Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

e3daefbb33...59.exe

windows7-x64

8

e3daefbb33...59.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11/12/2023, 05:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e3daefbb33a22a70836b03a167f2055d91ccd76a006e21d528026a70240bf559.exe

  • Size

    6.8MB

  • MD5

    febabba0e02bf4a7b7c90da5d9943b38

  • SHA1

    c40bdb617a0948edfbf7864900b4124c8a83f111

  • SHA256

    e3daefbb33a22a70836b03a167f2055d91ccd76a006e21d528026a70240bf559

  • SHA512

    e09e9b54429c6f79b39b7292651b17400c4bdadb17b0c92d71d3c1cccf0b4bb25c689da943877e169be698b797ad527a1e66a6fe42c231caf87cb76be70b5bb3

  • SSDEEP

    196608:xJlFvv7UOmCyb0An6pkgNRtP6hi1ahzBt3:PTTUOlybRnuTRtP6hiO7

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 25 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: LoadsDriver 4 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e3daefbb33a22a70836b03a167f2055d91ccd76a006e21d528026a70240bf559.exe
    "C:\Users\Admin\AppData\Local\Temp\e3daefbb33a22a70836b03a167f2055d91ccd76a006e21d528026a70240bf559.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\Ldx.Exe
      "C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\Ldx.Exe" -srcfile "C:\Users\Admin\AppData\Local\Temp\e3daefbb33a22a70836b03a167f2055d91ccd76a006e21d528026a70240bf559.exe"
      2⤵
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2240
      • C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe
        "C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe" -start
        3⤵
        • Executes dropped EXE
        PID:2788
  • C:\InetPub\ftproot\Tipray\LdRead\LdReject64.exe
    "C:\InetPub\ftproot\Tipray\LdRead\LdReject64.exe" 1
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1336
  • C:\InetPub\ftproot\Tipray\LdRead\LdReject32.exe
    "C:\InetPub\ftproot\Tipray\LdRead\LdReject32.exe" 1
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1640
  • C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe
    "C:\InetPub\ftproot\Tipray\LdRead\LdxFileServer.exe" -service
    1⤵
    • Drops file in Drivers directory
    • Executes dropped EXE
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2272

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\InetPub\ftproot\Tipray\LdRead\LdxConfig.ini
    Filesize

    140B

    MD5

    e3aba6a07c4c935b4e39b630aac96360

    SHA1

    4280fee73d9da7b7fac7e5abf7b8a7e83f884b6c

    SHA256

    22ef9b71aca53db849447163e9069f0f6268fdf10d30c8257701e165398ee2b8

    SHA512

    eed56d8b3727c86a166ab460099be13637438f855222211514d6a0d01834886c708644ba5aa8de642e2faa8684f19b65d02d6cc6f069a7c2870cfcf4be0cc5db

    Download Submit

  • C:\InetPub\ftproot\Tipray\LdRead\LdxHook64.dll
    Filesize

    330KB

    MD5

    cf6d1e7e51becf50e15c1f7d535508b9

    SHA1

    4cd58f7329d6641ea9300e84e175d1db7d3d8990

    SHA256

    863172ecabe9510ddc454ee23e6957b327856dac56be2fb2ace8e3c008c06e80

    SHA512

    9e7584cd0033373cd1e2b355f07a1ba4902699759de229ef9530234846143ad8dcd6d4fb8edf838c62f188d06cc46ca92151807ad8e44f6f24bb31914d7a45bb

    Download Submit

  • C:\InetPub\ftproot\Tipray\LdRead\Ldxghijt32.dll
    Filesize

    63KB

    MD5

    5e0b6f5b87ab88f0c018e3851120eb13

    SHA1

    29f491075db0f2590967859ac5f5b5b32db87101

    SHA256

    47aca67037f4123b9656892f6909bf1c618892b6854ce5c15a7a056c063084cf

    SHA512

    ce4e0fe499d1e41a508b81386e8587a1ed63ca4f80b1f3047a277d3a01793df26ac7226c7ee44bf66866bf95b4b619b457fb4d6a44f7f17ee507e60d670fb421

