0c4ba07d364270a181264f0dffb38ca21c5acf0d295b6ef70ec759ba20d7bcfd

Analysis

max time kernel
467s
max time network
467s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
13-11-2022 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup-istripper_3gkyOAkuVaPAY.exe
Size

60.0MB
MD5

375175390fdbad35be67f4d1280d354d
SHA1

75f3a776a43aa32be704f2fa8128beba34a0b0fd
SHA256

0c4ba07d364270a181264f0dffb38ca21c5acf0d295b6ef70ec759ba20d7bcfd
SHA512

84ad7ffea6bb87580055b7eb717fef3dc11e435d704a875a49ee150a132d03be951a1eb1e764158039a528e198ef62eda9fe62dfbd6d109b48b308e9c6f2d593
SSDEEP

1572864:9ryZAULSMb6IZ0p8zhSArVPP4S/lxJUXvd80PFb:9r8N8vAreoUXV8mJ

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 12 IoCs

Processes:

setup-istripper_3gkyOAkuVaPAY.tmpvghd.execrashpad_handler.exeQtWebEngineProcess.exeQtWebEngineProcess.exeQtWebEngineProcess.exeQtWebEngineProcess.exeQtWebEngineProcess.exeQtWebEngineProcess.exeQtWebEngineProcess.exeQtWebEngineProcess.exeQtWebEngineProcess.exe

pid	process
276	setup-istripper_3gkyOAkuVaPAY.tmp
1520	vghd.exe
1524	crashpad_handler.exe
3052	QtWebEngineProcess.exe
3068	QtWebEngineProcess.exe
2108	QtWebEngineProcess.exe
2088	QtWebEngineProcess.exe
956	QtWebEngineProcess.exe
2424	QtWebEngineProcess.exe
2432	QtWebEngineProcess.exe
2752	QtWebEngineProcess.exe
1928	QtWebEngineProcess.exe

Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.

Query Registry
T1012

System Information Discovery
T1082

Processes:

vghd.exe

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion vghd.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	vghd.exe

Drops startup file 1 IoCs

Processes:

setup-istripper_3gkyOAkuVaPAY.tmp

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk	setup-istripper_3gkyOAkuVaPAY.tmp

Loads dropped DLL 64 IoCs

Processes:

setup-istripper_3gkyOAkuVaPAY.exesetup-istripper_3gkyOAkuVaPAY.tmpvghd.exeQtWebEngineProcess.exeQtWebEngineProcess.exe

pid	process
1256	setup-istripper_3gkyOAkuVaPAY.exe
276	setup-istripper_3gkyOAkuVaPAY.tmp
276	setup-istripper_3gkyOAkuVaPAY.tmp
276	setup-istripper_3gkyOAkuVaPAY.tmp
276	setup-istripper_3gkyOAkuVaPAY.tmp
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
3052	QtWebEngineProcess.exe
3068	QtWebEngineProcess.exe
3052	QtWebEngineProcess.exe
3052	QtWebEngineProcess.exe
3052	QtWebEngineProcess.exe
3052	QtWebEngineProcess.exe
3052	QtWebEngineProcess.exe
3052	QtWebEngineProcess.exe
3052	QtWebEngineProcess.exe
3052	QtWebEngineProcess.exe
3052	QtWebEngineProcess.exe
3068	QtWebEngineProcess.exe
3068	QtWebEngineProcess.exe
3068	QtWebEngineProcess.exe
3068	QtWebEngineProcess.exe
3068	QtWebEngineProcess.exe
3068	QtWebEngineProcess.exe
3068	QtWebEngineProcess.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exevghd.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\	vghd.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vghd.exe

pid process

1520 vghd.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

setup-istripper_3gkyOAkuVaPAY.tmpvghd.exechrome.exechrome.exechrome.exechrome.exe

pid	process
276	setup-istripper_3gkyOAkuVaPAY.tmp
276	setup-istripper_3gkyOAkuVaPAY.tmp
1520	vghd.exe
1520	vghd.exe
1832	chrome.exe
1652	chrome.exe
1652	chrome.exe
928	chrome.exe
1652	chrome.exe
1652	chrome.exe
1532	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vghd.exe

pid process

1520 vghd.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

AUDIODG.EXEvghd.exe

description	pid	process
Token: 33	2696	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2696	AUDIODG.EXE
Token: 33	2696	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2696	AUDIODG.EXE
Token: 33	1520	vghd.exe
Token: SeIncBasePriorityPrivilege	1520	vghd.exe

Suspicious use of FindShellTrayWindow 58 IoCs

Processes:

setup-istripper_3gkyOAkuVaPAY.tmpchrome.exevghd.exe

pid	process
276	setup-istripper_3gkyOAkuVaPAY.tmp
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1652	chrome.exe
1520	vghd.exe
1520	vghd.exe

Suspicious use of SendNotifyMessage 54 IoCs

Processes:

chrome.exevghd.exe

pid	process
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

vghd.exe

pid	process
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe
1520	vghd.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

setup-istripper_3gkyOAkuVaPAY.exesetup-istripper_3gkyOAkuVaPAY.tmpvghd.exechrome.exe

