0c4ba07d364270a181264f0dffb38ca21c5acf0d295b6ef70ec759ba20d7bcfd

Analysis

max time kernel
500s
max time network
491s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
13-11-2022 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup-istripper_3gkyOAkuVaPAY.exe
Size

60.0MB
MD5

375175390fdbad35be67f4d1280d354d
SHA1

75f3a776a43aa32be704f2fa8128beba34a0b0fd
SHA256

0c4ba07d364270a181264f0dffb38ca21c5acf0d295b6ef70ec759ba20d7bcfd
SHA512

84ad7ffea6bb87580055b7eb717fef3dc11e435d704a875a49ee150a132d03be951a1eb1e764158039a528e198ef62eda9fe62dfbd6d109b48b308e9c6f2d593
SSDEEP

1572864:9ryZAULSMb6IZ0p8zhSArVPP4S/lxJUXvd80PFb:9r8N8vAreoUXV8mJ

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

setup-istripper_3gkyOAkuVaPAY.tmpvghd.execrashpad_handler.exe

pid process

2328 setup-istripper_3gkyOAkuVaPAY.tmp
1248 vghd.exe
3436 crashpad_handler.exe

pid	process
2328	setup-istripper_3gkyOAkuVaPAY.tmp
1248	vghd.exe
3436	crashpad_handler.exe

Drops startup file 1 IoCs

Processes:

setup-istripper_3gkyOAkuVaPAY.tmp

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk	setup-istripper_3gkyOAkuVaPAY.tmp

Loads dropped DLL 36 IoCs

Processes:

vghd.exe

pid	process
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe
1248	vghd.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vghd.exe

pid process

1248 vghd.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

setup-istripper_3gkyOAkuVaPAY.tmpvghd.exe

pid process

2328 setup-istripper_3gkyOAkuVaPAY.tmp
2328 setup-istripper_3gkyOAkuVaPAY.tmp
1248 vghd.exe
1248 vghd.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vghd.exe

pid process

1248 vghd.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

setup-istripper_3gkyOAkuVaPAY.tmp

pid process

2328 setup-istripper_3gkyOAkuVaPAY.tmp
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

vghd.exe

pid process

1248 vghd.exe
1248 vghd.exe
1248 vghd.exe
1248 vghd.exe

pid	process
2328	setup-istripper_3gkyOAkuVaPAY.tmp
2328	setup-istripper_3gkyOAkuVaPAY.tmp
1248	vghd.exe
1248	vghd.exe

pid	process
2328	setup-istripper_3gkyOAkuVaPAY.tmp

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

setup-istripper_3gkyOAkuVaPAY.exesetup-istripper_3gkyOAkuVaPAY.tmpvghd.exe

description	pid	process	target process
PID 4200 wrote to memory of 2328	4200	setup-istripper_3gkyOAkuVaPAY.exe	setup-istripper_3gkyOAkuVaPAY.tmp
PID 4200 wrote to memory of 2328	4200	setup-istripper_3gkyOAkuVaPAY.exe	setup-istripper_3gkyOAkuVaPAY.tmp
PID 4200 wrote to memory of 2328	4200	setup-istripper_3gkyOAkuVaPAY.exe	setup-istripper_3gkyOAkuVaPAY.tmp
PID 2328 wrote to memory of 1248	2328	setup-istripper_3gkyOAkuVaPAY.tmp	vghd.exe
PID 2328 wrote to memory of 1248	2328	setup-istripper_3gkyOAkuVaPAY.tmp	vghd.exe
PID 2328 wrote to memory of 1248	2328	setup-istripper_3gkyOAkuVaPAY.tmp	vghd.exe
PID 1248 wrote to memory of 3436	1248	vghd.exe	crashpad_handler.exe
PID 1248 wrote to memory of 3436	1248	vghd.exe	crashpad_handler.exe

C:\Users\Admin\AppData\Local\Temp\setup-istripper_3gkyOAkuVaPAY.exe
"C:\Users\Admin\AppData\Local\Temp\setup-istripper_3gkyOAkuVaPAY.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4200

C:\Users\Admin\AppData\Local\Temp\is-MOGEC.tmp\setup-istripper_3gkyOAkuVaPAY.tmp
"C:\Users\Admin\AppData\Local\Temp\is-MOGEC.tmp\setup-istripper_3gkyOAkuVaPAY.tmp" /SL5="$80052,62010490,798208,C:\Users\Admin\AppData\Local\Temp\setup-istripper_3gkyOAkuVaPAY.exe"
2⤵
- Executes dropped EXE
- Drops startup file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2328

C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe
"C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe" -fromSetup
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1248

