394bf7387473fdb3c022185da7d5c27e1272ed3de42004aa86e4dfdc3971309d

Analysis

max time kernel
109s
max time network
130s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DarkOrbitInstaller.755.168209496 (1).exe
Size

24.3MB
MD5

f25ba436f0a55388313d25b3ad9446c1
SHA1

82b7d99b06ce79aa3a4179f14a4d5b9d32c0397c
SHA256

394bf7387473fdb3c022185da7d5c27e1272ed3de42004aa86e4dfdc3971309d
SHA512

f05ba43930321d14036a7e127f8aa55d3fd47dcc462eb178d2882c270a92968c322899b8c39beae5077c4f58565769544613fb3a9c0b65a0151ace64ab572a22
SSDEEP

393216:KXzIfGITSl9QuPeiJu9ngXuxXEWPMA7To3EjHRZ5nBoUbPpXOqAi8tJsv6tWKFdY:s0uQf5hU7sX7

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 6 IoCs

pid	Process
1608	vc_redist.x64.exe
1612	vc_redist.x64.exe
2240	DarkOrbit.exe
3048	maintenancetool.exe
2052	QtWebEngineProcess.exe
1680	QtWebEngineProcess.exe

Loads dropped DLL 64 IoCs

pid	Process
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
1608	vc_redist.x64.exe
1180	Process not Found
1180	Process not Found
1180	Process not Found
1180	Process not Found
1612	vc_redist.x64.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
1716	Process not Found
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2052	QtWebEngineProcess.exe
2052	QtWebEngineProcess.exe
2052	QtWebEngineProcess.exe
2052	QtWebEngineProcess.exe
2052	QtWebEngineProcess.exe
2052	QtWebEngineProcess.exe
2052	QtWebEngineProcess.exe
1180	Process not Found
2240	DarkOrbit.exe
2052	QtWebEngineProcess.exe
2052	QtWebEngineProcess.exe
1680	QtWebEngineProcess.exe
1680	QtWebEngineProcess.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x64.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2012	DarkOrbitInstaller.755.168209496 (1).exe
2240	DarkOrbit.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2240	DarkOrbit.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2012	DarkOrbitInstaller.755.168209496 (1).exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2012	DarkOrbitInstaller.755.168209496 (1).exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2012	DarkOrbitInstaller.755.168209496 (1).exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
3048	maintenancetool.exe
3048	maintenancetool.exe
3048	maintenancetool.exe
3048	maintenancetool.exe
3048	maintenancetool.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe
2240	DarkOrbit.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 1608	2012	DarkOrbitInstaller.755.168209496 (1).exe	32
PID 2012 wrote to memory of 1608	2012	DarkOrbitInstaller.755.168209496 (1).exe	32
PID 2012 wrote to memory of 1608	2012	DarkOrbitInstaller.755.168209496 (1).exe	32
PID 2012 wrote to memory of 1608	2012	DarkOrbitInstaller.755.168209496 (1).exe	32
PID 2012 wrote to memory of 1608	2012	DarkOrbitInstaller.755.168209496 (1).exe	32
PID 2012 wrote to memory of 1608	2012	DarkOrbitInstaller.755.168209496 (1).exe	32
PID 2012 wrote to memory of 1608	2012	DarkOrbitInstaller.755.168209496 (1).exe	32
PID 1608 wrote to memory of 1612	1608	vc_redist.x64.exe	33
PID 1608 wrote to memory of 1612	1608	vc_redist.x64.exe	33
PID 1608 wrote to memory of 1612	1608	vc_redist.x64.exe	33
PID 1608 wrote to memory of 1612	1608	vc_redist.x64.exe	33
PID 1608 wrote to memory of 1612	1608	vc_redist.x64.exe	33
PID 1608 wrote to memory of 1612	1608	vc_redist.x64.exe	33
PID 1608 wrote to memory of 1612	1608	vc_redist.x64.exe	33
PID 2012 wrote to memory of 2240	2012	DarkOrbitInstaller.755.168209496 (1).exe	35
PID 2012 wrote to memory of 2240	2012	DarkOrbitInstaller.755.168209496 (1).exe	35
PID 2012 wrote to memory of 2240	2012	DarkOrbitInstaller.755.168209496 (1).exe	35
PID 2240 wrote to memory of 3048	2240	DarkOrbit.exe	36
PID 2240 wrote to memory of 3048	2240	DarkOrbit.exe	36
PID 2240 wrote to memory of 3048	2240	DarkOrbit.exe	36
PID 2240 wrote to memory of 2052	2240	DarkOrbit.exe	38
PID 2240 wrote to memory of 2052	2240	DarkOrbit.exe	38
PID 2240 wrote to memory of 2052	2240	DarkOrbit.exe	38
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39
PID 2240 wrote to memory of 1680	2240	DarkOrbit.exe	39