description	pid	process	target process
PID 1256 wrote to memory of 276	1256	setup-istripper_3gkyOAkuVaPAY.exe	setup-istripper_3gkyOAkuVaPAY.tmp
PID 1256 wrote to memory of 276	1256	setup-istripper_3gkyOAkuVaPAY.exe	setup-istripper_3gkyOAkuVaPAY.tmp
PID 1256 wrote to memory of 276	1256	setup-istripper_3gkyOAkuVaPAY.exe	setup-istripper_3gkyOAkuVaPAY.tmp
PID 1256 wrote to memory of 276	1256	setup-istripper_3gkyOAkuVaPAY.exe	setup-istripper_3gkyOAkuVaPAY.tmp
PID 1256 wrote to memory of 276	1256	setup-istripper_3gkyOAkuVaPAY.exe	setup-istripper_3gkyOAkuVaPAY.tmp
PID 1256 wrote to memory of 276	1256	setup-istripper_3gkyOAkuVaPAY.exe	setup-istripper_3gkyOAkuVaPAY.tmp
PID 1256 wrote to memory of 276	1256	setup-istripper_3gkyOAkuVaPAY.exe	setup-istripper_3gkyOAkuVaPAY.tmp
PID 276 wrote to memory of 1520	276	setup-istripper_3gkyOAkuVaPAY.tmp	vghd.exe
PID 276 wrote to memory of 1520	276	setup-istripper_3gkyOAkuVaPAY.tmp	vghd.exe
PID 276 wrote to memory of 1520	276	setup-istripper_3gkyOAkuVaPAY.tmp	vghd.exe
PID 276 wrote to memory of 1520	276	setup-istripper_3gkyOAkuVaPAY.tmp	vghd.exe
PID 1520 wrote to memory of 1524	1520	vghd.exe	crashpad_handler.exe
PID 1520 wrote to memory of 1524	1520	vghd.exe	crashpad_handler.exe
PID 1520 wrote to memory of 1524	1520	vghd.exe	crashpad_handler.exe
PID 1520 wrote to memory of 1524	1520	vghd.exe	crashpad_handler.exe
PID 1652 wrote to memory of 1580	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1580	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1580	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1008	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1832	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1832	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1832	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1884	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1884	1652	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\setup-istripper_3gkyOAkuVaPAY.exe
"C:\Users\Admin\AppData\Local\Temp\setup-istripper_3gkyOAkuVaPAY.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1256

C:\Users\Admin\AppData\Local\Temp\is-UAO0A.tmp\setup-istripper_3gkyOAkuVaPAY.tmp
"C:\Users\Admin\AppData\Local\Temp\is-UAO0A.tmp\setup-istripper_3gkyOAkuVaPAY.tmp" /SL5="$60120,62010490,798208,C:\Users\Admin\AppData\Local\Temp\setup-istripper_3gkyOAkuVaPAY.exe"
2⤵
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:276

C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe
"C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe" -fromSetup
3⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1520

C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe
C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\vghd\bin\crashpad --metrics-dir=C:\Users\Admin\AppData\Local\vghd\bin\crashpad --url=https://submit.backtrace.io/vrparadise/4b77014f47baea5313294a7fecd87ff128d692457dd391e90fbcbe57ff2abdfe/minidump --annotation=appName=iStripper --annotation=appVersion=1.2.3.60 --annotation=format=minidump --annotation=token=4b77014f47baea5313294a7fecd87ff128d692457dd391e90fbcbe57ff2abdfe --annotation=userName=undefined --annotation=userPseudo=undefined --initial-client-data=0x204,0x208,0x20c,0x1d8,0x218,0x18a74c8,0x18a74d8,0x18a74e8
4⤵
- Executes dropped EXE
PID:1524

C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
"C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=15729558917722965265 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=15729558917722965265 --renderer-client-id=2 --mojo-platform-channel-handle=1932 /prefetch:1
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3052

C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
"C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=4930627720278041930 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=4930627720278041930 --renderer-client-id=4 --mojo-platform-channel-handle=2060 /prefetch:1
4⤵
- Executes dropped EXE
PID:2108

C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
"C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=12349994155228014287 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=12349994155228014287 --renderer-client-id=5 --mojo-platform-channel-handle=2072 /prefetch:1
4⤵
- Executes dropped EXE
PID:2088

C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
"C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=11814655468651934719 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=11814655468651934719 --renderer-client-id=3 --mojo-platform-channel-handle=1984 /prefetch:1
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3068

C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
"C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=7899736251064957481 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=7899736251064957481 --renderer-client-id=6 --mojo-platform-channel-handle=2100 /prefetch:1
4⤵
- Executes dropped EXE
PID:956

C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
"C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=14805885153591765349 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=14805885153591765349 --renderer-client-id=7 --mojo-platform-channel-handle=2112 /prefetch:1
4⤵
- Executes dropped EXE
PID:2424

C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
"C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=6136404379670011821 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=6136404379670011821 --renderer-client-id=8 --mojo-platform-channel-handle=2124 /prefetch:1
4⤵
- Executes dropped EXE
PID:2432

C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
"C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=11906151951607460293 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=11906151951607460293 --renderer-client-id=9 --mojo-platform-channel-handle=2780 /prefetch:1
4⤵
- Executes dropped EXE
PID:2752

C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
"C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=10584578511700064473 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=10584578511700064473 --renderer-client-id=10 --mojo-platform-channel-handle=2884 /prefetch:1
4⤵
- Executes dropped EXE
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefa9b4f50,0x7fefa9b4f60,0x7fefa9b4f70
2⤵
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1048 /prefetch:2
2⤵
PID:1008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1236 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1676 /prefetch:8
2⤵
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
2⤵
PID:1820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
2⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2680 /prefetch:2
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3548 /prefetch:8
2⤵
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3628 /prefetch:8
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3704 /prefetch:8
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3680 /prefetch:8
2⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3728 /prefetch:8
2⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3628 /prefetch:8
2⤵
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3612 /prefetch:8
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3816 /prefetch:8
2⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4076 /prefetch:8
2⤵
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3820 /prefetch:8
2⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3880 /prefetch:8
2⤵
PID:2668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3792 /prefetch:8
2⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3548 /prefetch:8
2⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4012 /prefetch:8
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3948 /prefetch:8
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8
2⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
2⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1856 /prefetch:8
2⤵
PID:1560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3160 /prefetch:8
2⤵
PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3696 /prefetch:8
2⤵
PID:1060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3584 /prefetch:8
2⤵
PID:280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3484 /prefetch:8
2⤵
PID:564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,14804654754479857796,4938052368507977949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3748 /prefetch:8
2⤵
PID:2788

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1a8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2696

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-UAO0A.tmp\setup-istripper_3gkyOAkuVaPAY.tmp
Filesize
3.0MB

MD5
8d134c08959f3d222201d0130c314642

SHA1
6ce47addbf774fbc441e95684553b8fa3aedee8c

SHA256
95bdb02a18fe7fa8fc8d8ffaedef76670844209900ccadb2eca7341ede1383ba

SHA512
9af97c3bf35d901d6a45e1b2e7e347358385e8fa6d959d4f1926f1059f81e8996a730ef5a5edfbbc55ac0e02d759f999de259c4c7c940784e2492c78d0910fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UAO0A.tmp\setup-istripper_3gkyOAkuVaPAY.tmp
Filesize
3.0MB