C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe
C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\vghd\bin\crashpad --metrics-dir=C:\Users\Admin\AppData\Local\vghd\bin\crashpad --url=https://submit.backtrace.io/vrparadise/4b77014f47baea5313294a7fecd87ff128d692457dd391e90fbcbe57ff2abdfe/minidump --annotation=appName=iStripper --annotation=appVersion=1.2.3.60 --annotation=format=minidump --annotation=token=4b77014f47baea5313294a7fecd87ff128d692457dd391e90fbcbe57ff2abdfe --annotation=userName=undefined --annotation=userPseudo=undefined --initial-client-data=0x378,0x37c,0x380,0x354,0x38c,0xcd74c8,0xcd74d8,0xcd74e8
4⤵
- Executes dropped EXE
PID:3436

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-MOGEC.tmp\setup-istripper_3gkyOAkuVaPAY.tmp
Filesize
3.0MB

MD5
8d134c08959f3d222201d0130c314642

SHA1
6ce47addbf774fbc441e95684553b8fa3aedee8c

SHA256
95bdb02a18fe7fa8fc8d8ffaedef76670844209900ccadb2eca7341ede1383ba

SHA512
9af97c3bf35d901d6a45e1b2e7e347358385e8fa6d959d4f1926f1059f81e8996a730ef5a5edfbbc55ac0e02d759f999de259c4c7c940784e2492c78d0910fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MOGEC.tmp\setup-istripper_3gkyOAkuVaPAY.tmp
Filesize
3.0MB

MD5
8d134c08959f3d222201d0130c314642

SHA1
6ce47addbf774fbc441e95684553b8fa3aedee8c

SHA256
95bdb02a18fe7fa8fc8d8ffaedef76670844209900ccadb2eca7341ede1383ba

SHA512
9af97c3bf35d901d6a45e1b2e7e347358385e8fa6d959d4f1926f1059f81e8996a730ef5a5edfbbc55ac0e02d759f999de259c4c7c940784e2492c78d0910fe7

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\LIBEAY32.dll
Filesize
1.2MB

MD5
8c7f9f7040d518d323732de6fabe934e

SHA1
d5fc585b6670b0fd86539dfbaa958ec7564a470b

SHA256
4b3352c651968daac4c8d02033f4f1cd998cc03c3b2e6f51896586835820852f

SHA512
295c7e655ba275afb80b35134fb37f970e6a5d0d370553e6ad612d05de148010daff5372522a16a2567d7942e07233b9cb55a11dd895c7dc74f511e63ff9a3a9

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\MSVCP140.dll
Filesize
438KB

MD5
1fb93933fd087215a3c7b0800e6bb703

SHA1
a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb

SHA256
2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01

SHA512
79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Concurrent.dll
Filesize
24KB

MD5
e34bcd3ddc59a08dca72c3ec843efc74

SHA1
35664b01345b79a3ac4bfdd2393258c4d056178d

SHA256
9cd21a548adde408c82f4204902a9cfe7a97bce02f1b6272ea6b3a3758441a34

SHA512
7cd36200571ecaa23a43ad045d7e3bc761bc05bda9b7cb4c30d739be03c699013d19e4673f4488a48fde0fdcc55cb20bcb4644889546c0e90cd1c11b5b8efad9

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Concurrent.dll
Filesize
24KB

MD5
e34bcd3ddc59a08dca72c3ec843efc74

SHA1
35664b01345b79a3ac4bfdd2393258c4d056178d

SHA256
9cd21a548adde408c82f4204902a9cfe7a97bce02f1b6272ea6b3a3758441a34

SHA512
7cd36200571ecaa23a43ad045d7e3bc761bc05bda9b7cb4c30d739be03c699013d19e4673f4488a48fde0fdcc55cb20bcb4644889546c0e90cd1c11b5b8efad9

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Core.dll
Filesize
4.9MB

MD5
db58c7e71aa35d2cc47b57828590f569

SHA1
ff55e851b2239f5f09bb455c869eeb697174b574

SHA256
4714f75569aba7cebd6b13466527b190adc1999aef5c8f1f73cb2472282faf6c

SHA512
0d73898d22906937a50fc4c68f3241484a6649dfcd4bf14e7462c381e376b0a86102898bd7728dadadb3ab90e081922f93c40eeb9359fc2a81a847dc3c27e2a5

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Core.dll
Filesize
4.9MB

MD5
db58c7e71aa35d2cc47b57828590f569

SHA1
ff55e851b2239f5f09bb455c869eeb697174b574

SHA256
4714f75569aba7cebd6b13466527b190adc1999aef5c8f1f73cb2472282faf6c

SHA512
0d73898d22906937a50fc4c68f3241484a6649dfcd4bf14e7462c381e376b0a86102898bd7728dadadb3ab90e081922f93c40eeb9359fc2a81a847dc3c27e2a5

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Gui.dll
Filesize
5.1MB

MD5
5581175e339938f80cafb164be0dc4b0

SHA1
f7badc086b65df6329a13c17fcbec349f2ab98a8

SHA256
78bca9c65600391ec4bb1fb0374169db13e7517ebd154a11d244248b25a7d939

SHA512
cf2ae95e01d139794b51913f73cd045727fffff439d499cf4b00648ff1d819c6325244544b54d5f544f181cee8e4f8359cd9f6c8ef83271880776d0823111c53