    Download Submit

  • C:\InetPub\ftproot\Tipray\LdRead\log\GLTGRJAG_Admin\Ldx.log
    Filesize

    4KB

    MD5

    35198e8601cd61f3127c1d0296da6809

    SHA1

    b1ef7ad38675590d0d70cc0d126be8bc3763f80f

    SHA256

    cef210bb3390c5a591465835567541f2dcba19d1ec625caa6876f10dabe845f8

    SHA512

    7274e865ffffc7f9d04423440b66a61503008f0fb569cdf3e7b4e097fa0d79eb932a062cbfc22c983daa1fa3448acf6c0f00f031462ee96f9efe3b67a198ed67

    Download Submit

  • C:\InetPub\ftproot\Tipray\LdRead\log\LdCab.log
    Filesize

    2KB

    MD5

    6c8011845a5b405d41720ebb25cda886

    SHA1

    3b67ddcc6aeed9b1bbc534af4d8d8062f75d8602

    SHA256

    a91b8e4129d772b1210a6b271a196dd80fc9af1f411bfb68859d5c9e2ea47c59

    SHA512

    205cb5a668c5d66f98a9e5b26cf7674740acf0ad62403a11266f1206f55b66524454d32cc73aa27bf8ba89c3248746d7b8a23770c7944cee32f9a70d01da8494

    Download Submit

  • C:\InetPub\ftproot\Tipray\LdRead\log\LdCab.log
    Filesize

    3KB

    MD5

    0f0bb79d33d5ac92a614a57ce48d029d

    SHA1

    f7692a72ac6044a48c6e0a557996731f5280bf4f

    SHA256

    27d751a8e70dcfcf015badb5fde6e11f7c274e8c5e26911e96e64fd2fa4e7669

    SHA512

    1528efc01d23566dc9618277f7fff802f7770759baf4d78c06ff2240c9920a2cb901591e8833ec46d032d343de75501d4fb79991532188788b5ee8de2d81d7a4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\ArLib.dll
    Filesize

    632KB

    MD5

    df78a7673372b8647faba0882121d626

    SHA1

    d750054610270c00c98f1d96f1a4e09f41379d69

    SHA256

    bb6fad1e0b53c3158425d323200524b0bc0bb3b6ade288cd5b11f90e723f805e

    SHA512

    9e31041321fa8168c677c64ce919150a140d3fb30edf95df765fff4171f56b97ffdd17f2fb022fb8c11b7f6ea20f3f07a8858f75b24a8f9a87707f31c0dfd8aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\Forbit.ini
    Filesize

    14KB

    MD5

    9e901878cefaa6e672825c1c49a9b9f5

    SHA1

    be8236a97be09015413b46a196f19a458f00dd8d

    SHA256

    2622b5777f8b23fb57dc222bf00e779d4d0b7fcee9ea5d6e22152121f3352e41

    SHA512

    0f673032337cc66838290c20f1251ab71ee7951c35509b1cff6b94e33d0bd2b09d4ba88f584bc043b0439d87f84d3204e3d2241889ca971b0b0edf6916e60828

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdCab.exe
    Filesize

    401KB

    MD5

    918f6ef798c185ff5c7e2074c1d004bd

    SHA1

    b4c98ec18d06e8a98a687d39748dfc300cf9d6a7

    SHA256

    a399ac920fbff0b695efa2b513bdf1b662dd72161b733ac7d23174c7293c2341

    SHA512

    b2cbde32f9853c9f3786f3b0aa24a2ac876f2175e067ebc0d828b4693055b11504148b8d24ab8eaadefdd1b81c44c749d8f2ed97c326bf86094729e15f268d0c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdCab.ini
    Filesize

    1KB

    MD5

    edd19b91bb3053ef5f84d781e6a34d14

    SHA1

    3c419b978b15f0992e411c578cb399e9fa58385b

    SHA256

    273c0519a473ee6fc8b0293553be659e3ae19bab09a8bd24ac4550e0f310c760

    SHA512

    0ebd7e4f0e379aeefd99b679b5489ed19e2a0d1fe26dc45e674b07e030514779b73127261e4cee155f358dc34179ef4e0409737c8249171def9e9c6827d2a01b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdCab.ldx
    Filesize