MD5
8d134c08959f3d222201d0130c314642

SHA1
6ce47addbf774fbc441e95684553b8fa3aedee8c

SHA256
95bdb02a18fe7fa8fc8d8ffaedef76670844209900ccadb2eca7341ede1383ba

SHA512
9af97c3bf35d901d6a45e1b2e7e347358385e8fa6d959d4f1926f1059f81e8996a730ef5a5edfbbc55ac0e02d759f999de259c4c7c940784e2492c78d0910fe7

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\LIBEAY32.dll
Filesize
1.2MB

MD5
8c7f9f7040d518d323732de6fabe934e

SHA1
d5fc585b6670b0fd86539dfbaa958ec7564a470b

SHA256
4b3352c651968daac4c8d02033f4f1cd998cc03c3b2e6f51896586835820852f

SHA512
295c7e655ba275afb80b35134fb37f970e6a5d0d370553e6ad612d05de148010daff5372522a16a2567d7942e07233b9cb55a11dd895c7dc74f511e63ff9a3a9

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\MSVCP140.dll
Filesize
438KB

MD5
1fb93933fd087215a3c7b0800e6bb703

SHA1
a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb

SHA256
2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01

SHA512
79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Concurrent.dll
Filesize
24KB

MD5
e34bcd3ddc59a08dca72c3ec843efc74

SHA1
35664b01345b79a3ac4bfdd2393258c4d056178d

SHA256
9cd21a548adde408c82f4204902a9cfe7a97bce02f1b6272ea6b3a3758441a34

SHA512
7cd36200571ecaa23a43ad045d7e3bc761bc05bda9b7cb4c30d739be03c699013d19e4673f4488a48fde0fdcc55cb20bcb4644889546c0e90cd1c11b5b8efad9

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Core.dll
Filesize
4.9MB

MD5
db58c7e71aa35d2cc47b57828590f569

SHA1
ff55e851b2239f5f09bb455c869eeb697174b574

SHA256
4714f75569aba7cebd6b13466527b190adc1999aef5c8f1f73cb2472282faf6c

SHA512
0d73898d22906937a50fc4c68f3241484a6649dfcd4bf14e7462c381e376b0a86102898bd7728dadadb3ab90e081922f93c40eeb9359fc2a81a847dc3c27e2a5

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Gui.dll
Filesize
5.1MB

MD5
5581175e339938f80cafb164be0dc4b0

SHA1
f7badc086b65df6329a13c17fcbec349f2ab98a8

SHA256
78bca9c65600391ec4bb1fb0374169db13e7517ebd154a11d244248b25a7d939

SHA512
cf2ae95e01d139794b51913f73cd045727fffff439d499cf4b00648ff1d819c6325244544b54d5f544f181cee8e4f8359cd9f6c8ef83271880776d0823111c53

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Multimedia.dll
Filesize
563KB

MD5
a0c00640e49e10774c1351052342f4d0

SHA1
619a092e549a2e01b0e37c06728b199b2a7e0264

SHA256
3076cbd7960621b3e679b348c55ccaa3db1203f83c8fefd7ddc4bce05faa860b

SHA512
6bb7bc82f00fc6257d8c599a91c7b0de03dcc8b047d970acd7ce6dea422ca83bec4fdf73910ee0e3cef61f4e9f8f165191623b8ecc9039759a8802d122801dc0

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Network.dll
Filesize
1018KB

MD5
78932f74452bd17566e2e4fdcd8368d6

SHA1
1f27f27fa57a401e20d6bdcbb878a8a477f9df71

SHA256
e94054f7f5efebda73f2a075745b9391ff2ac1215b6bc55a6402bcc5aed880ff

SHA512
525405521ccbb3c61f39ebfa999fb5d97956140bc3c8937bef41b9e3279cd3ccfcf9be308a1a55c1896fb85f834f8b1a43fa35bb2147e827c9e85e001088ce2d

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Positioning.dll
Filesize
254KB

MD5
30e9bb13166b08042a4fc6f7239845b6

SHA1
ff4283ed891a9b23b66e07f16c63f203e45125c4

SHA256
f31c3409c90124f1ac279a52dfe7c44a1220bf0f3027797420892786503887cf

SHA512
b48dca0cd30aac2311176e734baf2465d7818e801ed0483fe29cb2332e4e514148c9031aefd1f4730a7d86e4e96fd90416d165a2a0b516dd0dec629252c20851

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5PrintSupport.dll
Filesize
261KB

MD5
b2baa1d188be3816e54c5fbc2a31f48f

SHA1
80cb56b3ef29570e5a4abf3118e45210013b5df9

SHA256
696782041bb188c94655128dbfa125944b27d081e185924ba5b48e9a18cfe086

SHA512
6ec6dd653d81f3f8c856d2b4e49d4295e50784620a46ccc7d3f562938230d252031f1b7b5e1dd072f20535334de8025ab37c33c65bffbd96b7dc9b539cf0448c

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Qml.dll
Filesize
3.2MB

MD5
7adc1c79d553c4b03456fb9622ae0ce5

SHA1
11b51b946003025ee01bc8566c85518be1a08a87

SHA256
d90382c681441c926f971bbd587d184d94736a63e9d42caaea8128d4005ae655

SHA512
546805190cb516fbdba50a020e445b70f89bef51181f7a897921c22591f204048abc9d16b81b886d56cc2fc8e42f75c35e0c7d7fc8a27ee0c4691c3e9d246d6a

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Quick.dll
Filesize
3.0MB

MD5
8ff4b094c60b296d76d293c0d97f2db0

SHA1
499af0ff76509fdc0aefc2cfd311ce6feeca9e32

SHA256
63684525da673a2ad0929956f332faa694702449fb42b4801f17fde533fc9ea6

SHA512
99865bd0342fb001c50dcedc5f4ba20e0f9e5924b00ef5c1f548947514791785de31d8a8d2e36d27103006a928d050742d1b9fdab419476df9280b5dc9fbf952

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5QuickWidgets.dll
Filesize
58KB

