4a57d5940821785386807be9f04626bbadaad9f009e858ebda5708a5cf2ecbfe

Analysis

max time kernel
1430s
max time network
1509s
platform
windows7_x64
resource
win7-20221111-es
resource tags

arch:x64arch:x86image:win7-20221111-eslocale:es-esos:windows7-x64systemwindows
submitted
05/02/2023, 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup-istripper_LhZpt7k79Wju5Jv3wFDG.exe
Size

66.3MB
MD5

a7a38894dc913edd5171e17c0f8800e1
SHA1

bf66472e4bf3a58efc3410710c6502789cee138a
SHA256

4a57d5940821785386807be9f04626bbadaad9f009e858ebda5708a5cf2ecbfe
SHA512

28c71f6e4fb0cf04882d71e1a6c56b834cb2e3a7f0359215457d72868ae44cac9a636f103e1c3a90d9775360daddb27ce2a1829766f93c3785c101837074771c
SSDEEP

1572864:DFo9m8tLOWOjE7ABoK6agKOzALc66HvdxQ1leBs9WLl91ZI:DFoIvjCcoK6fzALczPMEs98pZ

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	vghd.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk	setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp

Executes dropped EXE 14 IoCs

pid	Process
1064	setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp
1440	vghd.exe
1384	crashpad_handler.exe
1052	vghd.exe
1828	crashpad_handler.exe
1696	QtWebEngineProcess.exe
1492	QtWebEngineProcess.exe
1556	QtWebEngineProcess.exe
1576	QtWebEngineProcess.exe
1400	QtWebEngineProcess.exe
2036	QtWebEngineProcess.exe
1740	QtWebEngineProcess.exe
2272	QtWebEngineProcess.exe
2604	QtWebEngineProcess.exe

Loads dropped DLL 64 IoCs

pid	Process
1788	setup-istripper_LhZpt7k79Wju5Jv3wFDG.exe
1064	setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp
1064	setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp
1064	setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp
1064	setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\	vghd.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1440	vghd.exe
1052	vghd.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1064	setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp
1064	setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp
1440	vghd.exe
1440	vghd.exe
1052	vghd.exe
1052	vghd.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1440	vghd.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	920	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	920	AUDIODG.EXE
Token: 33	920	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	920	AUDIODG.EXE
Token: 33	1440	vghd.exe
Token: SeIncBasePriorityPrivilege	1440	vghd.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1064	setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1440	vghd.exe
1052	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1052	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1052	vghd.exe
1052	vghd.exe
1440	vghd.exe
1440	vghd.exe
1440	vghd.exe
1936	osk.exe
1936	osk.exe
1936	osk.exe
1936	osk.exe
1936	osk.exe
1936	osk.exe
1936	osk.exe
1936	osk.exe
1936	osk.exe
1936	osk.exe
1936	osk.exe

Suspicious use of WriteProcessMemory 58 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 1064	1788	setup-istripper_LhZpt7k79Wju5Jv3wFDG.exe	28
PID 1788 wrote to memory of 1064	1788	setup-istripper_LhZpt7k79Wju5Jv3wFDG.exe	28
PID 1788 wrote to memory of 1064	1788	setup-istripper_LhZpt7k79Wju5Jv3wFDG.exe	28
PID 1788 wrote to memory of 1064	1788	setup-istripper_LhZpt7k79Wju5Jv3wFDG.exe	28
PID 1788 wrote to memory of 1064	1788	setup-istripper_LhZpt7k79Wju5Jv3wFDG.exe	28
PID 1788 wrote to memory of 1064	1788	setup-istripper_LhZpt7k79Wju5Jv3wFDG.exe	28
PID 1788 wrote to memory of 1064	1788	setup-istripper_LhZpt7k79Wju5Jv3wFDG.exe	28
PID 1064 wrote to memory of 1440	1064	setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp	34
PID 1064 wrote to memory of 1440	1064	setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp	34
PID 1064 wrote to memory of 1440	1064	setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp	34
PID 1064 wrote to memory of 1440	1064	setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp	34
PID 1440 wrote to memory of 1384	1440	vghd.exe	35
PID 1440 wrote to memory of 1384	1440	vghd.exe	35
PID 1440 wrote to memory of 1384	1440	vghd.exe	35
PID 1440 wrote to memory of 1384	1440	vghd.exe	35
PID 1052 wrote to memory of 1828	1052	vghd.exe	37
PID 1052 wrote to memory of 1828	1052	vghd.exe	37
PID 1052 wrote to memory of 1828	1052	vghd.exe	37
PID 1052 wrote to memory of 1828	1052	vghd.exe	37
PID 684 wrote to memory of 1936	684	utilman.exe	40
PID 684 wrote to memory of 1936	684	utilman.exe	40
PID 684 wrote to memory of 1936	684	utilman.exe	40
PID 1440 wrote to memory of 1696	1440	vghd.exe	42
PID 1440 wrote to memory of 1696	1440	vghd.exe	42
PID 1440 wrote to memory of 1696	1440	vghd.exe	42
PID 1440 wrote to memory of 1696	1440	vghd.exe	42
PID 1440 wrote to memory of 1492	1440	vghd.exe	46
PID 1440 wrote to memory of 1492	1440	vghd.exe	46
PID 1440 wrote to memory of 1492	1440	vghd.exe	46
PID 1440 wrote to memory of 1492	1440	vghd.exe	46
PID 1440 wrote to memory of 1556	1440	vghd.exe	43
PID 1440 wrote to memory of 1556	1440	vghd.exe	43
PID 1440 wrote to memory of 1556	1440	vghd.exe	43
PID 1440 wrote to memory of 1556	1440	vghd.exe	43
PID 1440 wrote to memory of 1576	1440	vghd.exe	45
PID 1440 wrote to memory of 1576	1440	vghd.exe	45
PID 1440 wrote to memory of 1576	1440	vghd.exe	45
PID 1440 wrote to memory of 1576	1440	vghd.exe	45
PID 1440 wrote to memory of 1400	1440	vghd.exe	44
PID 1440 wrote to memory of 1400	1440	vghd.exe	44
PID 1440 wrote to memory of 1400	1440	vghd.exe	44
PID 1440 wrote to memory of 1400	1440	vghd.exe	44
PID 1440 wrote to memory of 2036	1440	vghd.exe	48
PID 1440 wrote to memory of 2036	1440	vghd.exe	48
PID 1440 wrote to memory of 2036	1440	vghd.exe	48
PID 1440 wrote to memory of 2036	1440	vghd.exe	48
PID 1440 wrote to memory of 1740	1440	vghd.exe	47
PID 1440 wrote to memory of 1740	1440	vghd.exe	47
PID 1440 wrote to memory of 1740	1440	vghd.exe	47
PID 1440 wrote to memory of 1740	1440	vghd.exe	47
PID 1440 wrote to memory of 2272	1440	vghd.exe	49
PID 1440 wrote to memory of 2272	1440	vghd.exe	49
PID 1440 wrote to memory of 2272	1440	vghd.exe	49
PID 1440 wrote to memory of 2272	1440	vghd.exe	49
PID 1440 wrote to memory of 2604	1440	vghd.exe	50
PID 1440 wrote to memory of 2604	1440	vghd.exe	50
PID 1440 wrote to memory of 2604	1440	vghd.exe	50
PID 1440 wrote to memory of 2604	1440	vghd.exe	50