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Gui.dll
Filesize
5.1MB

MD5
5581175e339938f80cafb164be0dc4b0

SHA1
f7badc086b65df6329a13c17fcbec349f2ab98a8

SHA256
78bca9c65600391ec4bb1fb0374169db13e7517ebd154a11d244248b25a7d939

SHA512
cf2ae95e01d139794b51913f73cd045727fffff439d499cf4b00648ff1d819c6325244544b54d5f544f181cee8e4f8359cd9f6c8ef83271880776d0823111c53

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Multimedia.dll
Filesize
563KB

MD5
a0c00640e49e10774c1351052342f4d0

SHA1
619a092e549a2e01b0e37c06728b199b2a7e0264

SHA256
3076cbd7960621b3e679b348c55ccaa3db1203f83c8fefd7ddc4bce05faa860b

SHA512
6bb7bc82f00fc6257d8c599a91c7b0de03dcc8b047d970acd7ce6dea422ca83bec4fdf73910ee0e3cef61f4e9f8f165191623b8ecc9039759a8802d122801dc0

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Multimedia.dll
Filesize
563KB

MD5
a0c00640e49e10774c1351052342f4d0

SHA1
619a092e549a2e01b0e37c06728b199b2a7e0264

SHA256
3076cbd7960621b3e679b348c55ccaa3db1203f83c8fefd7ddc4bce05faa860b

SHA512
6bb7bc82f00fc6257d8c599a91c7b0de03dcc8b047d970acd7ce6dea422ca83bec4fdf73910ee0e3cef61f4e9f8f165191623b8ecc9039759a8802d122801dc0

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Network.dll
Filesize
1018KB

MD5
78932f74452bd17566e2e4fdcd8368d6

SHA1
1f27f27fa57a401e20d6bdcbb878a8a477f9df71

SHA256
e94054f7f5efebda73f2a075745b9391ff2ac1215b6bc55a6402bcc5aed880ff

SHA512
525405521ccbb3c61f39ebfa999fb5d97956140bc3c8937bef41b9e3279cd3ccfcf9be308a1a55c1896fb85f834f8b1a43fa35bb2147e827c9e85e001088ce2d

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Network.dll
Filesize
1018KB

MD5
78932f74452bd17566e2e4fdcd8368d6

SHA1
1f27f27fa57a401e20d6bdcbb878a8a477f9df71

SHA256
e94054f7f5efebda73f2a075745b9391ff2ac1215b6bc55a6402bcc5aed880ff

SHA512
525405521ccbb3c61f39ebfa999fb5d97956140bc3c8937bef41b9e3279cd3ccfcf9be308a1a55c1896fb85f834f8b1a43fa35bb2147e827c9e85e001088ce2d

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Positioning.dll
Filesize
254KB

MD5
30e9bb13166b08042a4fc6f7239845b6

SHA1
ff4283ed891a9b23b66e07f16c63f203e45125c4

SHA256
f31c3409c90124f1ac279a52dfe7c44a1220bf0f3027797420892786503887cf

SHA512
b48dca0cd30aac2311176e734baf2465d7818e801ed0483fe29cb2332e4e514148c9031aefd1f4730a7d86e4e96fd90416d165a2a0b516dd0dec629252c20851

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Positioning.dll
Filesize
254KB

MD5
30e9bb13166b08042a4fc6f7239845b6

SHA1
ff4283ed891a9b23b66e07f16c63f203e45125c4

SHA256
f31c3409c90124f1ac279a52dfe7c44a1220bf0f3027797420892786503887cf

SHA512
b48dca0cd30aac2311176e734baf2465d7818e801ed0483fe29cb2332e4e514148c9031aefd1f4730a7d86e4e96fd90416d165a2a0b516dd0dec629252c20851

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5PrintSupport.dll
Filesize
261KB

MD5
b2baa1d188be3816e54c5fbc2a31f48f

SHA1
80cb56b3ef29570e5a4abf3118e45210013b5df9

SHA256
696782041bb188c94655128dbfa125944b27d081e185924ba5b48e9a18cfe086

SHA512
6ec6dd653d81f3f8c856d2b4e49d4295e50784620a46ccc7d3f562938230d252031f1b7b5e1dd072f20535334de8025ab37c33c65bffbd96b7dc9b539cf0448c

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5PrintSupport.dll
Filesize
261KB

MD5
b2baa1d188be3816e54c5fbc2a31f48f

SHA1
80cb56b3ef29570e5a4abf3118e45210013b5df9

SHA256
696782041bb188c94655128dbfa125944b27d081e185924ba5b48e9a18cfe086

SHA512
6ec6dd653d81f3f8c856d2b4e49d4295e50784620a46ccc7d3f562938230d252031f1b7b5e1dd072f20535334de8025ab37c33c65bffbd96b7dc9b539cf0448c