MD5
9a5e6c98b785016ba0fa329b41a47d06

SHA1
6fc760ee0b82061bcded659d342f6ca4841632eb

SHA256
7c6eb33dfdab0b04563cfdd198adae802c153106fd2c8d4ac272c9f66da17e03

SHA512
5e8ee94d235b78fb08fd87f87983fa07f46153cace17a0995eaeb556dc433095e15787b0ef084c6e1b2c728898490b0ac383ae703e4aee51507b879359d44b0e

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebChannel.dll
Filesize
88KB

MD5
ca13ebdc6bccb3a229e3c8983698f3e4

SHA1
efa24afebc55592e8a41245109b5e17dc8be26ed

SHA256
b3b89a4b3f82c84f4b28c73bf9718929ab4d4fbcc8609936839d050d0b6951a0

SHA512
c6aa8a90a44e51ea390975f2f587dcdf67eb69b9d504bea5e37e72a0c8e3869cea85bf174b367b92288e01567950e992c64f58255df521f85a0df45b2b303131

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebEngineCore.dll
Filesize
56.6MB

MD5
322078ef4718f23a4ef0c180954b6b60

SHA1
57022e7c67acf440a2e6afe63bd8eb91f86d9111

SHA256
1b73e59786cc1e415d7c73eed83c173e920c3e26c134e828c780df7744ad2ef4

SHA512
2da4b55a7aaf7f4145cb0e0678cf799abda872dfc18753fc8601c92e9d76965f3c753d480063b5b1857ff2325540618fc4c045ac05eda9cd9af699e061a79c9c

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebEngineWidgets.dll
Filesize
183KB

MD5
020be7fb1535bea06b3d6adc0240a44e

SHA1
be5935450056ec14a5a2ac6b967b20c55a376a3d

SHA256
5cd141a009df3eaa797efab1096376458847e89f976370b9287a92d6a93746f6

SHA512
11f3045ac1e69604d1bf168debb5e123dda916415a6ad58c15f8524da7c7f6d629595db45e049a6037e421ff06a21f9109f70732bf651c3c6a598fb11d7e63c7

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebSockets.dll
Filesize
122KB

MD5
583eb7b9b7e90901ef90eab652de34d8

SHA1
eada56ad02cb3cf0c1ed3195d85c7cd29b73cb02

SHA256
cfbfa7cfaa182b05d4738d0f059195a7ca5f39cdc98b962137320f55db80b4e6

SHA512
dc81d7e2e171ba47f84604ffa2f48f83d0fa3362a0e59aa11101c600c6e4655a7379c446e78f7c49b0fb23b132635c0163631ece3d4122fc5ae5baeac742eafb

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Widgets.dll
Filesize
4.3MB

MD5
4e44578216abf3654056015ef4c8a9c3

SHA1
731f56b8ccc14bc7ced833c059a2fe9be67d23f7

SHA256
91bb41088f847fb73641fa556eda6d67bacb67560b8abf6ea1f0c885390004f8

SHA512
c77f92786ccf1d1d604808580b0952df255bf16782436606d3be54cb46bbb49f298baf57fe30acd22f2bce8f487e8eeefdbe98117f57171b74337dc367fd1bb6

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Xml.dll
Filesize
144KB

MD5
d6ce2679999ce4eba077310850897268

SHA1
5c9bb9323452639560a3b827fb0a2a1d2db9c803

SHA256
c6cff6af4bab546ca2ac2d6e7fd999899a411d8a861c125e6bd36778817c0428

SHA512
8f3c8cf6115aaf443451f09e68654eda826bacdc1afac5206d94425672e547d8c2153b6a26d53ebaa725a3a38f09b3a7bb0a90139b6a5c72998bdb31362cc907

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\VCRUNTIME140.dll
Filesize
78KB

MD5
1b171f9a428c44acf85f89989007c328

SHA1
6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

SHA256
9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

SHA512
99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe
Filesize
746KB

MD5
a46fb58f141ce7963c53ab3068b79548

SHA1
18e93d658afbd847fdc2710e543711d695c58f1c

SHA256
485a8a9cc0f2f275f85f78e4424a4200be554c46cfa393a70d89f49a8beb1679

SHA512
7b68244cfb3dbcdc799befe3ce30453cad60b5232f308a223a08ee2885a3137e7484e304420d8c0bc9568f6a200617438f57e6c00cc72b3565aac4c86abdecfe

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe
Filesize
746KB

MD5
a46fb58f141ce7963c53ab3068b79548

SHA1
18e93d658afbd847fdc2710e543711d695c58f1c

SHA256
485a8a9cc0f2f275f85f78e4424a4200be554c46cfa393a70d89f49a8beb1679

SHA512
7b68244cfb3dbcdc799befe3ce30453cad60b5232f308a223a08ee2885a3137e7484e304420d8c0bc9568f6a200617438f57e6c00cc72b3565aac4c86abdecfe

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\crashpad\settings.dat
Filesize
40B

MD5
e9ec56faef59ee75d864e7d09d05f470

SHA1
a3354370596f2de4efa66173a80171f93af60b6c

SHA256
953012d87041a5df0bb0be9a17ba902de612e4e4840b6ee85bc3ebc06817f0ec

SHA512
79aafb2e1d9c07cdb570a6e846757f1baf11c819800f67bdd816910ef3bbc61fe79815cbc93405701e87c59e6e6aa13ae5f3e254064dc33d2160d0c128a74994

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\libEGL.DLL
Filesize
15KB

MD5
0469918fc1e19fc3f198cd14be4e1e22

SHA1
4f062e90cd4700259022394a020e3b02b3363ee6

SHA256
5dd84a436f1bee9fc1fdf6285db21e4acb52bb63cd86c53c23b440f021e03401

SHA512
10a01905a56ad50dc017205d649f2ff3f885ee9111c9a75fb408c010fc9481e91fdc9c3685f1ed0c939222652ecf8f349a027eba79b18a6bf64083fea85958e0

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\libGLESv2.dll
Filesize
2.7MB

MD5
d4a37250588e61e50ad7f9d129f0d37e

SHA1
a4a84807401ea4cae05b9cb3c6cececdb63baed8

SHA256
785768f643f00cc013fbab8d620f3c1d3abec8bbeca5942ba31834dea269774b

SHA512
6256890a8ebaf8801879281cea334247437c7163989d1a6d05643052944d891a79ac68f8eb7044f4edfd1f2b97f021a92fcc859c0646ac836e5924d80fee5ee5