C:\Users\Admin\AppData\Local\Temp\setup-istripper_LhZpt7k79Wju5Jv3wFDG.exe
"C:\Users\Admin\AppData\Local\Temp\setup-istripper_LhZpt7k79Wju5Jv3wFDG.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Users\Admin\AppData\Local\Temp\is-QMN9J.tmp\setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QMN9J.tmp\setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp" /SL5="$A0022,68653392,798208,C:\Users\Admin\AppData\Local\Temp\setup-istripper_LhZpt7k79Wju5Jv3wFDG.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1064
- - C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe
    "C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe" -fromSetup
    3⤵
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates system info in registry
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1440
  - - C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe
      C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\vghd\bin\crashpad --metrics-dir=C:\Users\Admin\AppData\Local\vghd\bin\crashpad --url=https://submit.backtrace.io/vrparadise/4b77014f47baea5313294a7fecd87ff128d692457dd391e90fbcbe57ff2abdfe/minidump --annotation=appName=iStripper --annotation=appVersion=1.2.3.76 --annotation=format=minidump --annotation=token=4b77014f47baea5313294a7fecd87ff128d692457dd391e90fbcbe57ff2abdfe --annotation=userName=undefined --annotation=userPseudo=undefined --initial-client-data=0x204,0x208,0x20c,0x1d8,0x218,0x142bc24,0x142bc34,0x142bc44
      4⤵
      Executes dropped EXE
      PID:1384
  - - C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
      "C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=9332390730555312644 --lang=es --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=9332390730555312644 --renderer-client-id=2 --mojo-platform-channel-handle=2384 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:1696
  - - C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
      "C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=8648768485828991673 --lang=es --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=8648768485828991673 --renderer-client-id=4 --mojo-platform-channel-handle=2500 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:1556
  - - C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
      "C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=13327385389037578056 --lang=es --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=13327385389037578056 --renderer-client-id=6 --mojo-platform-channel-handle=2540 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:1400
  - - C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
      "C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=12824778344846322115 --lang=es --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=12824778344846322115 --renderer-client-id=5 --mojo-platform-channel-handle=2528 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:1576
  - - C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
      "C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=4639574909082495436 --lang=es --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=4639574909082495436 --renderer-client-id=3 --mojo-platform-channel-handle=2428 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:1492
  - - C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
      "C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=16400992672849256317 --lang=es --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=16400992672849256317 --renderer-client-id=8 --mojo-platform-channel-handle=2564 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:1740
  - - C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
      "C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=6814485153083367091 --lang=es --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=6814485153083367091 --renderer-client-id=7 --mojo-platform-channel-handle=2552 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:2036
  - - C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
      "C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=15917677468434412121 --lang=es --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=15917677468434412121 --renderer-client-id=9 --mojo-platform-channel-handle=3332 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:2272
  - - C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe
      "C:\Users\Admin\AppData\Local\vghd\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=14596643055549377232 --lang=es --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=14596643055549377232 --renderer-client-id=10 --mojo-platform-channel-handle=2356 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:2604

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1724

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1328

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:920

C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe
"C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe
  C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\vghd\bin\crashpad --metrics-dir=C:\Users\Admin\AppData\Local\vghd\bin\crashpad --url=https://submit.backtrace.io/vrparadise/4b77014f47baea5313294a7fecd87ff128d692457dd391e90fbcbe57ff2abdfe/minidump --annotation=appName=iStripper --annotation=appVersion=1.2.3.76 --annotation=format=minidump --annotation=token=4b77014f47baea5313294a7fecd87ff128d692457dd391e90fbcbe57ff2abdfe --annotation=userName=undefined --annotation=userPseudo=undefined --initial-client-data=0x204,0x208,0x20c,0x1d8,0x218,0x142bc24,0x142bc34,0x142bc44
  2⤵
  - Executes dropped EXE
  PID:1828

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
PID:1532

C:\Windows\system32\utilman.exe
utilman.exe /debug
1⤵
- Suspicious use of WriteProcessMemory
PID:684
- C:\Windows\System32\osk.exe
  "C:\Windows\System32\osk.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1936

C:\Windows\system32\utilman.exe
utilman.exe /debug
1⤵
PID:1100

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-QMN9J.tmp\setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp

Filesize
3.0MB

MD5
89b9755fbe7c8175f99ef9069ef191ec

SHA1
7cc683ca1b732ffb032c0f18c7e899486d9e5b14

SHA256
c9d4b5ab87610e96f16bf1d515ac1a7d8098242693c136973baacd4ba663c91c

SHA512
7f432cd31ec6c37e336bb67b72cda3ac39affd9e9e5ccf5fabd0df98849b56ece2d61af698fd8ce27bda21660a4e9e0f17cbffc721c712d4dc6d317590a85bfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QMN9J.tmp\setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp

Filesize
3.0MB

MD5
89b9755fbe7c8175f99ef9069ef191ec

SHA1
7cc683ca1b732ffb032c0f18c7e899486d9e5b14

SHA256
c9d4b5ab87610e96f16bf1d515ac1a7d8098242693c136973baacd4ba663c91c

SHA512
7f432cd31ec6c37e336bb67b72cda3ac39affd9e9e5ccf5fabd0df98849b56ece2d61af698fd8ce27bda21660a4e9e0f17cbffc721c712d4dc6d317590a85bfc

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\MSVCP140.dll

Filesize
438KB

MD5
1fb93933fd087215a3c7b0800e6bb703

SHA1
a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb

SHA256
2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01

SHA512
79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Concurrent.dll

Filesize
24KB

MD5
e34bcd3ddc59a08dca72c3ec843efc74

SHA1
35664b01345b79a3ac4bfdd2393258c4d056178d

SHA256
9cd21a548adde408c82f4204902a9cfe7a97bce02f1b6272ea6b3a3758441a34

SHA512
7cd36200571ecaa23a43ad045d7e3bc761bc05bda9b7cb4c30d739be03c699013d19e4673f4488a48fde0fdcc55cb20bcb4644889546c0e90cd1c11b5b8efad9

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Core.dll

Filesize
4.9MB

MD5
db58c7e71aa35d2cc47b57828590f569

SHA1
ff55e851b2239f5f09bb455c869eeb697174b574

SHA256
4714f75569aba7cebd6b13466527b190adc1999aef5c8f1f73cb2472282faf6c

SHA512
0d73898d22906937a50fc4c68f3241484a6649dfcd4bf14e7462c381e376b0a86102898bd7728dadadb3ab90e081922f93c40eeb9359fc2a81a847dc3c27e2a5

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Gui.dll

Filesize
5.1MB

MD5
5581175e339938f80cafb164be0dc4b0

SHA1
f7badc086b65df6329a13c17fcbec349f2ab98a8

SHA256
78bca9c65600391ec4bb1fb0374169db13e7517ebd154a11d244248b25a7d939

SHA512
cf2ae95e01d139794b51913f73cd045727fffff439d499cf4b00648ff1d819c6325244544b54d5f544f181cee8e4f8359cd9f6c8ef83271880776d0823111c53

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Multimedia.dll

Filesize
563KB

MD5
a0c00640e49e10774c1351052342f4d0

SHA1
619a092e549a2e01b0e37c06728b199b2a7e0264

SHA256
3076cbd7960621b3e679b348c55ccaa3db1203f83c8fefd7ddc4bce05faa860b

SHA512
6bb7bc82f00fc6257d8c599a91c7b0de03dcc8b047d970acd7ce6dea422ca83bec4fdf73910ee0e3cef61f4e9f8f165191623b8ecc9039759a8802d122801dc0

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Network.dll

Filesize
1018KB

MD5
78932f74452bd17566e2e4fdcd8368d6

SHA1
1f27f27fa57a401e20d6bdcbb878a8a477f9df71

SHA256
e94054f7f5efebda73f2a075745b9391ff2ac1215b6bc55a6402bcc5aed880ff

SHA512
525405521ccbb3c61f39ebfa999fb5d97956140bc3c8937bef41b9e3279cd3ccfcf9be308a1a55c1896fb85f834f8b1a43fa35bb2147e827c9e85e001088ce2d

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Positioning.dll

Filesize
254KB

MD5
30e9bb13166b08042a4fc6f7239845b6

SHA1
ff4283ed891a9b23b66e07f16c63f203e45125c4

SHA256
f31c3409c90124f1ac279a52dfe7c44a1220bf0f3027797420892786503887cf

SHA512
b48dca0cd30aac2311176e734baf2465d7818e801ed0483fe29cb2332e4e514148c9031aefd1f4730a7d86e4e96fd90416d165a2a0b516dd0dec629252c20851

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5PrintSupport.dll

Filesize
261KB

MD5
b2baa1d188be3816e54c5fbc2a31f48f

SHA1
80cb56b3ef29570e5a4abf3118e45210013b5df9

SHA256
696782041bb188c94655128dbfa125944b27d081e185924ba5b48e9a18cfe086

SHA512
6ec6dd653d81f3f8c856d2b4e49d4295e50784620a46ccc7d3f562938230d252031f1b7b5e1dd072f20535334de8025ab37c33c65bffbd96b7dc9b539cf0448c

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Qml.dll

Filesize
3.2MB

MD5
7adc1c79d553c4b03456fb9622ae0ce5

SHA1
11b51b946003025ee01bc8566c85518be1a08a87

SHA256
d90382c681441c926f971bbd587d184d94736a63e9d42caaea8128d4005ae655

SHA512
546805190cb516fbdba50a020e445b70f89bef51181f7a897921c22591f204048abc9d16b81b886d56cc2fc8e42f75c35e0c7d7fc8a27ee0c4691c3e9d246d6a

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Quick.dll

Filesize
3.0MB

MD5
8ff4b094c60b296d76d293c0d97f2db0

SHA1
499af0ff76509fdc0aefc2cfd311ce6feeca9e32

SHA256
63684525da673a2ad0929956f332faa694702449fb42b4801f17fde533fc9ea6

SHA512
99865bd0342fb001c50dcedc5f4ba20e0f9e5924b00ef5c1f548947514791785de31d8a8d2e36d27103006a928d050742d1b9fdab419476df9280b5dc9fbf952

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5QuickWidgets.dll

Filesize
58KB

MD5
9a5e6c98b785016ba0fa329b41a47d06

SHA1
6fc760ee0b82061bcded659d342f6ca4841632eb

SHA256
7c6eb33dfdab0b04563cfdd198adae802c153106fd2c8d4ac272c9f66da17e03

SHA512
5e8ee94d235b78fb08fd87f87983fa07f46153cace17a0995eaeb556dc433095e15787b0ef084c6e1b2c728898490b0ac383ae703e4aee51507b879359d44b0e