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Qml.dll
Filesize
3.2MB

MD5
7adc1c79d553c4b03456fb9622ae0ce5

SHA1
11b51b946003025ee01bc8566c85518be1a08a87

SHA256
d90382c681441c926f971bbd587d184d94736a63e9d42caaea8128d4005ae655

SHA512
546805190cb516fbdba50a020e445b70f89bef51181f7a897921c22591f204048abc9d16b81b886d56cc2fc8e42f75c35e0c7d7fc8a27ee0c4691c3e9d246d6a

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Qml.dll
Filesize
3.2MB

MD5
7adc1c79d553c4b03456fb9622ae0ce5

SHA1
11b51b946003025ee01bc8566c85518be1a08a87

SHA256
d90382c681441c926f971bbd587d184d94736a63e9d42caaea8128d4005ae655

SHA512
546805190cb516fbdba50a020e445b70f89bef51181f7a897921c22591f204048abc9d16b81b886d56cc2fc8e42f75c35e0c7d7fc8a27ee0c4691c3e9d246d6a

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Quick.dll
Filesize
3.0MB

MD5
8ff4b094c60b296d76d293c0d97f2db0

SHA1
499af0ff76509fdc0aefc2cfd311ce6feeca9e32

SHA256
63684525da673a2ad0929956f332faa694702449fb42b4801f17fde533fc9ea6

SHA512
99865bd0342fb001c50dcedc5f4ba20e0f9e5924b00ef5c1f548947514791785de31d8a8d2e36d27103006a928d050742d1b9fdab419476df9280b5dc9fbf952

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Quick.dll
Filesize
3.0MB

MD5
8ff4b094c60b296d76d293c0d97f2db0

SHA1
499af0ff76509fdc0aefc2cfd311ce6feeca9e32

SHA256
63684525da673a2ad0929956f332faa694702449fb42b4801f17fde533fc9ea6

SHA512
99865bd0342fb001c50dcedc5f4ba20e0f9e5924b00ef5c1f548947514791785de31d8a8d2e36d27103006a928d050742d1b9fdab419476df9280b5dc9fbf952

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5QuickWidgets.dll
Filesize
58KB

MD5
9a5e6c98b785016ba0fa329b41a47d06

SHA1
6fc760ee0b82061bcded659d342f6ca4841632eb

SHA256
7c6eb33dfdab0b04563cfdd198adae802c153106fd2c8d4ac272c9f66da17e03

SHA512
5e8ee94d235b78fb08fd87f87983fa07f46153cace17a0995eaeb556dc433095e15787b0ef084c6e1b2c728898490b0ac383ae703e4aee51507b879359d44b0e

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5QuickWidgets.dll
Filesize
58KB

MD5
9a5e6c98b785016ba0fa329b41a47d06

SHA1
6fc760ee0b82061bcded659d342f6ca4841632eb

SHA256
7c6eb33dfdab0b04563cfdd198adae802c153106fd2c8d4ac272c9f66da17e03

SHA512
5e8ee94d235b78fb08fd87f87983fa07f46153cace17a0995eaeb556dc433095e15787b0ef084c6e1b2c728898490b0ac383ae703e4aee51507b879359d44b0e

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebChannel.dll
Filesize
88KB

MD5
ca13ebdc6bccb3a229e3c8983698f3e4

SHA1
efa24afebc55592e8a41245109b5e17dc8be26ed

SHA256
b3b89a4b3f82c84f4b28c73bf9718929ab4d4fbcc8609936839d050d0b6951a0

SHA512
c6aa8a90a44e51ea390975f2f587dcdf67eb69b9d504bea5e37e72a0c8e3869cea85bf174b367b92288e01567950e992c64f58255df521f85a0df45b2b303131

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebChannel.dll
Filesize
88KB

MD5
ca13ebdc6bccb3a229e3c8983698f3e4

SHA1
efa24afebc55592e8a41245109b5e17dc8be26ed

SHA256
b3b89a4b3f82c84f4b28c73bf9718929ab4d4fbcc8609936839d050d0b6951a0

SHA512
c6aa8a90a44e51ea390975f2f587dcdf67eb69b9d504bea5e37e72a0c8e3869cea85bf174b367b92288e01567950e992c64f58255df521f85a0df45b2b303131

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebEngineCore.dll
Filesize
56.6MB

MD5
322078ef4718f23a4ef0c180954b6b60

SHA1
57022e7c67acf440a2e6afe63bd8eb91f86d9111

SHA256
1b73e59786cc1e415d7c73eed83c173e920c3e26c134e828c780df7744ad2ef4

SHA512
2da4b55a7aaf7f4145cb0e0678cf799abda872dfc18753fc8601c92e9d76965f3c753d480063b5b1857ff2325540618fc4c045ac05eda9cd9af699e061a79c9c

