdReject32.exe

Filesize
208KB

MD5
575287c553721ef2e34ce337bdb2f6f4

SHA1
04fd23ea97087dc120518e9f00f588033531ff81

SHA256
083ca7f7dcdac6f258a4b93cfbda4e097cce10f72edfa30405afa6261f479c71

SHA512
a9d3ca382b31e2d83750845548f54afe81b0f67301ebf4545455a002f45ad0f6dc867869460cc3332894448bbaa69a0ee4b64d6794679eb54337fb5f8ac52a2f

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdReject64.exe

Filesize
240KB

MD5
62fb90e648efec412e1e781ec293febb

SHA1
61bca0cdd91a682de6582f4332b1881ff5f23451

SHA256
9a1251c800661a5aaa0fdeff8bc2cd92c8fc48c78a90878eb74a286447bedd05

SHA512
34093e0fe7c45184aeab1840d289f9b5063dcb55528b98c0e0bbe421502385c43ce5b8969b590ce3b2778211f0a8812fb581b15eec4311e62b96b3e4e9ad180b

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdReject64.exe

Filesize
240KB

MD5
62fb90e648efec412e1e781ec293febb

SHA1
61bca0cdd91a682de6582f4332b1881ff5f23451

SHA256
9a1251c800661a5aaa0fdeff8bc2cd92c8fc48c78a90878eb74a286447bedd05

SHA512
34093e0fe7c45184aeab1840d289f9b5063dcb55528b98c0e0bbe421502385c43ce5b8969b590ce3b2778211f0a8812fb581b15eec4311e62b96b3e4e9ad180b

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdReject64.exe

Filesize
240KB

MD5
62fb90e648efec412e1e781ec293febb

SHA1
61bca0cdd91a682de6582f4332b1881ff5f23451

SHA256
9a1251c800661a5aaa0fdeff8bc2cd92c8fc48c78a90878eb74a286447bedd05

SHA512
34093e0fe7c45184aeab1840d289f9b5063dcb55528b98c0e0bbe421502385c43ce5b8969b590ce3b2778211f0a8812fb581b15eec4311e62b96b3e4e9ad180b

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdWaterMarkHook32.dll

Filesize
166KB

MD5
5a884854ed478fe9db8bcec6f985ecc5

SHA1
7352d6eab53d21782a982d37c9e69e1b40d17d45

SHA256
6fcaf1ca0c29b08b749c88412820c4cd00f6873f206544a3d8571d7820bcdaab

SHA512
5522d1083d859ed0b67fcf5f3acde5132bd60b9e3b173918cd1acd7d03d9ef10af20acc024962968a74ef78e13e0d0853405c19aa7b176005e426a5ffcd833b2

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdWaterMarkHook32.dll

Filesize
166KB

MD5
5a884854ed478fe9db8bcec6f985ecc5

SHA1
7352d6eab53d21782a982d37c9e69e1b40d17d45

SHA256
6fcaf1ca0c29b08b749c88412820c4cd00f6873f206544a3d8571d7820bcdaab

SHA512
5522d1083d859ed0b67fcf5f3acde5132bd60b9e3b173918cd1acd7d03d9ef10af20acc024962968a74ef78e13e0d0853405c19aa7b176005e426a5ffcd833b2

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe

Filesize
101KB

MD5
5b32c5b1ba357cb3e83263967a726a42

SHA1
1412c3abb07a4b4e18edc2d7edd2764a83c4dc5f

SHA256
bf0a2b6b005c173b5cd8a4530986d58c3a8895ce5cf98644c042ff7319d414b4

SHA512
61c5f62fdf31c6ba81ea495b4e1f08c518b53243bf458f4b421351af524ead43fdd1aeff27e21c50da5cd1dd663d35ecb64778410c777b15425d379d0d628432

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe

Filesize
101KB

MD5
5b32c5b1ba357cb3e83263967a726a42

SHA1
1412c3abb07a4b4e18edc2d7edd2764a83c4dc5f

SHA256
bf0a2b6b005c173b5cd8a4530986d58c3a8895ce5cf98644c042ff7319d414b4

SHA512
61c5f62fdf31c6ba81ea495b4e1f08c518b53243bf458f4b421351af524ead43fdd1aeff27e21c50da5cd1dd663d35ecb64778410c777b15425d379d0d628432

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe

Filesize
101KB

MD5
5b32c5b1ba357cb3e83263967a726a42

SHA1
1412c3abb07a4b4e18edc2d7edd2764a83c4dc5f

SHA256
bf0a2b6b005c173b5cd8a4530986d58c3a8895ce5cf98644c042ff7319d414b4

SHA512
61c5f62fdf31c6ba81ea495b4e1f08c518b53243bf458f4b421351af524ead43fdd1aeff27e21c50da5cd1dd663d35ecb64778410c777b15425d379d0d628432