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebChannel.dll

Filesize
88KB

MD5
ca13ebdc6bccb3a229e3c8983698f3e4

SHA1
efa24afebc55592e8a41245109b5e17dc8be26ed

SHA256
b3b89a4b3f82c84f4b28c73bf9718929ab4d4fbcc8609936839d050d0b6951a0

SHA512
c6aa8a90a44e51ea390975f2f587dcdf67eb69b9d504bea5e37e72a0c8e3869cea85bf174b367b92288e01567950e992c64f58255df521f85a0df45b2b303131

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebEngineCore.dll

Filesize
56.6MB

MD5
322078ef4718f23a4ef0c180954b6b60

SHA1
57022e7c67acf440a2e6afe63bd8eb91f86d9111

SHA256
1b73e59786cc1e415d7c73eed83c173e920c3e26c134e828c780df7744ad2ef4

SHA512
2da4b55a7aaf7f4145cb0e0678cf799abda872dfc18753fc8601c92e9d76965f3c753d480063b5b1857ff2325540618fc4c045ac05eda9cd9af699e061a79c9c

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebEngineWidgets.dll

Filesize
183KB

MD5
020be7fb1535bea06b3d6adc0240a44e

SHA1
be5935450056ec14a5a2ac6b967b20c55a376a3d

SHA256
5cd141a009df3eaa797efab1096376458847e89f976370b9287a92d6a93746f6

SHA512
11f3045ac1e69604d1bf168debb5e123dda916415a6ad58c15f8524da7c7f6d629595db45e049a6037e421ff06a21f9109f70732bf651c3c6a598fb11d7e63c7

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5WebSockets.dll

Filesize
122KB

MD5
583eb7b9b7e90901ef90eab652de34d8

SHA1
eada56ad02cb3cf0c1ed3195d85c7cd29b73cb02

SHA256
cfbfa7cfaa182b05d4738d0f059195a7ca5f39cdc98b962137320f55db80b4e6

SHA512
dc81d7e2e171ba47f84604ffa2f48f83d0fa3362a0e59aa11101c600c6e4655a7379c446e78f7c49b0fb23b132635c0163631ece3d4122fc5ae5baeac742eafb

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Widgets.dll

Filesize
4.3MB

MD5
4e44578216abf3654056015ef4c8a9c3

SHA1
731f56b8ccc14bc7ced833c059a2fe9be67d23f7

SHA256
91bb41088f847fb73641fa556eda6d67bacb67560b8abf6ea1f0c885390004f8

SHA512
c77f92786ccf1d1d604808580b0952df255bf16782436606d3be54cb46bbb49f298baf57fe30acd22f2bce8f487e8eeefdbe98117f57171b74337dc367fd1bb6

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\Qt5Xml.dll

Filesize
144KB

MD5
d6ce2679999ce4eba077310850897268

SHA1
5c9bb9323452639560a3b827fb0a2a1d2db9c803

SHA256
c6cff6af4bab546ca2ac2d6e7fd999899a411d8a861c125e6bd36778817c0428

SHA512
8f3c8cf6115aaf443451f09e68654eda826bacdc1afac5206d94425672e547d8c2153b6a26d53ebaa725a3a38f09b3a7bb0a90139b6a5c72998bdb31362cc907

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\VCRUNTIME140.dll

Filesize
78KB

MD5
1b171f9a428c44acf85f89989007c328

SHA1
6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

SHA256
9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

SHA512
99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe

Filesize
746KB

MD5
a46fb58f141ce7963c53ab3068b79548

SHA1
18e93d658afbd847fdc2710e543711d695c58f1c

SHA256
485a8a9cc0f2f275f85f78e4424a4200be554c46cfa393a70d89f49a8beb1679

SHA512
7b68244cfb3dbcdc799befe3ce30453cad60b5232f308a223a08ee2885a3137e7484e304420d8c0bc9568f6a200617438f57e6c00cc72b3565aac4c86abdecfe

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe

Filesize
746KB

MD5
a46fb58f141ce7963c53ab3068b79548

SHA1
18e93d658afbd847fdc2710e543711d695c58f1c

SHA256
485a8a9cc0f2f275f85f78e4424a4200be554c46cfa393a70d89f49a8beb1679

SHA512
7b68244cfb3dbcdc799befe3ce30453cad60b5232f308a223a08ee2885a3137e7484e304420d8c0bc9568f6a200617438f57e6c00cc72b3565aac4c86abdecfe

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\crashpad\settings.dat

Filesize
40B

MD5
90edb2864e6d9531506529118fcb7425

SHA1
12a798f1bcbe152d2f7dbcabaccf866602cb8a4e

SHA256
1f54c149bb0f9a9bf8626b6b48012ac0e2a31693111a6996ea978acb021d38f9

SHA512
177b1bf217397d1bf85702d787648e49e522a90aedcdd97f8eb7e31fa4af0333fbb3578a5556f43fddf0829c3a3760e0392bd7eae3f56a8f346cd5e2f13b823e

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\libEGL.DLL

Filesize
15KB

MD5
0469918fc1e19fc3f198cd14be4e1e22

SHA1
4f062e90cd4700259022394a020e3b02b3363ee6

SHA256
5dd84a436f1bee9fc1fdf6285db21e4acb52bb63cd86c53c23b440f021e03401

SHA512
10a01905a56ad50dc017205d649f2ff3f885ee9111c9a75fb408c010fc9481e91fdc9c3685f1ed0c939222652ecf8f349a027eba79b18a6bf64083fea85958e0

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\libGLESv2.dll

Filesize
2.7MB

MD5
d4a37250588e61e50ad7f9d129f0d37e

SHA1
a4a84807401ea4cae05b9cb3c6cececdb63baed8

SHA256
785768f643f00cc013fbab8d620f3c1d3abec8bbeca5942ba31834dea269774b

SHA512
6256890a8ebaf8801879281cea334247437c7163989d1a6d05643052944d891a79ac68f8eb7044f4edfd1f2b97f021a92fcc859c0646ac836e5924d80fee5ee5

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\platforms\qwindows.dll

Filesize
1.1MB

MD5
8d82f89bca48d7de90c17ac37f754f16

SHA1
05e936237feaa1eea6a86a7d4e777749b269e3ba

SHA256
ac3a36b775ac8b9cd1e3c3a7ac9dd31e0cc0a12b84d5942e97d77da20992d005

SHA512
6266c8e7e85e81a9cfbc113eb761f6f0eb846b2bf545db42b2b1b7d461dbd7190cae8d10749df4bad54b08c9de39a880857b898fdf8ca3edd5baf5f85fdc07cf