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebEngineCore.dll
Filesize
56.6MB

MD5
322078ef4718f23a4ef0c180954b6b60

SHA1
57022e7c67acf440a2e6afe63bd8eb91f86d9111

SHA256
1b73e59786cc1e415d7c73eed83c173e920c3e26c134e828c780df7744ad2ef4

SHA512
2da4b55a7aaf7f4145cb0e0678cf799abda872dfc18753fc8601c92e9d76965f3c753d480063b5b1857ff2325540618fc4c045ac05eda9cd9af699e061a79c9c

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebEngineCore.dll
Filesize
56.6MB

MD5
322078ef4718f23a4ef0c180954b6b60

SHA1
57022e7c67acf440a2e6afe63bd8eb91f86d9111

SHA256
1b73e59786cc1e415d7c73eed83c173e920c3e26c134e828c780df7744ad2ef4

SHA512
2da4b55a7aaf7f4145cb0e0678cf799abda872dfc18753fc8601c92e9d76965f3c753d480063b5b1857ff2325540618fc4c045ac05eda9cd9af699e061a79c9c

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebEngineWidgets.dll
Filesize
183KB

MD5
020be7fb1535bea06b3d6adc0240a44e

SHA1
be5935450056ec14a5a2ac6b967b20c55a376a3d

SHA256
5cd141a009df3eaa797efab1096376458847e89f976370b9287a92d6a93746f6

SHA512
11f3045ac1e69604d1bf168debb5e123dda916415a6ad58c15f8524da7c7f6d629595db45e049a6037e421ff06a21f9109f70732bf651c3c6a598fb11d7e63c7

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebEngineWidgets.dll
Filesize
183KB

MD5
020be7fb1535bea06b3d6adc0240a44e

SHA1
be5935450056ec14a5a2ac6b967b20c55a376a3d

SHA256
5cd141a009df3eaa797efab1096376458847e89f976370b9287a92d6a93746f6

SHA512
11f3045ac1e69604d1bf168debb5e123dda916415a6ad58c15f8524da7c7f6d629595db45e049a6037e421ff06a21f9109f70732bf651c3c6a598fb11d7e63c7

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebSockets.dll
Filesize
122KB

MD5
583eb7b9b7e90901ef90eab652de34d8

SHA1
eada56ad02cb3cf0c1ed3195d85c7cd29b73cb02

SHA256
cfbfa7cfaa182b05d4738d0f059195a7ca5f39cdc98b962137320f55db80b4e6

SHA512
dc81d7e2e171ba47f84604ffa2f48f83d0fa3362a0e59aa11101c600c6e4655a7379c446e78f7c49b0fb23b132635c0163631ece3d4122fc5ae5baeac742eafb

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebSockets.dll
Filesize
122KB

MD5
583eb7b9b7e90901ef90eab652de34d8

SHA1
eada56ad02cb3cf0c1ed3195d85c7cd29b73cb02

SHA256
cfbfa7cfaa182b05d4738d0f059195a7ca5f39cdc98b962137320f55db80b4e6

SHA512
dc81d7e2e171ba47f84604ffa2f48f83d0fa3362a0e59aa11101c600c6e4655a7379c446e78f7c49b0fb23b132635c0163631ece3d4122fc5ae5baeac742eafb

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Widgets.dll
Filesize
4.3MB

MD5
4e44578216abf3654056015ef4c8a9c3

SHA1
731f56b8ccc14bc7ced833c059a2fe9be67d23f7

SHA256
91bb41088f847fb73641fa556eda6d67bacb67560b8abf6ea1f0c885390004f8

SHA512
c77f92786ccf1d1d604808580b0952df255bf16782436606d3be54cb46bbb49f298baf57fe30acd22f2bce8f487e8eeefdbe98117f57171b74337dc367fd1bb6

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Widgets.dll
Filesize
4.3MB

MD5
4e44578216abf3654056015ef4c8a9c3

SHA1
731f56b8ccc14bc7ced833c059a2fe9be67d23f7

SHA256
91bb41088f847fb73641fa556eda6d67bacb67560b8abf6ea1f0c885390004f8

SHA512
c77f92786ccf1d1d604808580b0952df255bf16782436606d3be54cb46bbb49f298baf57fe30acd22f2bce8f487e8eeefdbe98117f57171b74337dc367fd1bb6

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Xml.dll
Filesize
144KB

MD5
d6ce2679999ce4eba077310850897268

SHA1
5c9bb9323452639560a3b827fb0a2a1d2db9c803

SHA256
c6cff6af4bab546ca2ac2d6e7fd999899a411d8a861c125e6bd36778817c0428

SHA512
8f3c8cf6115aaf443451f09e68654eda826bacdc1afac5206d94425672e547d8c2153b6a26d53ebaa725a3a38f09b3a7bb0a90139b6a5c72998bdb31362cc907