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe

Filesize
101KB

MD5
5b32c5b1ba357cb3e83263967a726a42

SHA1
1412c3abb07a4b4e18edc2d7edd2764a83c4dc5f

SHA256
bf0a2b6b005c173b5cd8a4530986d58c3a8895ce5cf98644c042ff7319d414b4

SHA512
61c5f62fdf31c6ba81ea495b4e1f08c518b53243bf458f4b421351af524ead43fdd1aeff27e21c50da5cd1dd663d35ecb64778410c777b15425d379d0d628432

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe

Filesize
101KB

MD5
5b32c5b1ba357cb3e83263967a726a42

SHA1
1412c3abb07a4b4e18edc2d7edd2764a83c4dc5f

SHA256
bf0a2b6b005c173b5cd8a4530986d58c3a8895ce5cf98644c042ff7319d414b4

SHA512
61c5f62fdf31c6ba81ea495b4e1f08c518b53243bf458f4b421351af524ead43fdd1aeff27e21c50da5cd1dd663d35ecb64778410c777b15425d379d0d628432

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdxFileSys.dll

Filesize
288KB

MD5
e222327c45ffb1ebe00f9d8165259ca1

SHA1
530a736c3e8cd49fb9b7bab90b3ba5425809f77b

SHA256
b4b0c294552a8c1f4f40474b8d41a3007ba92945580e5ef17148d6d00c0c1d49

SHA512
acfe0b0c3808f791b0e479869f4a6cf744bf3912e7ed87a76ca228f696384fd8bbadd7c1c0eac287fa1ce5c22257b415d91e53246e66526a0460278ca0aaac3b

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdxFileSys.dll

Filesize
288KB

MD5
e222327c45ffb1ebe00f9d8165259ca1

SHA1
530a736c3e8cd49fb9b7bab90b3ba5425809f77b

SHA256
b4b0c294552a8c1f4f40474b8d41a3007ba92945580e5ef17148d6d00c0c1d49

SHA512
acfe0b0c3808f791b0e479869f4a6cf744bf3912e7ed87a76ca228f696384fd8bbadd7c1c0eac287fa1ce5c22257b415d91e53246e66526a0460278ca0aaac3b

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdxHook32.dll

Filesize
184KB

MD5
367aa3905990df6039c1f2b965bf2c99

SHA1
994bc3671913a58660ffa0e9dac42750d78f0441

SHA256
3c4f549a434f0c4cf8ba2a41fd9949ba95212960e57b64c47b2ba31616f286b0

SHA512
8e7fa552f0674f441c5ec8524731d30cfb30d0029bb21bbe538e970dd2bef6c4b98555a9adef25551324244a030cfbf72b9fe9d6be7806f5424516d1d8cb199f

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdxHook32.dll

Filesize
184KB

MD5
367aa3905990df6039c1f2b965bf2c99

SHA1
994bc3671913a58660ffa0e9dac42750d78f0441

SHA256
3c4f549a434f0c4cf8ba2a41fd9949ba95212960e57b64c47b2ba31616f286b0

SHA512
8e7fa552f0674f441c5ec8524731d30cfb30d0029bb21bbe538e970dd2bef6c4b98555a9adef25551324244a030cfbf72b9fe9d6be7806f5424516d1d8cb199f

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdxHook64.dll

Filesize
214KB

MD5
509f8b3b407582abb2d960f71aa7541a

SHA1
aab419aa4dde69ecc59729ee299006a91c7c1643

SHA256
641f7174db6e2a7e4539dfe54328c580cf080a8ceeb4f9e54074a27046078592

SHA512
36ac39471d8acf1e5288dca73375864f3828c15385525c58bbf0980e164dbe429ab6eb68cfbed9a817cec4e6ae395d8cb32cd2ff1a3d15e7e5078d5510e77f07

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdxHook64.dll

Filesize
214KB

MD5
509f8b3b407582abb2d960f71aa7541a

SHA1
aab419aa4dde69ecc59729ee299006a91c7c1643

SHA256
641f7174db6e2a7e4539dfe54328c580cf080a8ceeb4f9e54074a27046078592

SHA512
36ac39471d8acf1e5288dca73375864f3828c15385525c58bbf0980e164dbe429ab6eb68cfbed9a817cec4e6ae395d8cb32cd2ff1a3d15e7e5078d5510e77f07

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdxShareData32.dll

Filesize
469KB

MD5
14f922037ed3f4374269ae98763f2920

SHA1
dcdfaa981b30f65aecea010d965c3cde52739434

SHA256
0618289f3dfa3cc7e2be262c3a9185d29c774fecbd88374b5af550589b0ad3bd

SHA512
e27c1170697be5cfd704b37d0a1b1883acd5f5cd2db1dadbdbc894d00ca4a9fb12929cd67ef50de8166339340c27309bdd9d7b54d4ecadedf8e0ac4c7847e3e4

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\LdxShareData32.dll

Filesize
469KB

MD5
14f922037ed3f4374269ae98763f2920

SHA1
dcdfaa981b30f65aecea010d965c3cde52739434

SHA256
0618289f3dfa3cc7e2be262c3a9185d29c774fecbd88374b5af550589b0ad3bd

SHA512
e27c1170697be5cfd704b37d0a1b1883acd5f5cd2db1dadbdbc894d00ca4a9fb12929cd67ef50de8166339340c27309bdd9d7b54d4ecadedf8e0ac4c7847e3e4