    4KB

    MD5

    8b1023cb215588c2ff4ab97e2c44ff15

    SHA1

    7e337381411ba681e6e019d46783264154f6ebce

    SHA256

    f11d93955a7495a0765a2a8bee990c58f2d24a5ddc05214b9c293abc2242e288

    SHA512

    5556fb5e5d6f8d95e7ffb48ee01ed81d6f0272160da8362ca1fd94d4ad96f4db636698b3816e9d78daf595bbf52e6335a20bf264432b34bbd9e1c7febba1171c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdDisk32.sys
    Filesize

    43KB

    MD5

    3dbdc061a7c89c3a60bb4b26dc48c0d7

    SHA1

    bc2eb6d2ee0efbc181e81d116ccc04442cb492d5

    SHA256

    20b4cb59172d0915686a30d8492d82ca8fe056a5b23f54b2dc4e41d7af6f33d9

    SHA512

    69fbe246a3dfe025b272d9c3626173f2990f4200255ae661a276d85563f3080477648bf611038134d149055ca88868b26ee71e654bd91ddb34f36bc978e34851

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdFileRdrx64.dll
    Filesize

    182KB

    MD5

    5a8174fd92f68777dd066293f0fb2470

    SHA1

    b2cc5dd36253bc6c3741eeb1d74226472eed75cc

    SHA256

    d00a00780fc6c083fcbd314ed28011340be538489ae27e1c1bf70ccfc40f2e09

    SHA512

    93d3561928ffaaaa49eb9029f8d192f6a3d05d839c850da7d6a35b2311c06bea14d0f415565c4cf30b0c11227ed502066dafb1ca1c46ab5b56037e326ae74bbb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdFileRdrx86.dll
    Filesize

    149KB

    MD5

    d4cf67124651bd97085796886f8df0bf

    SHA1

    23e65a74accfc9b9c8569c3b2a3d0394cd9b50b0

    SHA256

    51a5ff87c6d0367f0d73a0346233f4c85e41f79e49ece11c1377cc8bd2439faa

    SHA512

    c7c3776970f15b5a120bd4079472b99bbbfc25ce68841c17c1cd270a049e67544b6fdb3827b0de37cf271baabc32902686ee52a9fea85bd66dc0302c86e01444

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdKeRestore.sys
    Filesize

    25KB

    MD5

    3c97ea75c377db6f9a2d8aeb3e3dd032

    SHA1

    289f051240064b878845793cafd2ca7452a6d108

    SHA256

    4955cc7fc1e169d14d3b74fbe2daf22407da6f2ad4264e2b99bd784df739115f

    SHA512

    dc11ee105a04dafd33ee6bc353c8d38b792e05d0a7e705777cf93e497660ea169bdea02a4387b9d2e0de1a8bdd47d24b9d0a3856209420d52f0de0ec720afafd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdPrintMonitor.dll
    Filesize

    1.3MB

    MD5

    f2f7da2d253e0b3c84c47b4066e58f84

    SHA1

    3e373af249e1cbaada5d23c92f6d2b9f57cfe634

    SHA256

    d45b9620a52e1d3c38e8ef66efcdd6fb1ca881a56a09632f146f96f281c7ed89

    SHA512

    b265135618145839c66455e44d3309aefe3d0451c9e9175fb1cb8b1eb847b5fff7146ac0e2fa117047fc1539e362c8d192ef9a8c83790dc4c40f9cea29a42afa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdPrintMonitor64.dll
    Filesize

    1.7MB

    MD5

    5afb8519acf2c62c65ed0cd25acbd914

    SHA1

    40953c4371bf13ed9862e98ba8ab3a81b18293ff

    SHA256

    849148a0e137587a447b3009220d12c7f101728e38a37389b746f5b60aa96d32

    SHA512

    531f951160bb36aacba635a43cde135c62fe9b1df55102825fdbd8df75dd0dd113eae4d9aaf1cc921605d6c456ef9696cf24f05be9ae902f15c312ee03996b2a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdReject32.exe
    Filesize