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\opengl32sw.dll
Filesize
15.3MB

MD5
8b197f55264a44b7b25046f7ba5bd7d2

SHA1
cef69e168160968e00ffffa136e1af7819e7c0ce

SHA256
25ae7577e066fa80519a8f1c314b15cdd22e4a8d3ecd2a36eccc79e40714a91d

SHA512
6af2b1b17a7e3460099359a6750221aacb8f9ce0e80b346dbafd2cbd8e579543b980f98e0aeb199e0781a045c9d6a7f2f11c8628f960c13550328487b7fa9154

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\platforms\qwindows.dll
Filesize
1.1MB

MD5
8d82f89bca48d7de90c17ac37f754f16

SHA1
05e936237feaa1eea6a86a7d4e777749b269e3ba

SHA256
ac3a36b775ac8b9cd1e3c3a7ac9dd31e0cc0a12b84d5942e97d77da20992d005

SHA512
6266c8e7e85e81a9cfbc113eb761f6f0eb846b2bf545db42b2b1b7d461dbd7190cae8d10749df4bad54b08c9de39a880857b898fdf8ca3edd5baf5f85fdc07cf

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\qt.conf
Filesize
44B

MD5
f513b3c7a4364514367bfe40c83d5848

SHA1
505db366d29768f6fef7b80aa3891e7bb55395cc

SHA256
7e3b97b14ae2963555e8bd9b08278bae54b67d4db405f0d608f317609dbcd147

SHA512
f399c0e70da580c224f37c7240413d9f612c5436a3c5a3caf0d967128f5e4953c9b16f112a563715125c0c7df8ece89442656a7c580d1e2fd00416bbfcb7c322

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\ssleay32.dll
Filesize
270KB

MD5
b9cafab9d39548dda98c9013c2450863

SHA1
afada50ab2ec72c4d6e604467cc609fe501aff2c

SHA256
769458c1ca2d45e9f1ad20431e4844fb1e460225aca34312e7ff6e9944a54343

SHA512
4d81a18aa39051e77654334bec770b0d4a55637b143d25a27cc18cbb7a710e181f61565f9fad6606fb7b8f00269d91951eb71ecdc51461d115dc973b6da95289

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\styles\qwindowsvistastyle.dll
Filesize
120KB

MD5
011f23a3f078e1fbffa7c408ae13a0cc

SHA1
bd2ba08c64bbc7c0f265491c846ede300fc12af7

SHA256
690655dbe1afff4ca1fd7f5170134af6f57d4ecb328ea12b696d568e1d4b84ff

SHA512
bb1b96345250ffee1c41fe31d49b8a97cb62dccaa8ee387cff7102f74e5df514003cdb9dfc73239343a3e010745f8c901130aeaee475b445fffda91df7378297

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe
Filesize
7.3MB

MD5
098df2ac5e3bb4b28f24d9a493aad1b9

SHA1
b5561a881539dd0e38e1eb4d0754a78dc96b010a

SHA256
fb0ea13a3ed9ae42134461f1b153e64c4fded5eb82fd236e355d920616c26c69

SHA512
ad97cb250e591fd45474351616e7a900a43a1eae0eb7a83a7dbbbfc538dcbe51eee644dfcd7915cabdbba0424932abe0569b72f15b8aa05afd1d4c0632f0fafd

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe
Filesize
7.3MB

MD5
098df2ac5e3bb4b28f24d9a493aad1b9

SHA1
b5561a881539dd0e38e1eb4d0754a78dc96b010a

SHA256
fb0ea13a3ed9ae42134461f1b153e64c4fded5eb82fd236e355d920616c26c69

SHA512
ad97cb250e591fd45474351616e7a900a43a1eae0eb7a83a7dbbbfc538dcbe51eee644dfcd7915cabdbba0424932abe0569b72f15b8aa05afd1d4c0632f0fafd

Download Submit
\Users\Admin\AppData\Local\Temp\is-UAO0A.tmp\setup-istripper_3gkyOAkuVaPAY.tmp
Filesize
3.0MB

MD5
8d134c08959f3d222201d0130c314642

SHA1
6ce47addbf774fbc441e95684553b8fa3aedee8c

SHA256
95bdb02a18fe7fa8fc8d8ffaedef76670844209900ccadb2eca7341ede1383ba

SHA512
9af97c3bf35d901d6a45e1b2e7e347358385e8fa6d959d4f1926f1059f81e8996a730ef5a5edfbbc55ac0e02d759f999de259c4c7c940784e2492c78d0910fe7

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Concurrent.dll
Filesize
24KB

MD5
e34bcd3ddc59a08dca72c3ec843efc74

SHA1
35664b01345b79a3ac4bfdd2393258c4d056178d

SHA256
9cd21a548adde408c82f4204902a9cfe7a97bce02f1b6272ea6b3a3758441a34

SHA512
7cd36200571ecaa23a43ad045d7e3bc761bc05bda9b7cb4c30d739be03c699013d19e4673f4488a48fde0fdcc55cb20bcb4644889546c0e90cd1c11b5b8efad9

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Core.dll
Filesize
4.9MB

MD5
db58c7e71aa35d2cc47b57828590f569

SHA1
ff55e851b2239f5f09bb455c869eeb697174b574

SHA256
4714f75569aba7cebd6b13466527b190adc1999aef5c8f1f73cb2472282faf6c

SHA512
0d73898d22906937a50fc4c68f3241484a6649dfcd4bf14e7462c381e376b0a86102898bd7728dadadb3ab90e081922f93c40eeb9359fc2a81a847dc3c27e2a5

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Gui.dll
Filesize
5.1MB

MD5
5581175e339938f80cafb164be0dc4b0

SHA1
f7badc086b65df6329a13c17fcbec349f2ab98a8

SHA256
78bca9c65600391ec4bb1fb0374169db13e7517ebd154a11d244248b25a7d939

SHA512
cf2ae95e01d139794b51913f73cd045727fffff439d499cf4b00648ff1d819c6325244544b54d5f544f181cee8e4f8359cd9f6c8ef83271880776d0823111c53

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Multimedia.dll
Filesize
563KB