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\Ldxghcore64.sys

Filesize
53KB

MD5
b3d1302fa149394f4b3bd055e396fe2b

SHA1
2086df38684abaeec85d537a1fd9bcfe74ebe0a4

SHA256
88471a6eaa46aa857d06b78e8799990b9da8142e6ec9f6c3fd7a83d40b62101c

SHA512
19fef425fca0906bca6e4d6b5e608ee1be3a6a2dc4829e9fb85481afe9047086797b23cfca56dc7c909f4778409b81fafcaf646e31af41982ffd4b06802f5fd2

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\ghhlp32.dll

Filesize
298KB

MD5
7d98dd4c0472d8f6def089c24a7a6a5b

SHA1
d03cdbbf98d6a071b83a333106517694c580ad6c

SHA256
9682137021d40a3ae96a3327a26d71f5cf10bd00c3789152d713ba7dc9a0c680

SHA512
d559fcf921750770eb75f2a0aa65b101ddd1b6dadf9b834a4df8c9afaac52f5e0d9f433a1353e4e85d44d864338f69351ce6718a6b41a97dde012d6473b93551

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\ghhlp32.dll

Filesize
298KB

MD5
7d98dd4c0472d8f6def089c24a7a6a5b

SHA1
d03cdbbf98d6a071b83a333106517694c580ad6c

SHA256
9682137021d40a3ae96a3327a26d71f5cf10bd00c3789152d713ba7dc9a0c680

SHA512
d559fcf921750770eb75f2a0aa65b101ddd1b6dadf9b834a4df8c9afaac52f5e0d9f433a1353e4e85d44d864338f69351ce6718a6b41a97dde012d6473b93551

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\ghhlp64.dll

Filesize
345KB

MD5
179c3c88f36389b259a2cf85dc4b4143

SHA1
f3dcff7a4c16070eb1cae5a554ea8875a7e3bdf6

SHA256
3b4a1e6e7371c3f359b1b12c77ec6558cf3f84e4c135071fac9cc1048abb7586

SHA512
090cf699c26d7a58b5e9310296bc0b066d26268212e54099683e4e7f77a8b5a2391ac824470751180f0e2b245db00a430b701f4956dc56e4b36b34cc144c25a4

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\ghhlp64.dll

Filesize
345KB

MD5
179c3c88f36389b259a2cf85dc4b4143

SHA1
f3dcff7a4c16070eb1cae5a554ea8875a7e3bdf6

SHA256
3b4a1e6e7371c3f359b1b12c77ec6558cf3f84e4c135071fac9cc1048abb7586

SHA512
090cf699c26d7a58b5e9310296bc0b066d26268212e54099683e4e7f77a8b5a2391ac824470751180f0e2b245db00a430b701f4956dc56e4b36b34cc144c25a4

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\ldxghcore64.sys

Filesize
53KB

MD5
b3d1302fa149394f4b3bd055e396fe2b

SHA1
2086df38684abaeec85d537a1fd9bcfe74ebe0a4

SHA256
88471a6eaa46aa857d06b78e8799990b9da8142e6ec9f6c3fd7a83d40b62101c

SHA512
19fef425fca0906bca6e4d6b5e608ee1be3a6a2dc4829e9fb85481afe9047086797b23cfca56dc7c909f4778409b81fafcaf646e31af41982ffd4b06802f5fd2

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\ldxghijt32.dll

Filesize
68KB

MD5
c772ef7dbc8d47a84e4211085fe0c84f

SHA1
063758630a99f8d00ff3a465309bc8896255b4c9

SHA256
c67cab98a0d9278a19d006a15ed2c10da79024f45a41f9aa32220b5caea7a9e3

SHA512
9ef393ae67312c4dcf9d6d0a86fe8b56c8f155e0717b0c989fb7a738e91b3db5c80c856979c398b157af56fd7f521353da536b9c75ddc1b302f3360905d90638

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\ldxghijt32.dll

Filesize
68KB

MD5
c772ef7dbc8d47a84e4211085fe0c84f

SHA1
063758630a99f8d00ff3a465309bc8896255b4c9

SHA256
c67cab98a0d9278a19d006a15ed2c10da79024f45a41f9aa32220b5caea7a9e3

SHA512
9ef393ae67312c4dcf9d6d0a86fe8b56c8f155e0717b0c989fb7a738e91b3db5c80c856979c398b157af56fd7f521353da536b9c75ddc1b302f3360905d90638

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\ldxghijt64.dll

Filesize
70KB

MD5
6b64ed6b13408a082ca5fa163852ba6f

SHA1
315a76acd8783cc9dba8324e503dcbdf11ff18f7

SHA256
0224d31abfa1efd26a856b6e5248cf9a48767f7250c04fc13fa7e340faa50103

SHA512
a43b2f95141427ecfc95cf05713705091b7320a6495808c7e70da9d11f2a96b9c0a6a11c3c0b41561613f5f24d0e0973a062ce0a3c1705133152b2b05fa261ec