    214KB

    MD5

    2f90f34d3eb421a3c8d53c5cab6fa9fd

    SHA1

    7de09a0f7d998b85a57a3c9943c002f4818aedac

    SHA256

    8626794575906812bb251c8989a8ef88fa1db93263a79ab7f97cb1c53b503b28

    SHA512

    e8b50b4bc451706365755799d21b522f37d8b0324e16e77dc3ed7adc0a62da4a37ba15e685f5ed95baa44af82734cd5a48e58daafb7bc8a046a83d62a3f2a936

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdReject64.exe
    Filesize

    174KB

    MD5

    7c0f1406ef56d56de1d8f42bb78f6f78

    SHA1

    d5d85c9c853e992fc770a088576c49e01571ae30

    SHA256

    d35c6bee6f14c70c11f5f952135ac2c942b6b2bdf4072ac4ff02c5463a23688e

    SHA512

    df6c2d97f7bedfd588429d2283fa28872eb3fe716748f79920531d8fb6c899f12c6e31fe63fb2d70ead0c9c12c543b9b80a3e30172c57bc3816b855e7024a2de

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdWaterMarkHook32.dll
    Filesize

    169KB

    MD5

    4aaddc3581b579ec6333bdcd26dc7531

    SHA1

    6a7e89faa8e78de2ca0f03529f67db61c8bccdef

    SHA256

    b3af3a074de033d9dfeda4f76cdbb49d2f2475c3423e649cd4648ab5645ecf6f

    SHA512

    c2dc1735f828a163c87103cf4c6d663674b47c9af3c289b3f079aaebefd404c3b3fd2599aa066737bb156a4447068e0b113d2278a661569d0f9c0b3ea54cedd2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdWaterMarkHook64.dll
    Filesize

    310KB

    MD5

    13268b2ec89087bfb4a7ab4545cb213e

    SHA1

    2982d59da6730073cb691d0631cedf39eeebdeb2

    SHA256

    9bd5cae011b610ed03ba9968a0377622fe6f139d381ef2b74f52608cf20894dd

    SHA512

    fa7eb8b9778fce63e58a0bce725473aa44f965c44e08a0c543c4af1c571b311147f680aced32ecc658a4fab8dfd17f057c954d641d1e19c191f7f1694c56413f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\Ldx.CHT
    Filesize

    133KB

    MD5

    c3ca251dd48c47bb90be7c0967771874

    SHA1

    acfd548b5e79181124845f4029da0072bd0dfe6d

    SHA256

    62b1ccb6c731535d507b977542d2d2cecdbd874072735face2c10e8aa35967b7

    SHA512

    73d5d2e37fb70eef16773617af2037f70a4b3e6cd627ff7e1f63c5bb05106f7ae4182d0cac857a157ce0d30ed294e4ddbdb841a2d98e0faf86cace27c07b7ed0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\Ldx.EN
    Filesize

    139KB

    MD5

    71be0d3c75db4d5dfb0b99d9580a491b

    SHA1

    6ed44c85f25506ad3a8a5cf3e257765906e4a27b

    SHA256

    9be0b427446ead7c41e130295a4c7aa67fbcf2681718d06d7b276f9f624ef794

    SHA512

    51e8f94e702411d301082db9ebc483b3ec30e9a1e224d8a2c08fef95dd9b6f734220f729149149f130ea5e80cbdbe89de513edab126fa77fad83acf81216803c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\Ldx.Exe
    Filesize

    656KB

    MD5

    134744bf17c93d062632ebdc9698fadd

    SHA1

    cda679f5d24b00b009feac155633f8a933866719

    SHA256

    baff930dcb6e9dbc9895eee3c47dafca6bb327bfdb20f95807d7a619d73faf71

    SHA512

    c94ad8bcc1e82998b53e43d188d82f6d5223c28a6748e16f98a781417e17d4edaba9cdb1bbf41ead528bef04d206edbc4481b13295c40f907c9c8a5e063b8f9b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\Ldx.exe
    Filesize