C:\Users\Admin\AppData\Local\Temp\DarkOrbitInstaller.755.168209496 (1).exe
"C:\Users\Admin\AppData\Local\Temp\DarkOrbitInstaller.755.168209496 (1).exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Users\Admin\Dark Orbit\dependencies\vc_redist.x64.exe
  "C:\Users\Admin\Dark Orbit\dependencies\vc_redist.x64.exe" /install /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1608
- - C:\Windows\Temp\{679127F9-1C40-4962-9FB0-9F92A87EF646}\.cr\vc_redist.x64.exe
    "C:\Windows\Temp\{679127F9-1C40-4962-9FB0-9F92A87EF646}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\Dark Orbit\dependencies\vc_redist.x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /install /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1612
- C:\Users\Admin\Dark Orbit\DarkOrbit.exe
  "C:\Users\Admin\Dark Orbit\DarkOrbit.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2240
- - C:\Users\Admin\Dark Orbit\maintenancetool.exe
    maintenancetool --checkupdates
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3048
- - C:\Users\Admin\Dark Orbit\QtWebEngineProcess.exe
    "C:\Users\Admin\Dark Orbit\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=disabled --application-name="Dark Orbit" --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=1772 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2052
- - C:\Users\Admin\Dark Orbit\QtWebEngineProcess.exe
    "C:\Users\Admin\Dark Orbit\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --use-gl=disabled --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-gpu-compositing --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=2 --mojo-platform-channel-handle=1896 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab9649.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar965B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\remoterepo-yGcoWy\Updates.xml

Filesize
868B

MD5
2db935d5f72cada0ac5df83009bd45a8

SHA1
7faaf9e32ada2bdb2ed8bed480b745999f22c7c1

SHA256
0501482a68751c2ef105785d9cd67602dc8e088d14b002ae886ec67bb27232b2

SHA512
6af8700f51f1c10a57ec5bc6df470a31d4af46a3c8afb5879232ee7dc46cdb07a9695ccf419cb01e074c3749ba97853294f7c96f86c1182da20b729fe6762dda

Download Submit
C:\Users\Admin\AppData\Local\cache\qt-installer-framework\0c1b6ecf-2f09-3016-b98c-3902a6cb4f52\7faaf9e32ada2bdb2ed8bed480b745999f22c7c1\com.bigpoint.darkorbit\installscript.qs

Filesize
3KB

MD5
89b0af213f1c9f4ddf94d8d5f0aa7bfd

SHA1
8999594a10bfcecdca95fa141737c4ec0fe2af8d

SHA256
51a8eaf6311249836f2ec64d8e20995e8c4430f2082c5fc0d850e8869c28bb34

SHA512
d44c6236d816aa650aa74d26f503c8af082b800947842b90b6ec4b0600e7935143a3ac5a5e3b2ee296fec540799c4e7636c71c0d27647cd36d55700b2176c541

Download Submit
C:\Users\Admin\Dark Orbit\Licenses\license.txt

Filesize
11KB

MD5
c83b207c12ea62dd0dd6075c139918c3

SHA1
964857afbc4d2784838d6f5640bb5ac4d8e8b73a

SHA256
cb14074e8bc623d3acaa01f902100b5f45bf9e837bc390fe983c1f5b46583872

SHA512
e6b89b21bc3a37104b3e76c25a160c4a19a62bac21c9e80605bf37365273778063454a1a1b16049cca17efaf651088e15f3d54d65671dfee7e54b6be6d0dfd55