MD5
a0c00640e49e10774c1351052342f4d0

SHA1
619a092e549a2e01b0e37c06728b199b2a7e0264

SHA256
3076cbd7960621b3e679b348c55ccaa3db1203f83c8fefd7ddc4bce05faa860b

SHA512
6bb7bc82f00fc6257d8c599a91c7b0de03dcc8b047d970acd7ce6dea422ca83bec4fdf73910ee0e3cef61f4e9f8f165191623b8ecc9039759a8802d122801dc0

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Network.dll
Filesize
1018KB

MD5
78932f74452bd17566e2e4fdcd8368d6

SHA1
1f27f27fa57a401e20d6bdcbb878a8a477f9df71

SHA256
e94054f7f5efebda73f2a075745b9391ff2ac1215b6bc55a6402bcc5aed880ff

SHA512
525405521ccbb3c61f39ebfa999fb5d97956140bc3c8937bef41b9e3279cd3ccfcf9be308a1a55c1896fb85f834f8b1a43fa35bb2147e827c9e85e001088ce2d

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Positioning.dll
Filesize
254KB

MD5
30e9bb13166b08042a4fc6f7239845b6

SHA1
ff4283ed891a9b23b66e07f16c63f203e45125c4

SHA256
f31c3409c90124f1ac279a52dfe7c44a1220bf0f3027797420892786503887cf

SHA512
b48dca0cd30aac2311176e734baf2465d7818e801ed0483fe29cb2332e4e514148c9031aefd1f4730a7d86e4e96fd90416d165a2a0b516dd0dec629252c20851

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5PrintSupport.dll
Filesize
261KB

MD5
b2baa1d188be3816e54c5fbc2a31f48f

SHA1
80cb56b3ef29570e5a4abf3118e45210013b5df9

SHA256
696782041bb188c94655128dbfa125944b27d081e185924ba5b48e9a18cfe086

SHA512
6ec6dd653d81f3f8c856d2b4e49d4295e50784620a46ccc7d3f562938230d252031f1b7b5e1dd072f20535334de8025ab37c33c65bffbd96b7dc9b539cf0448c

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Qml.dll
Filesize
3.2MB

MD5
7adc1c79d553c4b03456fb9622ae0ce5

SHA1
11b51b946003025ee01bc8566c85518be1a08a87

SHA256
d90382c681441c926f971bbd587d184d94736a63e9d42caaea8128d4005ae655

SHA512
546805190cb516fbdba50a020e445b70f89bef51181f7a897921c22591f204048abc9d16b81b886d56cc2fc8e42f75c35e0c7d7fc8a27ee0c4691c3e9d246d6a

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Quick.dll
Filesize
3.0MB

MD5
8ff4b094c60b296d76d293c0d97f2db0

SHA1
499af0ff76509fdc0aefc2cfd311ce6feeca9e32

SHA256
63684525da673a2ad0929956f332faa694702449fb42b4801f17fde533fc9ea6

SHA512
99865bd0342fb001c50dcedc5f4ba20e0f9e5924b00ef5c1f548947514791785de31d8a8d2e36d27103006a928d050742d1b9fdab419476df9280b5dc9fbf952

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5QuickWidgets.dll
Filesize
58KB

MD5
9a5e6c98b785016ba0fa329b41a47d06

SHA1
6fc760ee0b82061bcded659d342f6ca4841632eb

SHA256
7c6eb33dfdab0b04563cfdd198adae802c153106fd2c8d4ac272c9f66da17e03

SHA512
5e8ee94d235b78fb08fd87f87983fa07f46153cace17a0995eaeb556dc433095e15787b0ef084c6e1b2c728898490b0ac383ae703e4aee51507b879359d44b0e

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5WebChannel.dll
Filesize
88KB

MD5
ca13ebdc6bccb3a229e3c8983698f3e4

SHA1
efa24afebc55592e8a41245109b5e17dc8be26ed

SHA256
b3b89a4b3f82c84f4b28c73bf9718929ab4d4fbcc8609936839d050d0b6951a0

SHA512
c6aa8a90a44e51ea390975f2f587dcdf67eb69b9d504bea5e37e72a0c8e3869cea85bf174b367b92288e01567950e992c64f58255df521f85a0df45b2b303131

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5WebEngineCore.dll
Filesize
56.6MB

MD5
322078ef4718f23a4ef0c180954b6b60

SHA1
57022e7c67acf440a2e6afe63bd8eb91f86d9111

SHA256
1b73e59786cc1e415d7c73eed83c173e920c3e26c134e828c780df7744ad2ef4

SHA512
2da4b55a7aaf7f4145cb0e0678cf799abda872dfc18753fc8601c92e9d76965f3c753d480063b5b1857ff2325540618fc4c045ac05eda9cd9af699e061a79c9c

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5WebEngineWidgets.dll
Filesize
183KB

MD5
020be7fb1535bea06b3d6adc0240a44e

SHA1
be5935450056ec14a5a2ac6b967b20c55a376a3d

SHA256
5cd141a009df3eaa797efab1096376458847e89f976370b9287a92d6a93746f6

SHA512
11f3045ac1e69604d1bf168debb5e123dda916415a6ad58c15f8524da7c7f6d629595db45e049a6037e421ff06a21f9109f70732bf651c3c6a598fb11d7e63c7

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5WebSockets.dll
Filesize
122KB

MD5
583eb7b9b7e90901ef90eab652de34d8

SHA1
eada56ad02cb3cf0c1ed3195d85c7cd29b73cb02

SHA256
cfbfa7cfaa182b05d4738d0f059195a7ca5f39cdc98b962137320f55db80b4e6

SHA512
dc81d7e2e171ba47f84604ffa2f48f83d0fa3362a0e59aa11101c600c6e4655a7379c446e78f7c49b0fb23b132635c0163631ece3d4122fc5ae5baeac742eafb

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Widgets.dll
Filesize
4.3MB

MD5
4e44578216abf3654056015ef4c8a9c3

SHA1
731f56b8ccc14bc7ced833c059a2fe9be67d23f7

SHA256
91bb41088f847fb73641fa556eda6d67bacb67560b8abf6ea1f0c885390004f8

SHA512
c77f92786ccf1d1d604808580b0952df255bf16782436606d3be54cb46bbb49f298baf57fe30acd22f2bce8f487e8eeefdbe98117f57171b74337dc367fd1bb6