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\qt.conf

Filesize
44B

MD5
f513b3c7a4364514367bfe40c83d5848

SHA1
505db366d29768f6fef7b80aa3891e7bb55395cc

SHA256
7e3b97b14ae2963555e8bd9b08278bae54b67d4db405f0d608f317609dbcd147

SHA512
f399c0e70da580c224f37c7240413d9f612c5436a3c5a3caf0d967128f5e4953c9b16f112a563715125c0c7df8ece89442656a7c580d1e2fd00416bbfcb7c322

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe

Filesize
7.4MB

MD5
6b7be69c0bd1003cbe4f520f5824a516

SHA1
69c0d7dcf4b6ce45da4581146af59d98fb590f93

SHA256
7caf9e1792fcf593e8e2e558f09a3bf42dcb3b5bce3e7642836366c9b48c0cce

SHA512
3a0b47db43b025f5e3e64351e9134555beca39d4c3558fcc56cbf4da62b877e54734d3977ba5d3af2bb07a341d92857c21cfddfc1e407eb4c05ad5ca79efcebf

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe

Filesize
7.4MB

MD5
6b7be69c0bd1003cbe4f520f5824a516

SHA1
69c0d7dcf4b6ce45da4581146af59d98fb590f93

SHA256
7caf9e1792fcf593e8e2e558f09a3bf42dcb3b5bce3e7642836366c9b48c0cce

SHA512
3a0b47db43b025f5e3e64351e9134555beca39d4c3558fcc56cbf4da62b877e54734d3977ba5d3af2bb07a341d92857c21cfddfc1e407eb4c05ad5ca79efcebf

Download Submit
C:\Users\Admin\AppData\Local\vghd\bin\vghd.exe

Filesize
7.4MB

MD5
6b7be69c0bd1003cbe4f520f5824a516

SHA1
69c0d7dcf4b6ce45da4581146af59d98fb590f93

SHA256
7caf9e1792fcf593e8e2e558f09a3bf42dcb3b5bce3e7642836366c9b48c0cce

SHA512
3a0b47db43b025f5e3e64351e9134555beca39d4c3558fcc56cbf4da62b877e54734d3977ba5d3af2bb07a341d92857c21cfddfc1e407eb4c05ad5ca79efcebf

Download Submit
\Users\Admin\AppData\Local\Temp\is-QMN9J.tmp\setup-istripper_LhZpt7k79Wju5Jv3wFDG.tmp

Filesize
3.0MB

MD5
89b9755fbe7c8175f99ef9069ef191ec

SHA1
7cc683ca1b732ffb032c0f18c7e899486d9e5b14

SHA256
c9d4b5ab87610e96f16bf1d515ac1a7d8098242693c136973baacd4ba663c91c

SHA512
7f432cd31ec6c37e336bb67b72cda3ac39affd9e9e5ccf5fabd0df98849b56ece2d61af698fd8ce27bda21660a4e9e0f17cbffc721c712d4dc6d317590a85bfc

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Concurrent.dll

Filesize
24KB

MD5
e34bcd3ddc59a08dca72c3ec843efc74

SHA1
35664b01345b79a3ac4bfdd2393258c4d056178d

SHA256
9cd21a548adde408c82f4204902a9cfe7a97bce02f1b6272ea6b3a3758441a34

SHA512
7cd36200571ecaa23a43ad045d7e3bc761bc05bda9b7cb4c30d739be03c699013d19e4673f4488a48fde0fdcc55cb20bcb4644889546c0e90cd1c11b5b8efad9

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Core.dll

Filesize
4.9MB

MD5
db58c7e71aa35d2cc47b57828590f569

SHA1
ff55e851b2239f5f09bb455c869eeb697174b574

SHA256
4714f75569aba7cebd6b13466527b190adc1999aef5c8f1f73cb2472282faf6c

SHA512
0d73898d22906937a50fc4c68f3241484a6649dfcd4bf14e7462c381e376b0a86102898bd7728dadadb3ab90e081922f93c40eeb9359fc2a81a847dc3c27e2a5

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Core.dll

Filesize
4.9MB

MD5
db58c7e71aa35d2cc47b57828590f569

SHA1
ff55e851b2239f5f09bb455c869eeb697174b574

SHA256
4714f75569aba7cebd6b13466527b190adc1999aef5c8f1f73cb2472282faf6c

SHA512
0d73898d22906937a50fc4c68f3241484a6649dfcd4bf14e7462c381e376b0a86102898bd7728dadadb3ab90e081922f93c40eeb9359fc2a81a847dc3c27e2a5

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Gui.dll

Filesize
5.1MB

MD5
5581175e339938f80cafb164be0dc4b0

SHA1
f7badc086b65df6329a13c17fcbec349f2ab98a8

SHA256
78bca9c65600391ec4bb1fb0374169db13e7517ebd154a11d244248b25a7d939

SHA512
cf2ae95e01d139794b51913f73cd045727fffff439d499cf4b00648ff1d819c6325244544b54d5f544f181cee8e4f8359cd9f6c8ef83271880776d0823111c53

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Gui.dll

Filesize
5.1MB

MD5
5581175e339938f80cafb164be0dc4b0

SHA1
f7badc086b65df6329a13c17fcbec349f2ab98a8

SHA256
78bca9c65600391ec4bb1fb0374169db13e7517ebd154a11d244248b25a7d939

SHA512
cf2ae95e01d139794b51913f73cd045727fffff439d499cf4b00648ff1d819c6325244544b54d5f544f181cee8e4f8359cd9f6c8ef83271880776d0823111c53

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Multimedia.dll

Filesize
563KB

MD5
a0c00640e49e10774c1351052342f4d0

SHA1
619a092e549a2e01b0e37c06728b199b2a7e0264

SHA256
3076cbd7960621b3e679b348c55ccaa3db1203f83c8fefd7ddc4bce05faa860b

SHA512
6bb7bc82f00fc6257d8c599a91c7b0de03dcc8b047d970acd7ce6dea422ca83bec4fdf73910ee0e3cef61f4e9f8f165191623b8ecc9039759a8802d122801dc0