Download Submit
C:\InetPub\ftproot\Tipray\LdRead\ldxghijt64.dll

Filesize
70KB

MD5
6b64ed6b13408a082ca5fa163852ba6f

SHA1
315a76acd8783cc9dba8324e503dcbdf11ff18f7

SHA256
0224d31abfa1efd26a856b6e5248cf9a48767f7250c04fc13fa7e340faa50103

SHA512
a43b2f95141427ecfc95cf05713705091b7320a6495808c7e70da9d11f2a96b9c0a6a11c3c0b41561613f5f24d0e0973a062ce0a3c1705133152b2b05fa261ec

Download Submit
C:\InetPub\ftproot\Tipray\LdTerm\Log\MSXGLQPS_Admin\Ldx.log

Filesize
4KB

MD5
d91b74d9514bd97ec60fc496eef52a7d

SHA1
8be3383c83ff758cb91197798f6d6b4424e0262e

SHA256
35d036f1fe93fb3875b68f6cfa8b7cdbfdfab5e7dd7ade42a4447fd49691ddc7

SHA512
61049c996c1f514a907ff4031da20c8c22985d3a4b24d3ad3abc6635093ab704a271fb9025e7f31fdc31bb47808a3c043ddc1fcc7bdad72a4ce9505fe6f33aa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\ArLib.dll

Filesize
500KB

MD5
9e436141cb664da882a1fbc069af8fdd

SHA1
a6cef1bdf1cf08c2f47f1822c8097be4b8e673b3

SHA256
656f1629fcdde9230f29a89c41ab1984e8cf301ad6aa487ec95c96230ad84940

SHA512
695a96c042254fce7371c9ab9ba45b49b290f88e3c9ec9d4493e83b6d1db52c243e5f048a446d4b345cd1cc2ea1cfac35dce75ee7fc329ba7b1be9f91d57347c

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\ArLib.dll

Filesize
500KB

MD5
9e436141cb664da882a1fbc069af8fdd

SHA1
a6cef1bdf1cf08c2f47f1822c8097be4b8e673b3

SHA256
656f1629fcdde9230f29a89c41ab1984e8cf301ad6aa487ec95c96230ad84940

SHA512
695a96c042254fce7371c9ab9ba45b49b290f88e3c9ec9d4493e83b6d1db52c243e5f048a446d4b345cd1cc2ea1cfac35dce75ee7fc329ba7b1be9f91d57347c

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Forbit.ini

Filesize
5KB

MD5
25a8a6e76c05c2e1cd7db5b1136b0b76

SHA1
7ddbacfa729657c74816edb8fab55e742340f4dd

SHA256
6af68bffb2c79fcaf8ca3a5a634d4e4f040945e977f1819642013c04c364c1b2

SHA512
ae66e5c311e1cbf8ac6c235f09d6c2658eec779d621208bb5e34b7701fa38dc1e3b3af8a3f82794ba78efd1fb4ed8bd26cb3f2f8ff86112ea80a3ae702c58641

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdCab.exe

Filesize
339KB

MD5
20679f9b1377cc7cf9f41369e6085948

SHA1
9bd8861694812e51103c3202860d02985c766b73

SHA256
54d4ad5be72ef82cd1dbaae6b1c1a66af77a886ff6d25c0870b8a7f3690cce32

SHA512
68ee5f869cd6450bc98806f7b91279c0331860a474738e3972ad7bfac8597a33d77fb3a3e4dffbd6291017ce11160392e39bd072913d37f736132688a35f8e57

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdCab.exe

Filesize
339KB

MD5
20679f9b1377cc7cf9f41369e6085948

SHA1
9bd8861694812e51103c3202860d02985c766b73

SHA256
54d4ad5be72ef82cd1dbaae6b1c1a66af77a886ff6d25c0870b8a7f3690cce32

SHA512
68ee5f869cd6450bc98806f7b91279c0331860a474738e3972ad7bfac8597a33d77fb3a3e4dffbd6291017ce11160392e39bd072913d37f736132688a35f8e57

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdCab.ini

Filesize
1KB

MD5
686697cdb722ef38b3d7901b65e7244b

SHA1
5b6ce23a308194fa899db183de84e6a26e62ba1d

SHA256
4b01f45b2b7566195551ddc79cbf7c8f0740819579d9cc4475189b3a6e9d5d63

SHA512
3e96db219dbd0660723e25cb2725c853dedcfa638822a4f063c9b65414b07370308d4b9af2b23ccbb43678083e3ab0eb974b4c572d4af3782282418294112452

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdDisk32.sys

Filesize
61KB

MD5
05dac57a73bf83b5c9d6a3865e08807a

SHA1
1ac69375876fcdfbc242f5996ac75d518360e414

SHA256
5700a8f682a86ea070f50936551a67ce8c048503c34649847dea40eda4b8fb8b

SHA512
278810f0752f33ce57a1a25f1b3cbaa10bfa67a556b4a195564f873e4f358bb384ac5042cb7b7563275d5020904a801ed67cc1e36f7fc1268bf7371705af2058