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Xml.dll
Filesize
144KB

MD5
d6ce2679999ce4eba077310850897268

SHA1
5c9bb9323452639560a3b827fb0a2a1d2db9c803

SHA256
c6cff6af4bab546ca2ac2d6e7fd999899a411d8a861c125e6bd36778817c0428

SHA512
8f3c8cf6115aaf443451f09e68654eda826bacdc1afac5206d94425672e547d8c2153b6a26d53ebaa725a3a38f09b3a7bb0a90139b6a5c72998bdb31362cc907

Download Submit
\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe
Filesize
746KB

MD5
a46fb58f141ce7963c53ab3068b79548

SHA1
18e93d658afbd847fdc2710e543711d695c58f1c

SHA256
485a8a9cc0f2f275f85f78e4424a4200be554c46cfa393a70d89f49a8beb1679

SHA512
7b68244cfb3dbcdc799befe3ce30453cad60b5232f308a223a08ee2885a3137e7484e304420d8c0bc9568f6a200617438f57e6c00cc72b3565aac4c86abdecfe

Download Submit
\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe
Filesize
746KB

MD5
a46fb58f141ce7963c53ab3068b79548

SHA1
18e93d658afbd847fdc2710e543711d695c58f1c

SHA256
485a8a9cc0f2f275f85f78e4424a4200be554c46cfa393a70d89f49a8beb1679

SHA512
7b68244cfb3dbcdc799befe3ce30453cad60b5232f308a223a08ee2885a3137e7484e304420d8c0bc9568f6a200617438f57e6c00cc72b3565aac4c86abdecfe

Download Submit
\Users\Admin\AppData\Local\vghd\bin\libEGL.dll
Filesize
15KB

MD5
0469918fc1e19fc3f198cd14be4e1e22

SHA1
4f062e90cd4700259022394a020e3b02b3363ee6

SHA256
5dd84a436f1bee9fc1fdf6285db21e4acb52bb63cd86c53c23b440f021e03401

SHA512
10a01905a56ad50dc017205d649f2ff3f885ee9111c9a75fb408c010fc9481e91fdc9c3685f1ed0c939222652ecf8f349a027eba79b18a6bf64083fea85958e0

Download Submit
\Users\Admin\AppData\Local\vghd\bin\libGLESV2.dll
Filesize
2.7MB

MD5
d4a37250588e61e50ad7f9d129f0d37e

SHA1
a4a84807401ea4cae05b9cb3c6cececdb63baed8

SHA256
785768f643f00cc013fbab8d620f3c1d3abec8bbeca5942ba31834dea269774b

SHA512
6256890a8ebaf8801879281cea334247437c7163989d1a6d05643052944d891a79ac68f8eb7044f4edfd1f2b97f021a92fcc859c0646ac836e5924d80fee5ee5

Download Submit
\Users\Admin\AppData\Local\vghd\bin\msvcp140.dll
Filesize
438KB

MD5
1fb93933fd087215a3c7b0800e6bb703

SHA1
a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb

SHA256
2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01

SHA512
79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

Download Submit
\Users\Admin\AppData\Local\vghd\bin\opengl32sw.dll
Filesize
15.3MB

MD5
8b197f55264a44b7b25046f7ba5bd7d2

SHA1
cef69e168160968e00ffffa136e1af7819e7c0ce

SHA256
25ae7577e066fa80519a8f1c314b15cdd22e4a8d3ecd2a36eccc79e40714a91d

SHA512
6af2b1b17a7e3460099359a6750221aacb8f9ce0e80b346dbafd2cbd8e579543b980f98e0aeb199e0781a045c9d6a7f2f11c8628f960c13550328487b7fa9154

Download Submit
\Users\Admin\AppData\Local\vghd\bin\platforms\qwindows.dll
Filesize
1.1MB

MD5
8d82f89bca48d7de90c17ac37f754f16

SHA1
05e936237feaa1eea6a86a7d4e777749b269e3ba

SHA256
ac3a36b775ac8b9cd1e3c3a7ac9dd31e0cc0a12b84d5942e97d77da20992d005

SHA512
6266c8e7e85e81a9cfbc113eb761f6f0eb846b2bf545db42b2b1b7d461dbd7190cae8d10749df4bad54b08c9de39a880857b898fdf8ca3edd5baf5f85fdc07cf

Download Submit
\Users\Admin\AppData\Local\vghd\bin\ssleay32.dll
Filesize
270KB

MD5
b9cafab9d39548dda98c9013c2450863

SHA1
afada50ab2ec72c4d6e604467cc609fe501aff2c

SHA256
769458c1ca2d45e9f1ad20431e4844fb1e460225aca34312e7ff6e9944a54343

SHA512
4d81a18aa39051e77654334bec770b0d4a55637b143d25a27cc18cbb7a710e181f61565f9fad6606fb7b8f00269d91951eb71ecdc51461d115dc973b6da95289

Download Submit
\Users\Admin\AppData\Local\vghd\bin\styles\qwindowsvistastyle.dll
Filesize
120KB

MD5
011f23a3f078e1fbffa7c408ae13a0cc

SHA1
bd2ba08c64bbc7c0f265491c846ede300fc12af7

SHA256
690655dbe1afff4ca1fd7f5170134af6f57d4ecb328ea12b696d568e1d4b84ff

SHA512
bb1b96345250ffee1c41fe31d49b8a97cb62dccaa8ee387cff7102f74e5df514003cdb9dfc73239343a3e010745f8c901130aeaee475b445fffda91df7378297

Download Submit
\Users\Admin\AppData\Local\vghd\bin\unins000.exe
Filesize
3.0MB

MD5
8d134c08959f3d222201d0130c314642

SHA1
6ce47addbf774fbc441e95684553b8fa3aedee8c

SHA256
95bdb02a18fe7fa8fc8d8ffaedef76670844209900ccadb2eca7341ede1383ba

SHA512
9af97c3bf35d901d6a45e1b2e7e347358385e8fa6d959d4f1926f1059f81e8996a730ef5a5edfbbc55ac0e02d759f999de259c4c7c940784e2492c78d0910fe7

Download Submit
\Users\Admin\AppData\Local\vghd\bin\vcruntime140.dll
Filesize
78KB