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Xml.dll
Filesize
144KB

MD5
d6ce2679999ce4eba077310850897268

SHA1
5c9bb9323452639560a3b827fb0a2a1d2db9c803

SHA256
c6cff6af4bab546ca2ac2d6e7fd999899a411d8a861c125e6bd36778817c0428

SHA512
8f3c8cf6115aaf443451f09e68654eda826bacdc1afac5206d94425672e547d8c2153b6a26d53ebaa725a3a38f09b3a7bb0a90139b6a5c72998bdb31362cc907

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\VCRUNTIME140.dll
Filesize
78KB

MD5
1b171f9a428c44acf85f89989007c328

SHA1
6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

SHA256
9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

SHA512
99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe
Filesize
746KB

MD5
a46fb58f141ce7963c53ab3068b79548

SHA1
18e93d658afbd847fdc2710e543711d695c58f1c

SHA256
485a8a9cc0f2f275f85f78e4424a4200be554c46cfa393a70d89f49a8beb1679

SHA512
7b68244cfb3dbcdc799befe3ce30453cad60b5232f308a223a08ee2885a3137e7484e304420d8c0bc9568f6a200617438f57e6c00cc72b3565aac4c86abdecfe

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe
Filesize
746KB

MD5
a46fb58f141ce7963c53ab3068b79548

SHA1
18e93d658afbd847fdc2710e543711d695c58f1c

SHA256
485a8a9cc0f2f275f85f78e4424a4200be554c46cfa393a70d89f49a8beb1679

SHA512
7b68244cfb3dbcdc799befe3ce30453cad60b5232f308a223a08ee2885a3137e7484e304420d8c0bc9568f6a200617438f57e6c00cc72b3565aac4c86abdecfe

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\crashpad\settings.dat
Filesize
40B

MD5
c809d28ce9d55759c7d35a390b4b2896

SHA1
13382ff79f42da4f804d2642b52cf446fce8acde

SHA256
664334b581fb6c97be37b29d923717a139f43bd1d5094074a48a219d53451c20

SHA512
ca98e20723ffd1258ceba42e7d237f76b8394d7cd1ca4921b63123b3789d264c293adcc3c7cdf00bdf66f8529dda97c37e13ba2855037a04bcaea73621e43ce8

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\imageformats\qgif.dll
Filesize
25KB

MD5
4eb7d56e102211cd0658a95fa90533ff

SHA1
e2ba98a41f7bd451e6b8f5300256cdfef4936343

SHA256
172cd07f2d55173c607a879a7c0f481459e92934d77026362c3c0b748a11f429

SHA512
36cbbbca41b8b47b71988d7f451805eaf961f5c2ad79505b27ccb915b35dcb04aac3aa0f944cfd16823ceddb27e673dca9753f814dbd873de460715136792b0f

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\imageformats\qicns.dll
Filesize
34KB

MD5
6209f7b11c8d40f07666737226618088

SHA1
e38337948273f6e363ecbc28b90a69563650d9f1

SHA256
390eb949a9027024d2a891a8d77cd1a9773c3145493fe9eab552c52579ab4b49

SHA512
a89c5b9d3a5f53a5fe0748e29a55e9afc74b3a2c2c3fdd38d511eb7a26da8fdc48b964decb6ca74c7a63734e882ff835484c3c47b9c2a1fb8ea0b3e9c9aa5cd5

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\imageformats\qico.dll
Filesize
25KB

MD5
3c149e5676cc1c34fc4a08e0b716f926

SHA1
4585be359f23176cf45f3ef6f655a01113216d62

SHA256
e06f1a9fcf1f954e6310f08dcfec4c0c93b87d13eaba75b6a90c05b944daabeb

SHA512
5ae5897ce66bba2939bffd6c718c3c6c94644e46171052fac46c156138e7e4359ee7b5af50db8f8dbf4a8402bd00ac5e0a334a34a5506d078ee0106bd071cdc0

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\imageformats\qjpeg.dll
Filesize
355KB

MD5
8e4eb3edc29df525f1399618342c340a

SHA1
ef43a91fc3981a0f166ff0a735c1e7f8c1f2e578

SHA256
9ee5024e08ce601f60879e7205ebaf686590c5b75b0231fca4eee723410d1b36

SHA512
52dce23fa0e6cc07819b9b011c7b78d1a44f0f8dd128b37aaf76b2fb9912211394a11acffad55ca1c724dd6d6b8fed7d4a9747ed64a82817a28e6ad592b74d90

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\imageformats\qsvg.dll
Filesize
21KB

MD5
8f94d2ae757a6115f59a34ea992b67c9

SHA1
6583b8ea6b61a0f423eca15fdd780d2efb65ab29

SHA256
2f3c33068fad9682b4aa49d9a667cf2a241d157651502c63396480e232c9954c

SHA512
d7e930018c7e3ea00c8bd88ef4b64386232567154e70aca3fff0f8861c03579eeeb138c227aeb8077856e48a65e73f01699d87f4005ad6f909eee62f072f9686