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdDisk64.sys

Filesize
38KB

MD5
8949867dcb24455c32235b5868682d80

SHA1
833f3124c9057c13ba8ef89adb31ba561dad47b5

SHA256
dbb67d164122cd0a82b1afb46a2d4ab68d7e2642021181bb31e7e9d13ee62567

SHA512
ee771a9b0337cc0a05c20128e228f11971a41dff7fe23cfe466386fbc54b05a16d58e34249750747fbee22165fddf97e948ffb44073b81f832e28674121fa792

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdKeRestore.sys

Filesize
11KB

MD5
60537ecb5cc7b9e0c0228aa64120f9d3

SHA1
37183288c17bd2090be90cb174ab9531200e3df9

SHA256
52b6b551b2aa9c6e0a97840e87e89382d0724ecb0f3c1049e768bf0169bac803

SHA512
6b17067ba496c9fe936f3ea87a5ab07f5a7ea0023424bd84676b4a1bd8704e17a52e3fa12c774e9563de0fdb25c011f5decd896fd628a5e5e114cfc0b60b4202

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdPrintMonitor.dll

Filesize
824KB

MD5
3d57773347171b6d0c9b81074038b28d

SHA1
a776bc34080ec0a5d3240f9383f396654e763422

SHA256
2151443ea988397d17842612e7fdc74021c0e836c17b23eeba833f7acd5021e3

SHA512
5b313b63567a897d51a9cf5e12f8f52e740f2bc341b4043ac4d412de8ab72a48ef5d1da9c257ee160a82cf0d1b3f154b965bf52da53782028ec11a6ddbe6e13c

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdPrintMonitor64.dll

Filesize
1015KB

MD5
1ea0ad57198d433a5b1babebb8ad2119

SHA1
8f204d76f6e1cc5252ca4fb99f41ac0f02bdbf4a

SHA256
0e22eac42949b0ac0a37a63438b75c8a3f08d25d37be85a8f151c23c7d566861

SHA512
5c1a44a44d50abd05780a002dc686f1616e591d2011adb345f550688677e2024f7d36b94a2f09b319ca9233d71af6359ddb81ffbd0027472bb797a90e38fd295

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdReject32.exe

Filesize
208KB

MD5
575287c553721ef2e34ce337bdb2f6f4

SHA1
04fd23ea97087dc120518e9f00f588033531ff81

SHA256
083ca7f7dcdac6f258a4b93cfbda4e097cce10f72edfa30405afa6261f479c71

SHA512
a9d3ca382b31e2d83750845548f54afe81b0f67301ebf4545455a002f45ad0f6dc867869460cc3332894448bbaa69a0ee4b64d6794679eb54337fb5f8ac52a2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdReject64.exe

Filesize
240KB

MD5
62fb90e648efec412e1e781ec293febb

SHA1
61bca0cdd91a682de6582f4332b1881ff5f23451

SHA256
9a1251c800661a5aaa0fdeff8bc2cd92c8fc48c78a90878eb74a286447bedd05

SHA512
34093e0fe7c45184aeab1840d289f9b5063dcb55528b98c0e0bbe421502385c43ce5b8969b590ce3b2778211f0a8812fb581b15eec4311e62b96b3e4e9ad180b

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdWaterMarkHook32.dll

Filesize
166KB

MD5
5a884854ed478fe9db8bcec6f985ecc5

SHA1
7352d6eab53d21782a982d37c9e69e1b40d17d45

SHA256
6fcaf1ca0c29b08b749c88412820c4cd00f6873f206544a3d8571d7820bcdaab

SHA512
5522d1083d859ed0b67fcf5f3acde5132bd60b9e3b173918cd1acd7d03d9ef10af20acc024962968a74ef78e13e0d0853405c19aa7b176005e426a5ffcd833b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdWaterMarkHook64.dll

Filesize
147KB

MD5
63d62aeb9834397de374ee3ce2fc2caa

SHA1
7e7fc1b0317b4079922db9ca370502b9d19457ff

SHA256
dddf427aa6da198b7d59647b28800fc1bbc3acb593c1c8d0f09f3cb2db148273

SHA512
b3bd41c6a324f3aa5eb4f72564c95544649220b7f78f6af7ab6fd3e6a0e5338d299ecd037bdbdba3536060d98a773ac41fcd4ab19a098686b9446874363ef210

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.CHT

Filesize
130KB

MD5
d28021be3019dcfc704ff2af7a8df4fb

SHA1
75515fddbff9442173ca820d5f60c6c15dfa2c19

SHA256
a4f3f81a4a9f09d46d8b86cee59a2e6c6ec0b262fdf26250c1de233b68a5f596

SHA512
ec30b2d92530c156978236ab2f878b10b43809699f6b3d0c82122da69dd17567cbcc7510538fc4db4df3b69ac47f4f510abf4a00c0087bda0f3d054b2c3bd2cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.EN