    536KB

    MD5

    2db8cc70bf571aa78d1d0e7809f7bce2

    SHA1

    864ac96b38066e24ca5ad27634397308b8df29ab

    SHA256

    3972f5018a92d917e47ebec213db496a6547ad42ddf9cf7509cb767a0f63fe2f

    SHA512

    f676d1d42a78f2a8f403490f4278d1b4a7ac067d230ccecb8398fbf85a543382fb45b1ff1cd6183fd12a339b92fec9b48b231b82ca1b89dd20ac21de1665f871

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\Ldx.exe
    Filesize

    641KB

    MD5

    20e24665c568a1f1eb56f7244ab0b15f

    SHA1

    b856479824f5a8fb4a82120b611e4aad4d9c96cf

    SHA256

    7f6fe6c1de9d473f83692a284344526c0789d3356cd4fd6e1b06c56a37c13847

    SHA512

    23c2593e7eb9cfb1b67ca7ee8a2309d46f35f138f3187fdbf5473eeec48c6e8da556856ad6984c34f29f1c8a15afeb9c15345b16e7874312898e14a9f0784ea8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdxFileServer.exe
    Filesize

    101KB

    MD5

    9e1f7bb947be0ea375b96f204a84958f

    SHA1

    13afe6544595f6a8fb23818473d0401f96f67162

    SHA256

    02f6fc23576937a23d845b5ae577366222e6058380835c1a7188fcdbb524b8ba

    SHA512

    194a56eaa6e9f1f5b2c6d6d93748fb99b60814c7735562b667c56b6c9f4a225772815da04c3ddc1dd0e5866bb79856a185f6e386f59cd0b2290d95f916aeec79

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdxFileSys.dll
    Filesize

    426KB

    MD5

    baa61bc2c47b995acbddf15986fa8a7e

    SHA1

    a6f1a4d58bda9dcb81d24d6e4126630157a330ec

    SHA256

    9d42d0a25b432c444b47760209613e2e73ccdf7b9501949b5a2e0651ec2f4a03

    SHA512

    154ad067d50fbbf15c43078d00e56f1e44b3f92d43aee0d64a28db814aee7c61a41ee1d8fa55f0fcbc1689d35862c533708df3ce4b969f8c365016e528dc4550

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdxHook64.dll
    Filesize

    353KB

    MD5

    06c79fa3fcfb2760f276f22eebb628c0

    SHA1

    07729450a39fa98e513954f1e8033191aa701f3c

    SHA256

    ce42d709e5f0c67c6862f9c49fc3d4ef33e79ccd359b98b2330c557522c0ba69

    SHA512

    454494ab6b0a4fc66ea0477831a22194d67ce42b4e29004bf6f84ac14a1909cd4218af15e1977fd75f855fb4dfa7edfdd9c3705121aa81b3ff2e0c3f4b4b80e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdxPayloadHelper.exe
    Filesize

    109KB

    MD5

    f49c61e4cf3f2528f8777fc3048d1177

    SHA1

    4a85e5669c37fb88b6291c6f05a0a905c2d1b23e

    SHA256

    bdf5d8bc788868560760a97a92cd21f6bb4ed5477f022f5276925a80c9a4c400

    SHA512

    9ea6c4494fc6f227d41c24789d73eb8b3cb900db59a9e20f19f37f4feb4b01836f0ef4044129bcbc269fabbaabcd92a5cf772b698c86c6d64e47013980f71ca2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdxSetup.exe
    Filesize

    320KB

    MD5

    014cb3501cc5311378f2137e022834c4

    SHA1

    a29953515494c841ce5c0089affa3c375afa91ac

    SHA256

    b6b8ac57c3a7c3b2b2585467c781cf2985db1dfa665608d73b350960dbec74be

    SHA512

    d9bfc4a3e64d856aaca51ec77bd58ab2c0e1744ed21386a3b865b39947c1bf8a02ee2c94e0ebc98ab6ad379049b4eef1bd361b6703c59dccbcdf2b9b946299c1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdxShareData64.dll
    Filesize