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Multimedia.dll

Filesize
563KB

MD5
a0c00640e49e10774c1351052342f4d0

SHA1
619a092e549a2e01b0e37c06728b199b2a7e0264

SHA256
3076cbd7960621b3e679b348c55ccaa3db1203f83c8fefd7ddc4bce05faa860b

SHA512
6bb7bc82f00fc6257d8c599a91c7b0de03dcc8b047d970acd7ce6dea422ca83bec4fdf73910ee0e3cef61f4e9f8f165191623b8ecc9039759a8802d122801dc0

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Network.dll

Filesize
1018KB

MD5
78932f74452bd17566e2e4fdcd8368d6

SHA1
1f27f27fa57a401e20d6bdcbb878a8a477f9df71

SHA256
e94054f7f5efebda73f2a075745b9391ff2ac1215b6bc55a6402bcc5aed880ff

SHA512
525405521ccbb3c61f39ebfa999fb5d97956140bc3c8937bef41b9e3279cd3ccfcf9be308a1a55c1896fb85f834f8b1a43fa35bb2147e827c9e85e001088ce2d

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Network.dll

Filesize
1018KB

MD5
78932f74452bd17566e2e4fdcd8368d6

SHA1
1f27f27fa57a401e20d6bdcbb878a8a477f9df71

SHA256
e94054f7f5efebda73f2a075745b9391ff2ac1215b6bc55a6402bcc5aed880ff

SHA512
525405521ccbb3c61f39ebfa999fb5d97956140bc3c8937bef41b9e3279cd3ccfcf9be308a1a55c1896fb85f834f8b1a43fa35bb2147e827c9e85e001088ce2d

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Positioning.dll

Filesize
254KB

MD5
30e9bb13166b08042a4fc6f7239845b6

SHA1
ff4283ed891a9b23b66e07f16c63f203e45125c4

SHA256
f31c3409c90124f1ac279a52dfe7c44a1220bf0f3027797420892786503887cf

SHA512
b48dca0cd30aac2311176e734baf2465d7818e801ed0483fe29cb2332e4e514148c9031aefd1f4730a7d86e4e96fd90416d165a2a0b516dd0dec629252c20851

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5PrintSupport.dll

Filesize
261KB

MD5
b2baa1d188be3816e54c5fbc2a31f48f

SHA1
80cb56b3ef29570e5a4abf3118e45210013b5df9

SHA256
696782041bb188c94655128dbfa125944b27d081e185924ba5b48e9a18cfe086

SHA512
6ec6dd653d81f3f8c856d2b4e49d4295e50784620a46ccc7d3f562938230d252031f1b7b5e1dd072f20535334de8025ab37c33c65bffbd96b7dc9b539cf0448c

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Qml.dll

Filesize
3.2MB

MD5
7adc1c79d553c4b03456fb9622ae0ce5

SHA1
11b51b946003025ee01bc8566c85518be1a08a87

SHA256
d90382c681441c926f971bbd587d184d94736a63e9d42caaea8128d4005ae655

SHA512
546805190cb516fbdba50a020e445b70f89bef51181f7a897921c22591f204048abc9d16b81b886d56cc2fc8e42f75c35e0c7d7fc8a27ee0c4691c3e9d246d6a

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Quick.dll

Filesize
3.0MB

MD5
8ff4b094c60b296d76d293c0d97f2db0

SHA1
499af0ff76509fdc0aefc2cfd311ce6feeca9e32

SHA256
63684525da673a2ad0929956f332faa694702449fb42b4801f17fde533fc9ea6

SHA512
99865bd0342fb001c50dcedc5f4ba20e0f9e5924b00ef5c1f548947514791785de31d8a8d2e36d27103006a928d050742d1b9fdab419476df9280b5dc9fbf952

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5QuickWidgets.dll

Filesize
58KB

MD5
9a5e6c98b785016ba0fa329b41a47d06

SHA1
6fc760ee0b82061bcded659d342f6ca4841632eb

SHA256
7c6eb33dfdab0b04563cfdd198adae802c153106fd2c8d4ac272c9f66da17e03

SHA512
5e8ee94d235b78fb08fd87f87983fa07f46153cace17a0995eaeb556dc433095e15787b0ef084c6e1b2c728898490b0ac383ae703e4aee51507b879359d44b0e

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5WebChannel.dll

Filesize
88KB

MD5
ca13ebdc6bccb3a229e3c8983698f3e4

SHA1
efa24afebc55592e8a41245109b5e17dc8be26ed

SHA256
b3b89a4b3f82c84f4b28c73bf9718929ab4d4fbcc8609936839d050d0b6951a0

SHA512
c6aa8a90a44e51ea390975f2f587dcdf67eb69b9d504bea5e37e72a0c8e3869cea85bf174b367b92288e01567950e992c64f58255df521f85a0df45b2b303131

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5WebEngineCore.dll

Filesize
56.6MB

MD5
322078ef4718f23a4ef0c180954b6b60

SHA1
57022e7c67acf440a2e6afe63bd8eb91f86d9111

SHA256
1b73e59786cc1e415d7c73eed83c173e920c3e26c134e828c780df7744ad2ef4

SHA512
2da4b55a7aaf7f4145cb0e0678cf799abda872dfc18753fc8601c92e9d76965f3c753d480063b5b1857ff2325540618fc4c045ac05eda9cd9af699e061a79c9c

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5WebEngineWidgets.dll

Filesize
183KB

MD5
020be7fb1535bea06b3d6adc0240a44e

SHA1
be5935450056ec14a5a2ac6b967b20c55a376a3d

SHA256
5cd141a009df3eaa797efab1096376458847e89f976370b9287a92d6a93746f6

SHA512
11f3045ac1e69604d1bf168debb5e123dda916415a6ad58c15f8524da7c7f6d629595db45e049a6037e421ff06a21f9109f70732bf651c3c6a598fb11d7e63c7