Filesize
135KB

MD5
e0e4e679e878afb747ff5604307ff640

SHA1
6e60599f69d5fe3eab5cb13e5570253784d76a0a

SHA256
eb8aa45a13ec5314cbc4e707179746bed060da4ddef1995ec2fdd6cbc5a0d578

SHA512
76c447bc1059e80ae810f745d35c756e2218378a7277b1bfed347abf6f04053313d9347248431afd079af7f2f58ba0783435ac5d8024907bc1f1156dd82378a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.Exe

Filesize
1.1MB

MD5
f352ecc0d75237693091afa03bb99c14

SHA1
905c918ce031af10b9397868da477edb881d884b

SHA256
bf4bf5514dc8a633271fd284cbb2d15086e919b85a4ae114fcf9ea6ba168fc8d

SHA512
56aede7dfcf7a1e9748d6787f65e2ee5ecee645b0d58e18fe5ad1214e94e67fef6ab2564dbd73a8bf3be0a0307a3518507c00c22d4c14b2868251f167bc66da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.exe

Filesize
1.1MB

MD5
f352ecc0d75237693091afa03bb99c14

SHA1
905c918ce031af10b9397868da477edb881d884b

SHA256
bf4bf5514dc8a633271fd284cbb2d15086e919b85a4ae114fcf9ea6ba168fc8d

SHA512
56aede7dfcf7a1e9748d6787f65e2ee5ecee645b0d58e18fe5ad1214e94e67fef6ab2564dbd73a8bf3be0a0307a3518507c00c22d4c14b2868251f167bc66da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.exe

Filesize
1.1MB

MD5
f352ecc0d75237693091afa03bb99c14

SHA1
905c918ce031af10b9397868da477edb881d884b

SHA256
bf4bf5514dc8a633271fd284cbb2d15086e919b85a4ae114fcf9ea6ba168fc8d

SHA512
56aede7dfcf7a1e9748d6787f65e2ee5ecee645b0d58e18fe5ad1214e94e67fef6ab2564dbd73a8bf3be0a0307a3518507c00c22d4c14b2868251f167bc66da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdxFileServer.exe

Filesize
101KB

MD5
5b32c5b1ba357cb3e83263967a726a42

SHA1
1412c3abb07a4b4e18edc2d7edd2764a83c4dc5f

SHA256
bf0a2b6b005c173b5cd8a4530986d58c3a8895ce5cf98644c042ff7319d414b4

SHA512
61c5f62fdf31c6ba81ea495b4e1f08c518b53243bf458f4b421351af524ead43fdd1aeff27e21c50da5cd1dd663d35ecb64778410c777b15425d379d0d628432

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdxFileSys.dll

Filesize
288KB

MD5
e222327c45ffb1ebe00f9d8165259ca1

SHA1
530a736c3e8cd49fb9b7bab90b3ba5425809f77b

SHA256
b4b0c294552a8c1f4f40474b8d41a3007ba92945580e5ef17148d6d00c0c1d49

SHA512
acfe0b0c3808f791b0e479869f4a6cf744bf3912e7ed87a76ca228f696384fd8bbadd7c1c0eac287fa1ce5c22257b415d91e53246e66526a0460278ca0aaac3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdxFileSys.dll

Filesize
288KB

MD5
e222327c45ffb1ebe00f9d8165259ca1

SHA1
530a736c3e8cd49fb9b7bab90b3ba5425809f77b

SHA256
b4b0c294552a8c1f4f40474b8d41a3007ba92945580e5ef17148d6d00c0c1d49

SHA512
acfe0b0c3808f791b0e479869f4a6cf744bf3912e7ed87a76ca228f696384fd8bbadd7c1c0eac287fa1ce5c22257b415d91e53246e66526a0460278ca0aaac3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdxHook32.dll

Filesize
184KB

MD5
367aa3905990df6039c1f2b965bf2c99

SHA1
994bc3671913a58660ffa0e9dac42750d78f0441

SHA256
3c4f549a434f0c4cf8ba2a41fd9949ba95212960e57b64c47b2ba31616f286b0

SHA512
8e7fa552f0674f441c5ec8524731d30cfb30d0029bb21bbe538e970dd2bef6c4b98555a9adef25551324244a030cfbf72b9fe9d6be7806f5424516d1d8cb199f

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdxHook64.dll

Filesize
214KB

MD5
509f8b3b407582abb2d960f71aa7541a

SHA1
aab419aa4dde69ecc59729ee299006a91c7c1643

SHA256
641f7174db6e2a7e4539dfe54328c580cf080a8ceeb4f9e54074a27046078592

SHA512
36ac39471d8acf1e5288dca73375864f3828c15385525c58bbf0980e164dbe429ab6eb68cfbed9a817cec4e6ae395d8cb32cd2ff1a3d15e7e5078d5510e77f07

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdxShareData32.dll

Filesize
469KB

MD5
14f922037ed3f4374269ae98763f2920

SHA1
dcdfaa981b30f65aecea010d965c3cde52739434

SHA256
0618289f3dfa3cc7e2be262c3a9185d29c774fecbd88374b5af550589b0ad3bd

SHA512
e27c1170697be5cfd704b37d0a1b1883acd5f5cd2db1dadbdbc894d00ca4a9fb12929cd67ef50de8166339340c27309bdd9d7b54d4ecadedf8e0ac4c7847e3e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdxShareData64.dll