    384KB

    MD5

    e6fd5039c5d30ec6e28be79578ed65ca

    SHA1

    e3a66466b0e4e3bc2742252f9e7126f0272642dc

    SHA256

    b29718f86984a245ec50e24b5cee9b252103b6e80480aa84feb51d48f75b98cf

    SHA512

    db17d87173593a2b8a4a8da2b97948bf08454ee7787dfb043f57121470bdfef0b730fd0c2167804f568d748cf9dc2d6f151e4f9c071bcda12eb64cf72dda447c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\NoIntercept.Html
    Filesize

    724B

    MD5

    2c70fe8030102eb34ce18c1b8b270b58

    SHA1

    934bbe800a90cbb6605fd0cf2bf86b32b3b4a499

    SHA256

    a6bac0bc69e1ddf29a9eebed4e553463139382e1b29910c0d60b1040ebd4dc07

    SHA512

    4ce1f8749360fb1b8b994423676712054dfa327a1a292171f8d3b2f39c3480c7246592a79a923b52155cec15999d116e1af6d201987e5e625b187132c6d2d8fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\detoured.dll
    Filesize

    20KB

    MD5

    12693b4ffa3346459c69ca40ae8a2320

    SHA1

    6b30480a99ba05319b24e5c1092b8cd45ee914d4

    SHA256

    7d42561abfb010abf851f6e62e7e0daabaf8d41919c9ac846b744d0ace6b29f3

    SHA512

    f64d1e8c30fbbc5ab8484d63ca9b1f01136757366a22549e1998613753d4738ba37122c31334bbb9e3007dd9dbf3a17c6d547a0811656ae8513880ab697d962c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\ldxghcore32.sys
    Filesize

    108KB

    MD5

    4791710ccadd99656f2b95a8b4cc482c

    SHA1

    58b81ada144795fc02a037e03a8d2ffcb514d2dc

    SHA256

    7eab654a87e03d4285b7fe3ee8c710269edc58e7671faf64bf3fa96200a616a4

    SHA512

    d856139f5fb809da71643c5ff20585d37c187aaf0201d5c2746805c181e95e999aff8b4d899bf4b3815fc11239bd560212c59456ea53cfab76066d8050bf7186

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\ldxinject_32.dll
    Filesize

    7KB

    MD5

    ed43c7a165bc5e463da46fb8797545c0

    SHA1

    97327ff613fc2f4e4388407a989fc06c78bc82bc

    SHA256

    0bfa5cd575d35224cc12839ff9b271528493850b23e2b9b126328a6e10a9763f

    SHA512

    813d3164f4b645cf1ea5f0edf3d6abfa58f21f07446d5ddb89d1292605c8bd13e4579f3c16a786fc92a963b175b3e042921c5b307237a6a2701d46b28b176370

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\ldxinject_64.dll
    Filesize

    7KB

    MD5

    77ad063fde71d54dcd5aae8599ec9a81

    SHA1

    605c4cf0375ca43bde48d88e6177fa3628b2b992

    SHA256

    bbad88cd6b2005c0bff285ee210091d3e4661ed8f66fece648743c1f56368252

    SHA512

    04b0d62668eb3ce72ae67f1d053650148950eb1908f20fb2ec0f06d2fb2c63c96f2e6da7a68cf9d459b80eb59e601ac12dd3fb97d2d6263102ee752204f8be7d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\ldxthunk_32.dll
    Filesize

    5KB

    MD5

    bb4fc9fd4568f27ddae62a27187e6b47

    SHA1

    5578bc04afdb4d10728c267e93359dddfdadc614

    SHA256

    691e8094e208175a85e4831494900888bb276e90c2ac1d33cd450266a8597d44

    SHA512

    f01b2d4a561dd82a700f23dc22c51c18f3198ec1a1065f6bf062f8ce299f2f9f87d0c962cb0ebed937e676dc770c654033052c8b2ed75923fea1650ab4bbf40e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\ldxthunk_64.dll
    Filesize

    6KB

    MD5

    b8bba66305ac0d64a6b15cc23dd552cb

    SHA1

    65e175266768547e880ef67f8ba8f806a0eb13a3

    SHA256

    0c5807584fe11736b707dfb4160486ee481c68d13c5567102a9983571e902559

    SHA512

    7113916966cd726ae6d4f3493d5aa5e161e06292f0426a05611109ac4bb474f0c9c9c39e0dec0740a7c7e3aa8d39b20112b021b1b9404184d959847376d10b6b