MD5
1b171f9a428c44acf85f89989007c328

SHA1
6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

SHA256
9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

SHA512
99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

Download Submit
\Users\Admin\AppData\Local\vghd\bin\vghd.exe
Filesize
7.3MB

MD5
098df2ac5e3bb4b28f24d9a493aad1b9

SHA1
b5561a881539dd0e38e1eb4d0754a78dc96b010a

SHA256
fb0ea13a3ed9ae42134461f1b153e64c4fded5eb82fd236e355d920616c26c69

SHA512
ad97cb250e591fd45474351616e7a900a43a1eae0eb7a83a7dbbbfc538dcbe51eee644dfcd7915cabdbba0424932abe0569b72f15b8aa05afd1d4c0632f0fafd

Download Submit
\Users\Admin\AppData\Local\vghd\bin\vghd.exe
Filesize
7.3MB

MD5
098df2ac5e3bb4b28f24d9a493aad1b9

SHA1
b5561a881539dd0e38e1eb4d0754a78dc96b010a

SHA256
fb0ea13a3ed9ae42134461f1b153e64c4fded5eb82fd236e355d920616c26c69

SHA512
ad97cb250e591fd45474351616e7a900a43a1eae0eb7a83a7dbbbfc538dcbe51eee644dfcd7915cabdbba0424932abe0569b72f15b8aa05afd1d4c0632f0fafd

Download Submit
\Users\Admin\AppData\Local\vghd\bin\vghd.exe
Filesize
7.3MB

MD5
098df2ac5e3bb4b28f24d9a493aad1b9

SHA1
b5561a881539dd0e38e1eb4d0754a78dc96b010a

SHA256
fb0ea13a3ed9ae42134461f1b153e64c4fded5eb82fd236e355d920616c26c69

SHA512
ad97cb250e591fd45474351616e7a900a43a1eae0eb7a83a7dbbbfc538dcbe51eee644dfcd7915cabdbba0424932abe0569b72f15b8aa05afd1d4c0632f0fafd

Download Submit
memory/276-58-0x0000000000000000-mapping.dmp

Download
memory/276-62-0x00000000740A1000-0x00000000740A3000-memory.dmp

Filesize
8KB

Download
memory/956-145-0x0000000000000000-mapping.dmp

Download
memory/1256-108-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/1256-54-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/1256-55-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/1256-61-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/1520-193-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-180-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-123-0x00000000002A0000-0x00000000002AA000-memory.dmp

Filesize
40KB

Download
memory/1520-68-0x0000000000000000-mapping.dmp

Download
memory/1520-132-0x00000000004C0000-0x00000000004CA000-memory.dmp

Filesize
40KB

Download
memory/1520-133-0x00000000004C0000-0x00000000004CA000-memory.dmp

Filesize
40KB

Download
memory/1520-135-0x00000000004C0000-0x00000000004CA000-memory.dmp

Filesize
40KB

Download
memory/1520-134-0x00000000004C0000-0x00000000004CA000-memory.dmp

Filesize
40KB

Download
memory/1520-136-0x00000000005A0000-0x00000000005B0000-memory.dmp

Filesize
64KB

Download
memory/1520-137-0x00000000005A0000-0x00000000005B0000-memory.dmp

Filesize
64KB

Download
memory/1520-216-0x000000006B570000-0x000000006C0EC000-memory.dmp

Filesize
11.5MB

Download
memory/1520-215-0x000000006C440000-0x000000006C752000-memory.dmp

Filesize
3.1MB

Download
memory/1520-165-0x000000006B570000-0x000000006C0EC000-memory.dmp

Filesize
11.5MB

Download
memory/1520-167-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-169-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-171-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-174-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-152-0x000000006C440000-0x000000006C752000-memory.dmp

Filesize
3.1MB

Download
memory/1520-176-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-155-0x0000000001130000-0x0000000001141000-memory.dmp

Filesize
68KB

Download
memory/1520-156-0x000000006B570000-0x000000006C0EC000-memory.dmp

Filesize
11.5MB

Download
memory/1520-157-0x000000006B570000-0x000000006C0EC000-memory.dmp

Filesize
11.5MB

Download
memory/1520-159-0x000000006B570000-0x000000006C0EC000-memory.dmp

Filesize
11.5MB

Download
memory/1520-160-0x000000006B570000-0x000000006C0EC000-memory.dmp

Filesize
11.5MB

Download
memory/1520-161-0x000000006B570000-0x000000006C0EC000-memory.dmp

Filesize
11.5MB

Download
memory/1520-162-0x000000006B570000-0x000000006C0EC000-memory.dmp

Filesize
11.5MB

Download
memory/1520-163-0x000000006B570000-0x000000006C0EC000-memory.dmp

Filesize
11.5MB

Download
memory/1520-164-0x000000006B570000-0x000000006C0EC000-memory.dmp

Filesize
11.5MB

Download
memory/1520-166-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-168-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-170-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-172-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-173-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-175-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-177-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-124-0x00000000002A0000-0x00000000002AA000-memory.dmp

Filesize
40KB

Download
memory/1520-182-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-184-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-185-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-187-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-189-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-191-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-107-0x00000000011B0000-0x00000000018FE000-memory.dmp

Filesize
7.3MB

Download
memory/1520-195-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-188-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-199-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-201-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-203-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-205-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-207-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-209-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-211-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-214-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-213-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-197-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-190-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-186-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-183-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-181-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-179-0x000000006C0F0000-0x000000006C1D3000-memory.dmp

Filesize
908KB

Download
memory/1520-178-0x000000006B570000-0x000000006C0EC000-memory.dmp

Filesize
11.5MB

Download
memory/1524-113-0x0000000000000000-mapping.dmp

Download
memory/1928-217-0x0000000000000000-mapping.dmp

Download
memory/2088-143-0x0000000000000000-mapping.dmp

Download
memory/2108-140-0x0000000000000000-mapping.dmp

Download
memory/2424-147-0x0000000000000000-mapping.dmp

Download
memory/2432-149-0x0000000000000000-mapping.dmp

Download
memory/2752-153-0x0000000000000000-mapping.dmp

Download
memory/3052-138-0x0000000000000000-mapping.dmp

Download
memory/3068-139-0x0000000000000000-mapping.dmp

Download