Filesize
561KB

MD5
aeddd23d7b2c4167351c9713bdde8e6d

SHA1
0e8de216ac4e6a1119ff4d43927fe0d416d02732

SHA256
ecb5425333992da9a85188e266bad4abde2afd9fa6c4da9f350ff13d11edc302

SHA512
26cabc10f82206d061c4126b444987bdeab5ca1e6b1b785f6f427ac95f18b0fdbb77606398cd849e6d5527991be83ea6cdceca017df7178105e61dc4e93750be

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdxSysCtrl.dll

Filesize
331KB

MD5
aff08b694e437f056ec78f5f2ca6c36a

SHA1
403b05f7067223e56f5165ed7c844777064c42f9

SHA256
7e34d471aafec31b380778ba896291da4022bf382f3a9846ec8d8024c4d7dad6

SHA512
d9d9d33606533314112955e275f390e4427499ecc9355e22d17869b417d52e076afdd3ecd47b3e05d358fe5dbe30051a7e94f8264a7ffb646cc74771e0b00281

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\detoured.dll

Filesize
20KB

MD5
12693b4ffa3346459c69ca40ae8a2320

SHA1
6b30480a99ba05319b24e5c1092b8cd45ee914d4

SHA256
7d42561abfb010abf851f6e62e7e0daabaf8d41919c9ac846b744d0ace6b29f3

SHA512
f64d1e8c30fbbc5ab8484d63ca9b1f01136757366a22549e1998613753d4738ba37122c31334bbb9e3007dd9dbf3a17c6d547a0811656ae8513880ab697d962c

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\ghhlp32.dll

Filesize
298KB

MD5
7d98dd4c0472d8f6def089c24a7a6a5b

SHA1
d03cdbbf98d6a071b83a333106517694c580ad6c

SHA256
9682137021d40a3ae96a3327a26d71f5cf10bd00c3789152d713ba7dc9a0c680

SHA512
d559fcf921750770eb75f2a0aa65b101ddd1b6dadf9b834a4df8c9afaac52f5e0d9f433a1353e4e85d44d864338f69351ce6718a6b41a97dde012d6473b93551

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\ghhlp64.dll

Filesize
345KB

MD5
179c3c88f36389b259a2cf85dc4b4143

SHA1
f3dcff7a4c16070eb1cae5a554ea8875a7e3bdf6

SHA256
3b4a1e6e7371c3f359b1b12c77ec6558cf3f84e4c135071fac9cc1048abb7586

SHA512
090cf699c26d7a58b5e9310296bc0b066d26268212e54099683e4e7f77a8b5a2391ac824470751180f0e2b245db00a430b701f4956dc56e4b36b34cc144c25a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\ldxghcore32.sys

Filesize
27KB

MD5
3228eece88b3407fcc5f9f9c6a99766a

SHA1
b4cae6e3c75ddf26cb2d932511378eb1385bd61b

SHA256
67df4a3078bda9f24006f394c181995c631784c457bccbffb669140d310c9228

SHA512
60e7c494a5d71ea6bc3abd2f64b039d3a88dc07faa803975e693998655b32b2e800fb6ed072e15f6bc2c670f22a012e41ea5b89ac9d8e3c110bcce946e62127e

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\ldxghcore64.sys

Filesize
53KB

MD5
b3d1302fa149394f4b3bd055e396fe2b

SHA1
2086df38684abaeec85d537a1fd9bcfe74ebe0a4

SHA256
88471a6eaa46aa857d06b78e8799990b9da8142e6ec9f6c3fd7a83d40b62101c

SHA512
19fef425fca0906bca6e4d6b5e608ee1be3a6a2dc4829e9fb85481afe9047086797b23cfca56dc7c909f4778409b81fafcaf646e31af41982ffd4b06802f5fd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\ldxghijt32.dll

Filesize
68KB

MD5
c772ef7dbc8d47a84e4211085fe0c84f

SHA1
063758630a99f8d00ff3a465309bc8896255b4c9

SHA256
c67cab98a0d9278a19d006a15ed2c10da79024f45a41f9aa32220b5caea7a9e3

SHA512
9ef393ae67312c4dcf9d6d0a86fe8b56c8f155e0717b0c989fb7a738e91b3db5c80c856979c398b157af56fd7f521353da536b9c75ddc1b302f3360905d90638

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\ldxghijt64.dll

Filesize
70KB

MD5
6b64ed6b13408a082ca5fa163852ba6f

SHA1
315a76acd8783cc9dba8324e503dcbdf11ff18f7

SHA256
0224d31abfa1efd26a856b6e5248cf9a48767f7250c04fc13fa7e340faa50103

SHA512
a43b2f95141427ecfc95cf05713705091b7320a6495808c7e70da9d11f2a96b9c0a6a11c3c0b41561613f5f24d0e0973a062ce0a3c1705133152b2b05fa261ec