Download Submit
C:\Users\Admin\Dark Orbit\Qt5Core.dll

Filesize
5.8MB

MD5
b2b77282c8f09de9c77bd486a94a1676

SHA1
78758728c039ecc6ce77f45cc70408a49b0fa4e6

SHA256
60b21a618c7f4ee015b8060dd8a64e9fb39c5167ff369eba8aeaaa29290c3485

SHA512
dacd2643397ecc6d45859fc202480ba964782b6334c017095ee02888cfbdddd3b91621ba6d2fe34c51a4c7166413f89bfd2409ac23d89b712587dce95cf9caa5

Download Submit
C:\Users\Admin\Dark Orbit\Qt5Gui.dll

Filesize
6.7MB

MD5
6d50542785d7962382c3756cd85ca12c

SHA1
4838742895b3a2450031d6c90768fe9bc9722f33

SHA256
0323c7fbd9a579f339b597b3e5f5b6e02814ae594f7fbc0cdd1786a5a32551ac

SHA512
c3f6ce45a901032052453565b01516a5ae81c41580e8dbdeffc45920692f8e7cdd0c4149c30ca07867be11f3964c6528f78a2de948d5eaa9aa1bab6f2b8cea0e

Download Submit
C:\Users\Admin\Dark Orbit\dependencies\vc_redist.x64.exe

Filesize
14.3MB

MD5
1e7bd6790391b5b710c6372ab2042351

SHA1
75f1aee6dccf3d6e6ac49926563737005b93ba13

SHA256
952a0c6cb4a3dd14c3666ef05bb1982c5ff7f87b7103c2ba896354f00651e358

SHA512
ae3860a060be483c9fcbcf6a41f561faf2cd681f39138dd13a563e3f39cf4b4f41e7c0f7b58bc8b585b2728245025be4b198f06634a97fa98847258272f9f59b

Download Submit
C:\Users\Admin\Dark Orbit\iconengines\qsvgicon.dll

Filesize
39KB

MD5
f62b9046a843e4a1bfcc523efeed372c

SHA1
6967fc354ba733b306e372044677ab3259dd7296

SHA256
97ff964e732a388502d379700e2174e63d60c044e5ac2d6b4ee5b242aa4e71d8

SHA512
4e47301925c98701612c922d5b7cc55a0c3dc18f2ea5f21caed415eafb30e0629b810ebcf7e5e97aca9e3e32f82af9d698651eea7b7811c0bb8145d5fc086fc9

Download Submit
C:\Users\Admin\Dark Orbit\imageformats\qgif.dll

Filesize
37KB

MD5
b6bd4a0dbd0b687dfced57e390e21dd2

SHA1
a57d40ee8b91961c84db1bae173588a14422e6d8

SHA256
009b2cec1672da7a20548bc710705eedbcb29ce234cf42be420d24015f5422ce

SHA512
ab409beb9b0849627c663b1231b98a0be0aeefd9081414556130c346ffd19a61de5d79f7bb92846077e2123950c15638ab0db9491b193d45b0c3aeaacbca2c7e

Download Submit
C:\Users\Admin\Dark Orbit\imageformats\qicns.dll

Filesize
43KB

MD5
b574614631bf47fa4e888742bf666989

SHA1
17ad2d4684fbda34046efe48321fa181755f981b

SHA256
907bc2a346f9f3552cafcf9f903837f465a711705658f144951acaf42692ee09

SHA512
6438c7672a31a50bf0685bd56ece303664f7d966ed54ab79b520144d12a4c0b9c25b2187aa8e3fe49568841eb119475c32dac4b2b64936ca69bc7219d662e54e

Download Submit
C:\Users\Admin\Dark Orbit\imageformats\qjpeg.dll

Filesize
409KB

MD5
9ca9d1f1f939da18a667fd0670b55129

SHA1
c0c31bf08aa0f94ee884a976f21cf7e4a236ce8f

SHA256
2199ecbee4e17461cd48c64b4276eb9054d186ee450c087df339a54ceac527a5

SHA512
7d06edde8094b04bbb2de4d02b170f6d2f4596ba7dd25ac8f8b3fbd6e2183df0bc360831dba271bcf61eebc3a41e72d3491267d46dbaadf7a65d553925871490