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\libEGL.DLL
Filesize
15KB

MD5
0469918fc1e19fc3f198cd14be4e1e22

SHA1
4f062e90cd4700259022394a020e3b02b3363ee6

SHA256
5dd84a436f1bee9fc1fdf6285db21e4acb52bb63cd86c53c23b440f021e03401

SHA512
10a01905a56ad50dc017205d649f2ff3f885ee9111c9a75fb408c010fc9481e91fdc9c3685f1ed0c939222652ecf8f349a027eba79b18a6bf64083fea85958e0

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\libEGL.dll
Filesize
15KB

MD5
0469918fc1e19fc3f198cd14be4e1e22

SHA1
4f062e90cd4700259022394a020e3b02b3363ee6

SHA256
5dd84a436f1bee9fc1fdf6285db21e4acb52bb63cd86c53c23b440f021e03401

SHA512
10a01905a56ad50dc017205d649f2ff3f885ee9111c9a75fb408c010fc9481e91fdc9c3685f1ed0c939222652ecf8f349a027eba79b18a6bf64083fea85958e0

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\libGLESV2.dll
Filesize
2.7MB

MD5
d4a37250588e61e50ad7f9d129f0d37e

SHA1
a4a84807401ea4cae05b9cb3c6cececdb63baed8

SHA256
785768f643f00cc013fbab8d620f3c1d3abec8bbeca5942ba31834dea269774b

SHA512
6256890a8ebaf8801879281cea334247437c7163989d1a6d05643052944d891a79ac68f8eb7044f4edfd1f2b97f021a92fcc859c0646ac836e5924d80fee5ee5

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\libGLESv2.dll
Filesize
2.7MB

MD5
d4a37250588e61e50ad7f9d129f0d37e

SHA1
a4a84807401ea4cae05b9cb3c6cececdb63baed8

SHA256
785768f643f00cc013fbab8d620f3c1d3abec8bbeca5942ba31834dea269774b

SHA512
6256890a8ebaf8801879281cea334247437c7163989d1a6d05643052944d891a79ac68f8eb7044f4edfd1f2b97f021a92fcc859c0646ac836e5924d80fee5ee5

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\libeay32.dll
Filesize
1.2MB

MD5
8c7f9f7040d518d323732de6fabe934e

SHA1
d5fc585b6670b0fd86539dfbaa958ec7564a470b

SHA256
4b3352c651968daac4c8d02033f4f1cd998cc03c3b2e6f51896586835820852f

SHA512
295c7e655ba275afb80b35134fb37f970e6a5d0d370553e6ad612d05de148010daff5372522a16a2567d7942e07233b9cb55a11dd895c7dc74f511e63ff9a3a9

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\licenses\license.html.en
Filesize
29KB

MD5
556e753cb0c71af3c0eca1d9378e1a53

SHA1
43fcaed084d52ead84622ef46e22a7f6887d94ed

SHA256
b310d56cc102f04a589cd41bafe9efaa0da1b48512fe52c67dddd5e6a744afc1

SHA512
28c2d90a7a540c73aadfd24e77cf8293b19e9ba449ec0ab93dcf20dfb1a51049251b8a5324ba9e34a0d6a4ad1b2a57ebb396a2c7d0bef252ca4d6589a11a5b6d

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\msvcp140.dll
Filesize
438KB

MD5
1fb93933fd087215a3c7b0800e6bb703

SHA1
a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb

SHA256
2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01

SHA512
79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\platforms\qwindows.dll
Filesize
1.1MB

MD5
8d82f89bca48d7de90c17ac37f754f16

SHA1
05e936237feaa1eea6a86a7d4e777749b269e3ba

SHA256
ac3a36b775ac8b9cd1e3c3a7ac9dd31e0cc0a12b84d5942e97d77da20992d005

SHA512
6266c8e7e85e81a9cfbc113eb761f6f0eb846b2bf545db42b2b1b7d461dbd7190cae8d10749df4bad54b08c9de39a880857b898fdf8ca3edd5baf5f85fdc07cf

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\platforms\qwindows.dll
Filesize
1.1MB

MD5
8d82f89bca48d7de90c17ac37f754f16

SHA1
05e936237feaa1eea6a86a7d4e777749b269e3ba

SHA256
ac3a36b775ac8b9cd1e3c3a7ac9dd31e0cc0a12b84d5942e97d77da20992d005

SHA512
6266c8e7e85e81a9cfbc113eb761f6f0eb846b2bf545db42b2b1b7d461dbd7190cae8d10749df4bad54b08c9de39a880857b898fdf8ca3edd5baf5f85fdc07cf