    Download Submit

  • C:\Windows\SysWOW64\LdxHook32.dll
    Filesize

    168KB

    MD5

    39f302ebcf4b35ef93bf03c4ed8bccfb

    SHA1

    1d68e14fc5c2ff30fc9a81075799ae0ed84c2c84

    SHA256

    9d07d722351bf03fa0d7190792dc726bc444c31a2b1eaaed4d9fb3cf290e4e7a

    SHA512

    2b5ff59c78031f47744cc4049d243f43da9bb936dd8be455f2221526b45aab4567349893d2111042988a05bc1069ccd7167e1c14fd0532afba2b9098458bb290

    Download Submit

  • C:\Windows\SysWOW64\drivers\LdDisk.sys
    Filesize

    49KB

    MD5

    36d5e8ae95a10a44e62ea1a1e99cb9ef

    SHA1

    75ae50aa64e89b102559cd28848b32f58eb6ea66

    SHA256

    e95793513fdfc14552a41e96b769185d205146611f907964a965dc31153a6459

    SHA512

    eccbd50a715231d7c26f03f973ca96d85e95302244bfbb093f6697ce10f341912e2c9f6db4bd077229be9805656f200993667251337322e42dc1ffab90e9b0d9

    Download Submit

  • C:\Windows\SysWOW64\drivers\Ldxghcore.sys
    Filesize

    122KB

    MD5

    0db877751fcacd020d57a3f9d93ddeda

    SHA1

    fdc1e75b9b56f9ff95382dc7a54abfe59f6809f5

    SHA256

    4ba0410cdef5ce1f22028226c8949fb2d9a9cb21335402a7e873df287b05b3f9

    SHA512

    a74c672ccb66bfdc26053cc086f238c8c60268890fccfe714b2b9884109268474dc62c795f9d5989cde8426270341022b1fe29ac468c5474493103b41985e1a0

    Download Submit

  • C:\Windows\System32\LdxHook64.dll
    Filesize

    164KB

    MD5

    7209c9aa3ebdebb9b11ae3f3bef8dab3

    SHA1

    21ec816cf328f5441f0ace15746063c78700f2c9

    SHA256

    c9edc6bcd4843f2c7c8995347b0d869687dbfd924f885d5de0b67006b64b1f07

    SHA512

    736d0678ed741bf5afeb748829ad1218236cf7028b08df2ad4e651aeb9d3a5f96d886ae6dee7f677edb8c787e6a9dffbc151e62c8256a8cc0dd45c582a689ed3

    Download Submit

  • C:\Windows\System32\Ldxghijt64.dll
    Filesize

    65KB

    MD5

    c7fbb6e957d9c77af0fb34bfd8215952

    SHA1

    3cf3ce5f4c60ca694334d3d27bb5a3e7e4e0b2d9

    SHA256

    536d016b9248adf2b74252a099f8f9357ca46682f5339411a9797378a881a209

    SHA512

    2001b3e639025b54a626cda590e8b026a7ed934022979b91f29a4c2c3c5e6fb894e07c2b498cb11754a4881e1e06b4e3f042481484a896f401d7e39349302fb8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\Ldx.exe
    Filesize

    922KB

    MD5

    71a09a3a4a87d144c421380a64b6dc21

    SHA1

    e52c5047e09e67d26e6fcb7cf49fc3fac7c3eedf

    SHA256

    ace793ab09042c0504bb603bf76b29dbc9b797604a0904a650541e2de5a708f9

    SHA512

    14f08b5d1177a088919a9769ad31179cf0285560ea43d15aa30408e125d5959a5c03cc055608e9b9c138ae2c3c10265fb8510f3285230db7ef7c12418f9fa9eb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\Ldx.exe
    Filesize