Download Submit
C:\Windows\System32\LdxHook64.dll

Filesize
214KB

MD5
509f8b3b407582abb2d960f71aa7541a

SHA1
aab419aa4dde69ecc59729ee299006a91c7c1643

SHA256
641f7174db6e2a7e4539dfe54328c580cf080a8ceeb4f9e54074a27046078592

SHA512
36ac39471d8acf1e5288dca73375864f3828c15385525c58bbf0980e164dbe429ab6eb68cfbed9a817cec4e6ae395d8cb32cd2ff1a3d15e7e5078d5510e77f07

Download Submit
C:\Windows\System32\ghhlp64.dll

Filesize
345KB

MD5
179c3c88f36389b259a2cf85dc4b4143

SHA1
f3dcff7a4c16070eb1cae5a554ea8875a7e3bdf6

SHA256
3b4a1e6e7371c3f359b1b12c77ec6558cf3f84e4c135071fac9cc1048abb7586

SHA512
090cf699c26d7a58b5e9310296bc0b066d26268212e54099683e4e7f77a8b5a2391ac824470751180f0e2b245db00a430b701f4956dc56e4b36b34cc144c25a4

Download Submit
C:\Windows\System32\ldxghijt64.dll

Filesize
70KB

MD5
6b64ed6b13408a082ca5fa163852ba6f

SHA1
315a76acd8783cc9dba8324e503dcbdf11ff18f7

SHA256
0224d31abfa1efd26a856b6e5248cf9a48767f7250c04fc13fa7e340faa50103

SHA512
a43b2f95141427ecfc95cf05713705091b7320a6495808c7e70da9d11f2a96b9c0a6a11c3c0b41561613f5f24d0e0973a062ce0a3c1705133152b2b05fa261ec

Download Submit
C:\Windows\Syswow64\LdxHook32.dll

Filesize
184KB

MD5
367aa3905990df6039c1f2b965bf2c99

SHA1
994bc3671913a58660ffa0e9dac42750d78f0441

SHA256
3c4f549a434f0c4cf8ba2a41fd9949ba95212960e57b64c47b2ba31616f286b0

SHA512
8e7fa552f0674f441c5ec8524731d30cfb30d0029bb21bbe538e970dd2bef6c4b98555a9adef25551324244a030cfbf72b9fe9d6be7806f5424516d1d8cb199f

Download Submit
C:\Windows\Syswow64\drivers\LdDisk.sys

Filesize
38KB

MD5
8949867dcb24455c32235b5868682d80

SHA1
833f3124c9057c13ba8ef89adb31ba561dad47b5

SHA256
dbb67d164122cd0a82b1afb46a2d4ab68d7e2642021181bb31e7e9d13ee62567

SHA512
ee771a9b0337cc0a05c20128e228f11971a41dff7fe23cfe466386fbc54b05a16d58e34249750747fbee22165fddf97e948ffb44073b81f832e28674121fa792

Download Submit
C:\Windows\Syswow64\drivers\Ldxghcore.sys

Filesize
53KB

MD5
b3d1302fa149394f4b3bd055e396fe2b

SHA1
2086df38684abaeec85d537a1fd9bcfe74ebe0a4

SHA256
88471a6eaa46aa857d06b78e8799990b9da8142e6ec9f6c3fd7a83d40b62101c

SHA512
19fef425fca0906bca6e4d6b5e608ee1be3a6a2dc4829e9fb85481afe9047086797b23cfca56dc7c909f4778409b81fafcaf646e31af41982ffd4b06802f5fd2

Download Submit
C:\Windows\Syswow64\ghhlp32.dll

Filesize
298KB

MD5
7d98dd4c0472d8f6def089c24a7a6a5b

SHA1
d03cdbbf98d6a071b83a333106517694c580ad6c

SHA256
9682137021d40a3ae96a3327a26d71f5cf10bd00c3789152d713ba7dc9a0c680

SHA512
d559fcf921750770eb75f2a0aa65b101ddd1b6dadf9b834a4df8c9afaac52f5e0d9f433a1353e4e85d44d864338f69351ce6718a6b41a97dde012d6473b93551

Download Submit
C:\Windows\Syswow64\ldxghijt32.dll

Filesize
68KB

MD5
c772ef7dbc8d47a84e4211085fe0c84f

SHA1
063758630a99f8d00ff3a465309bc8896255b4c9

SHA256
c67cab98a0d9278a19d006a15ed2c10da79024f45a41f9aa32220b5caea7a9e3

SHA512
9ef393ae67312c4dcf9d6d0a86fe8b56c8f155e0717b0c989fb7a738e91b3db5c80c856979c398b157af56fd7f521353da536b9c75ddc1b302f3360905d90638

Download Submit
memory/2824-370-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/2824-563-0x0000000004A00000-0x0000000004AD4000-memory.dmp

Filesize
848KB

Download
memory/2824-602-0x0000000000400000-0x000000000051F000-memory.dmp

Filesize
1.1MB

Download