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5WebSockets.dll

Filesize
122KB

MD5
583eb7b9b7e90901ef90eab652de34d8

SHA1
eada56ad02cb3cf0c1ed3195d85c7cd29b73cb02

SHA256
cfbfa7cfaa182b05d4738d0f059195a7ca5f39cdc98b962137320f55db80b4e6

SHA512
dc81d7e2e171ba47f84604ffa2f48f83d0fa3362a0e59aa11101c600c6e4655a7379c446e78f7c49b0fb23b132635c0163631ece3d4122fc5ae5baeac742eafb

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Widgets.dll

Filesize
4.3MB

MD5
4e44578216abf3654056015ef4c8a9c3

SHA1
731f56b8ccc14bc7ced833c059a2fe9be67d23f7

SHA256
91bb41088f847fb73641fa556eda6d67bacb67560b8abf6ea1f0c885390004f8

SHA512
c77f92786ccf1d1d604808580b0952df255bf16782436606d3be54cb46bbb49f298baf57fe30acd22f2bce8f487e8eeefdbe98117f57171b74337dc367fd1bb6

Download Submit
\Users\Admin\AppData\Local\vghd\bin\Qt5Xml.dll

Filesize
144KB

MD5
d6ce2679999ce4eba077310850897268

SHA1
5c9bb9323452639560a3b827fb0a2a1d2db9c803

SHA256
c6cff6af4bab546ca2ac2d6e7fd999899a411d8a861c125e6bd36778817c0428

SHA512
8f3c8cf6115aaf443451f09e68654eda826bacdc1afac5206d94425672e547d8c2153b6a26d53ebaa725a3a38f09b3a7bb0a90139b6a5c72998bdb31362cc907

Download Submit
\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe

Filesize
746KB

MD5
a46fb58f141ce7963c53ab3068b79548

SHA1
18e93d658afbd847fdc2710e543711d695c58f1c

SHA256
485a8a9cc0f2f275f85f78e4424a4200be554c46cfa393a70d89f49a8beb1679

SHA512
7b68244cfb3dbcdc799befe3ce30453cad60b5232f308a223a08ee2885a3137e7484e304420d8c0bc9568f6a200617438f57e6c00cc72b3565aac4c86abdecfe

Download Submit
\Users\Admin\AppData\Local\vghd\bin\crashpad\crashpad_handler.exe

Filesize
746KB

MD5
a46fb58f141ce7963c53ab3068b79548

SHA1
18e93d658afbd847fdc2710e543711d695c58f1c

SHA256
485a8a9cc0f2f275f85f78e4424a4200be554c46cfa393a70d89f49a8beb1679

SHA512
7b68244cfb3dbcdc799befe3ce30453cad60b5232f308a223a08ee2885a3137e7484e304420d8c0bc9568f6a200617438f57e6c00cc72b3565aac4c86abdecfe

Download Submit
\Users\Admin\AppData\Local\vghd\bin\libEGL.dll

Filesize
15KB

MD5
0469918fc1e19fc3f198cd14be4e1e22

SHA1
4f062e90cd4700259022394a020e3b02b3363ee6

SHA256
5dd84a436f1bee9fc1fdf6285db21e4acb52bb63cd86c53c23b440f021e03401

SHA512
10a01905a56ad50dc017205d649f2ff3f885ee9111c9a75fb408c010fc9481e91fdc9c3685f1ed0c939222652ecf8f349a027eba79b18a6bf64083fea85958e0

Download Submit
\Users\Admin\AppData\Local\vghd\bin\libGLESV2.dll

Filesize
2.7MB

MD5
d4a37250588e61e50ad7f9d129f0d37e

SHA1
a4a84807401ea4cae05b9cb3c6cececdb63baed8

SHA256
785768f643f00cc013fbab8d620f3c1d3abec8bbeca5942ba31834dea269774b

SHA512
6256890a8ebaf8801879281cea334247437c7163989d1a6d05643052944d891a79ac68f8eb7044f4edfd1f2b97f021a92fcc859c0646ac836e5924d80fee5ee5

Download Submit
\Users\Admin\AppData\Local\vghd\bin\msvcp140.dll

Filesize
438KB

MD5
1fb93933fd087215a3c7b0800e6bb703

SHA1
a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb

SHA256
2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01

SHA512
79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

Download Submit
\Users\Admin\AppData\Local\vghd\bin\msvcp140.dll

Filesize
438KB

MD5
1fb93933fd087215a3c7b0800e6bb703

SHA1
a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb

SHA256
2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01

SHA512
79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

Download Submit
\Users\Admin\AppData\Local\vghd\bin\platforms\qwindows.dll

Filesize
1.1MB

MD5
8d82f89bca48d7de90c17ac37f754f16

SHA1
05e936237feaa1eea6a86a7d4e777749b269e3ba

SHA256
ac3a36b775ac8b9cd1e3c3a7ac9dd31e0cc0a12b84d5942e97d77da20992d005

SHA512
6266c8e7e85e81a9cfbc113eb761f6f0eb846b2bf545db42b2b1b7d461dbd7190cae8d10749df4bad54b08c9de39a880857b898fdf8ca3edd5baf5f85fdc07cf

Download Submit
\Users\Admin\AppData\Local\vghd\bin\unins000.exe

Filesize
3.0MB

MD5
512deabd06b81b4a1f5e4d0e40e337b2

SHA1
34854aa2ebebb66ede2ba4a1035e44fcf6280a8a

SHA256
bb6421e1c180f37b4105f7bdecbd4e313c65cfbb9c3e6dabe34d39bbf5e875a4

SHA512
9f7209419d9084bf6b22757b30bf7c641e9c26851e5c81169c64db65a99a43e1a2a755f70ab564de0433e2a128ac0798b514ab3e58317520a8f3eecb1ac960b6