    546KB

    MD5

    84457a87879bf490fd76b4732e135bd5

    SHA1

    1e725c4202d6e92b334601c0478f28092c3b6b84

    SHA256

    0943a8498ba61e12cd0f935d688589070242b7a3a9e22da11cc3c81a3ffcbc6f

    SHA512

    5c788c30486f89a3b3c5eeda1229c5def02fa3aefa66fb575c3a1306fd5a3d176a8923d65028a70c22c6e8c6863682540d4a478cd526c8171a1f991892d77111

    Download Submit

  • \Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\Ldx.exe
    Filesize

    527KB

    MD5

    ab5de28a6bb773a8a29fc05484e71b09

    SHA1

    ec21806c35c855c88190f98f682681cb825f0297

    SHA256

    12269207a957bdcedbd5497b7c58970cd0dc4826c9be9c52a4f506026c797f88

    SHA512

    aacbdf6afb8da371195d8393d299cf95e9671b8598f97cabfc0c39f3931f1d47d8d92658a0b2f260d5e3899d46bbadc6c4e5d6dd68a55ba0b737905a6c8677f6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\Ldx.exe
    Filesize

    614KB

    MD5

    f9a851d5c9cf722edb9abab24dde94ef

    SHA1

    8206d21f2e2164db07fb7850d6354addd15e5fbb

    SHA256

    d4cfcc7cbdf93b0ff691bbedf5f4106038ead7ae6549439343c3fe0ae7403bd4

    SHA512

    c30567e3f9c9c666dc36bcb2890a91e14716d46c37f68a178b903ba6ab57d6c6d866565540c86deb0c54087950574900640ea0ddf34bafcc7ea6897ce33352fc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\Ldx.exe
    Filesize

    451KB

    MD5

    3481c31c2e031eadddec3aec49a64e60

    SHA1

    265a5b27cbf225bcd1fbf9f407591c7c98f317c8

    SHA256

    5d8a6ce1794c0c951dc49495524e54345b136a3421fcb47f86397cf4e2557d4a

    SHA512

    61bed39d0cc163f1da6017a364baf3545b56b8c15981a714b63b7ec7f3d38977ef3d982709cda6e88be1ac6eb19b5e36239b11162f5ae487802035969a62c38d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdxHook32.dll
    Filesize

    270KB

    MD5

    8afb7a5f14f031d05a48df59e4eef0c8

    SHA1

    22aa7fe7ffb609d5706dae1a3821c6ad7a6da8aa

    SHA256

    e02fb8354d8fbcf678eca2bab2b61eb318fa88620fa918976040f4089cef0279

    SHA512

    cefe4c26d3ff898f20166ded6ae75c7696b793dc701d85b9f07ca677e149e777d64d24e5b727e10463ef0ee4580dd032afb63e75660e08ac3872f55d6a38f894

    Download Submit

  • \Users\Admin\AppData\Local\Temp\@tiprayldx@\327266209b479313a2d3e7e81d69504e\LdxShareData32.dll
    Filesize

    355KB

    MD5

    20aca2f79dd0f98812e5db37cfe32a2a

    SHA1

    c04b94a30d3f6fb92888d549cf583e0daa67194d

    SHA256

    488abaaaff747d4d14db6a04c95485aa21e494116134d4220c319dfa2601d170

    SHA512

    3ca4bab60d185015016c074543bbff1cfba413e4a95a69daf5b215b9bb086d0ed2d76d84eaa217d0570e52b4d49eed6301a2d01d0ac1497b6f5aca11641f3180

    Download Submit

  • memory/2240-248-0x000000006F7A0000-0x000000006F7B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2240-250-0x000000006F7A0000-0x000000006F7B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2240-251-0x000000006F7A0000-0x000000006F7B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2240-249-0x000000006F7A0000-0x000000006F7B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2240-253-0x00000000777B0000-0x00000000777B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-252-0x000000006F7A0000-0x000000006F7B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2240-246-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-492-0x0000000000400000-0x000000000053D000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2240-549-0x000000006F7A0000-0x000000006F7B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2240-550-0x000000006F7A0000-0x000000006F7B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2240-551-0x0000000000400000-0x000000000053D000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2240-548-0x000000006F7A0000-0x000000006F7B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2240-552-0x00000000777B0000-0x00000000777B1000-memory.dmp

    Filesize

    4KB

    Download