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\qt.conf
Filesize
44B

MD5
f513b3c7a4364514367bfe40c83d5848

SHA1
505db366d29768f6fef7b80aa3891e7bb55395cc

SHA256
7e3b97b14ae2963555e8bd9b08278bae54b67d4db405f0d608f317609dbcd147

SHA512
f399c0e70da580c224f37c7240413d9f612c5436a3c5a3caf0d967128f5e4953c9b16f112a563715125c0c7df8ece89442656a7c580d1e2fd00416bbfcb7c322

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\ssleay32.dll
Filesize
270KB

MD5
b9cafab9d39548dda98c9013c2450863

SHA1
afada50ab2ec72c4d6e604467cc609fe501aff2c

SHA256
769458c1ca2d45e9f1ad20431e4844fb1e460225aca34312e7ff6e9944a54343

SHA512
4d81a18aa39051e77654334bec770b0d4a55637b143d25a27cc18cbb7a710e181f61565f9fad6606fb7b8f00269d91951eb71ecdc51461d115dc973b6da95289

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\ssleay32.dll
Filesize
270KB

MD5
b9cafab9d39548dda98c9013c2450863

SHA1
afada50ab2ec72c4d6e604467cc609fe501aff2c

SHA256
769458c1ca2d45e9f1ad20431e4844fb1e460225aca34312e7ff6e9944a54343

SHA512
4d81a18aa39051e77654334bec770b0d4a55637b143d25a27cc18cbb7a710e181f61565f9fad6606fb7b8f00269d91951eb71ecdc51461d115dc973b6da95289

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\styles\qwindowsvistastyle.dll
Filesize
120KB

MD5
011f23a3f078e1fbffa7c408ae13a0cc

SHA1
bd2ba08c64bbc7c0f265491c846ede300fc12af7

SHA256
690655dbe1afff4ca1fd7f5170134af6f57d4ecb328ea12b696d568e1d4b84ff

SHA512
bb1b96345250ffee1c41fe31d49b8a97cb62dccaa8ee387cff7102f74e5df514003cdb9dfc73239343a3e010745f8c901130aeaee475b445fffda91df7378297

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\styles\qwindowsvistastyle.dll
Filesize
120KB

MD5
011f23a3f078e1fbffa7c408ae13a0cc

SHA1
bd2ba08c64bbc7c0f265491c846ede300fc12af7

SHA256
690655dbe1afff4ca1fd7f5170134af6f57d4ecb328ea12b696d568e1d4b84ff

SHA512
bb1b96345250ffee1c41fe31d49b8a97cb62dccaa8ee387cff7102f74e5df514003cdb9dfc73239343a3e010745f8c901130aeaee475b445fffda91df7378297

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\translations\vghd_en.qm
Filesize
98KB

MD5
6a74db807495ca62841e1e7066491e9f

SHA1
43892f985ab4356372c89d5f1581ab6c87397c53

SHA256
09bd3cac2667c0ffd8971dd9f5fb0935b5e85d46bc94ccf44f19c23b5d625b3b

SHA512
9ae7a4b9eea02397a6404c899e9feedc7d6a06d3e6a0ba4b4fa3d4a8256f1caadf7aa1aab3196c1f4ca9a8eabd297cf77eef848c9b30750c4d654e6f941da252

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\vcruntime140.dll
Filesize
78KB

MD5
1b171f9a428c44acf85f89989007c328

SHA1
6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

SHA256
9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

SHA512
99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe
Filesize
7.3MB

MD5
098df2ac5e3bb4b28f24d9a493aad1b9

SHA1
b5561a881539dd0e38e1eb4d0754a78dc96b010a

SHA256
fb0ea13a3ed9ae42134461f1b153e64c4fded5eb82fd236e355d920616c26c69

SHA512
ad97cb250e591fd45474351616e7a900a43a1eae0eb7a83a7dbbbfc538dcbe51eee644dfcd7915cabdbba0424932abe0569b72f15b8aa05afd1d4c0632f0fafd

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe
Filesize
7.3MB

MD5
098df2ac5e3bb4b28f24d9a493aad1b9

SHA1
b5561a881539dd0e38e1eb4d0754a78dc96b010a

SHA256
fb0ea13a3ed9ae42134461f1b153e64c4fded5eb82fd236e355d920616c26c69

SHA512
ad97cb250e591fd45474351616e7a900a43a1eae0eb7a83a7dbbbfc538dcbe51eee644dfcd7915cabdbba0424932abe0569b72f15b8aa05afd1d4c0632f0fafd

Download Submit
memory/1248-180-0x00000000005E0000-0x0000000000D2E000-memory.dmp

Filesize
7.3MB

Download
memory/1248-179-0x00000000005E0000-0x0000000000D2E000-memory.dmp

Filesize
7.3MB

Download
memory/1248-139-0x0000000000000000-mapping.dmp

Download
memory/2328-134-0x0000000000000000-mapping.dmp

Download
memory/3436-185-0x0000000000000000-mapping.dmp

Download
memory/4200-132-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/4200-136-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/4200-137-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/4200-181-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download