Download Submit
\Users\Admin\AppData\Local\vghd\bin\vcruntime140.dll

Filesize
78KB

MD5
1b171f9a428c44acf85f89989007c328

SHA1
6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

SHA256
9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

SHA512
99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

Download Submit
\Users\Admin\AppData\Local\vghd\bin\vcruntime140.dll

Filesize
78KB

MD5
1b171f9a428c44acf85f89989007c328

SHA1
6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

SHA256
9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

SHA512
99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

Download Submit
\Users\Admin\AppData\Local\vghd\bin\vghd.exe

Filesize
7.4MB

MD5
6b7be69c0bd1003cbe4f520f5824a516

SHA1
69c0d7dcf4b6ce45da4581146af59d98fb590f93

SHA256
7caf9e1792fcf593e8e2e558f09a3bf42dcb3b5bce3e7642836366c9b48c0cce

SHA512
3a0b47db43b025f5e3e64351e9134555beca39d4c3558fcc56cbf4da62b877e54734d3977ba5d3af2bb07a341d92857c21cfddfc1e407eb4c05ad5ca79efcebf

Download Submit
\Users\Admin\AppData\Local\vghd\bin\vghd.exe

Filesize
7.4MB

MD5
6b7be69c0bd1003cbe4f520f5824a516

SHA1
69c0d7dcf4b6ce45da4581146af59d98fb590f93

SHA256
7caf9e1792fcf593e8e2e558f09a3bf42dcb3b5bce3e7642836366c9b48c0cce

SHA512
3a0b47db43b025f5e3e64351e9134555beca39d4c3558fcc56cbf4da62b877e54734d3977ba5d3af2bb07a341d92857c21cfddfc1e407eb4c05ad5ca79efcebf

Download Submit
\Users\Admin\AppData\Local\vghd\bin\vghd.exe

Filesize
7.4MB

MD5
6b7be69c0bd1003cbe4f520f5824a516

SHA1
69c0d7dcf4b6ce45da4581146af59d98fb590f93

SHA256
7caf9e1792fcf593e8e2e558f09a3bf42dcb3b5bce3e7642836366c9b48c0cce

SHA512
3a0b47db43b025f5e3e64351e9134555beca39d4c3558fcc56cbf4da62b877e54734d3977ba5d3af2bb07a341d92857c21cfddfc1e407eb4c05ad5ca79efcebf

Download Submit
memory/684-148-0x000007FEFBAA1000-0x000007FEFBAA3000-memory.dmp

Filesize
8KB

Download
memory/1052-140-0x0000000000690000-0x000000000069A000-memory.dmp

Filesize
40KB

Download
memory/1052-139-0x0000000000690000-0x000000000069A000-memory.dmp

Filesize
40KB

Download
memory/1064-65-0x00000000745E1000-0x00000000745E3000-memory.dmp

Filesize
8KB

Download
memory/1440-199-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-220-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-222-0x000000006AC30000-0x000000006B7AC000-memory.dmp

Filesize
11.5MB

Download
memory/1440-128-0x0000000000750000-0x000000000075A000-memory.dmp

Filesize
40KB

Download
memory/1440-127-0x0000000000750000-0x000000000075A000-memory.dmp

Filesize
40KB

Download
memory/1440-221-0x000000006C980000-0x000000006CC92000-memory.dmp

Filesize
3.1MB

Download
memory/1440-174-0x000000006AC30000-0x000000006B7AC000-memory.dmp

Filesize
11.5MB

Download
memory/1440-175-0x000000006AC30000-0x000000006B7AC000-memory.dmp

Filesize
11.5MB

Download
memory/1440-183-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-141-0x0000000000970000-0x000000000097A000-memory.dmp

Filesize
40KB

Download
memory/1440-142-0x0000000000970000-0x000000000097A000-memory.dmp

Filesize
40KB

Download
memory/1440-143-0x0000000000750000-0x000000000075A000-memory.dmp

Filesize
40KB

Download
memory/1440-144-0x0000000000970000-0x000000000097A000-memory.dmp

Filesize
40KB

Download
memory/1440-145-0x0000000000970000-0x000000000097A000-memory.dmp

Filesize
40KB

Download
memory/1440-146-0x0000000002890000-0x0000000002920000-memory.dmp

Filesize
576KB

Download
memory/1440-147-0x0000000002890000-0x0000000002920000-memory.dmp

Filesize
576KB

Download
memory/1440-184-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-186-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-189-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-191-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-193-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-195-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-197-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-200-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-202-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-170-0x000000006C980000-0x000000006CC92000-memory.dmp

Filesize
3.1MB

Download
memory/1440-203-0x000000006AC30000-0x000000006B7AC000-memory.dmp

Filesize
11.5MB

Download
memory/1440-173-0x00000000009B0000-0x00000000009C1000-memory.dmp

Filesize
68KB

Download
memory/1440-176-0x000000006AC30000-0x000000006B7AC000-memory.dmp

Filesize
11.5MB

Download
memory/1440-177-0x000000006AC30000-0x000000006B7AC000-memory.dmp

Filesize
11.5MB

Download
memory/1440-178-0x000000006AC30000-0x000000006B7AC000-memory.dmp

Filesize
11.5MB

Download
memory/1440-179-0x000000006AC30000-0x000000006B7AC000-memory.dmp

Filesize
11.5MB

Download
memory/1440-180-0x000000006AC30000-0x000000006B7AC000-memory.dmp

Filesize
11.5MB

Download
memory/1440-181-0x000000006AC30000-0x000000006B7AC000-memory.dmp

Filesize
11.5MB

Download
memory/1440-182-0x000000006AC30000-0x000000006B7AC000-memory.dmp

Filesize
11.5MB

Download
memory/1440-185-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-187-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-188-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-190-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-192-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-194-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-196-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-198-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-112-0x0000000000D10000-0x0000000001488000-memory.dmp

Filesize
7.5MB

Download
memory/1440-201-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-205-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-206-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-208-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-210-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-211-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-212-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-213-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-207-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-204-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1440-209-0x000000006B7B0000-0x000000006B893000-memory.dmp

Filesize
908KB

Download
memory/1724-64-0x0000000071331000-0x0000000071333000-memory.dmp

Filesize
8KB

Download
memory/1788-74-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/1788-57-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/1788-55-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/1788-54-0x0000000075361000-0x0000000075363000-memory.dmp

Filesize
8KB

Download
memory/1788-62-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/1936-151-0x0000000003140000-0x0000000003150000-memory.dmp

Filesize
64KB

Download