Download Submit
C:\Users\Admin\Dark Orbit\imageformats\qsvg.dll

Filesize
30KB

MD5
95b1d9b698dd85de9634dc6086f0c436

SHA1
68f90d2a4356ec072f09fa5bb1275c70ea4fe016

SHA256
1e6e7d254338a72b8579adf3d8ddf4d78c172e3dac940c6cc6021564c64ee8ac

SHA512
be9735bbce2411cdda67ea19fb67eae8fbf708bf07de40872ef676b275458cb13413448b2d6692633fc1f1dab2a7cda88e6d9622f7cd82b07a8d964cca8a4082

Download Submit
C:\Users\Admin\Dark Orbit\imageformats\qtga.dll

Filesize
29KB

MD5
090ac8f5f18971b4ab39c279f1b1fdf4

SHA1
386313fad3ab48dd16524f96c7d9b7f618a1c39a

SHA256
79ed622f3e54d7ad653cc66d2043189ed97428d3dc8ebd7a9632af313ef377c5

SHA512
6a9c6be4af8a6c2e7cfcf7b69d196d41b5083a60dc5cfababc0a4a376c1de0a25f7712f9eb2fd4eb04f20d0135c12d969abbec22142ef27e9f5aa680b6381ccf

Download Submit
C:\Users\Admin\Dark Orbit\imageformats\qtiff.dll

Filesize
378KB

MD5
0d531b6b1a7914b276b1fb84c6a8f5cf

SHA1
20b615a03a2ca2a702009096b268c5250ba30305

SHA256
aa04a6a175d998d383f795eb7c5559e843792e67c9b9d70ad4e262fdbc36d0e3

SHA512
f5e532833c1a6304d6751d1ee0704307f2ad53a49e2a8ff3a2e89adee68f697361fa017402fae94404491fdd4eec71de93c893f9f788b9810b240c28c6abe6a0

Download Submit
C:\Users\Admin\Dark Orbit\imageformats\qwbmp.dll

Filesize
28KB

MD5
b36ad1929523e8116cad8dde4b84e05c

SHA1
db0b6aa7dfc8dbba79436e67cfc54d32b491bfcd

SHA256
f69e1b6c032ebd8b68189a9e35ad7352f345382a63591cabf45dadab1f659e0a

SHA512
8522476ffb1dfea2d6537daa8701ae9f509001646d712272a49f9a34e99e26e1fc41b5a00d9086ac1af55bc956cffd6f375271a436f5c58894116cc5f3e5dad7

Download Submit
C:\Users\Admin\Dark Orbit\imageformats\qwebp.dll

Filesize
497KB

MD5
d3532ba7342b2a0be4aee51d04fb9065

SHA1
8ee2dc22102f60bf8d442cd8fa40c557be57a448

SHA256
75e4048e0fe2a2576fd22067a2eb64b7b09f038b906482be7c39888aabc5641f

SHA512
c47b3ae022508010f2474d242b1d5767aac00db6e4401238839188959b1b08732b90a737089a5ef6a5ff0c57152292bd916e99f13d142f6c6d853fb7d9ebfbd2

Download Submit
C:\Users\Admin\Dark Orbit\maintenancetool.exe

Filesize
24.2MB

MD5
2c0c5633feaa1531758599d1b098b3bd

SHA1
314d5b8d5fe4f723b4ac9df732295766f4d5e306

SHA256
551b158210b559ee5d6ca12c68da05a7c9cdf1b349b081bdf27b3ca79003e094

SHA512
82c10f96853201559c21db5be4868342e59f4c1e4d267926b424e4827800cf3ce4c360d98a7cd56e4602644d07e68425e5e34c7331531581e8672b806c7f7de5

Download Submit
C:\Users\Admin\Dark Orbit\maintenancetool.ini

Filesize
5KB

MD5
6eab5d775aa8dc3b986e793ed3b5bc28

SHA1
0b56a3ae6872c8813cf5934cc8528f221859c4cb

SHA256
5c4bfdeab41356465e1618ceacd5f9c80c8dfde896bf11ddc3f82360f4fe3dd2

SHA512
4c32dac3275906ab9c5204612d5f35ecd1a271631fb735d553e52d630eb7c99ab9af2c223db084bf31abe3b72383c5ab7cd182fced96da9370dd20397bfe13ce

Download Submit
C:\Users\Admin\Dark Orbit\qt.conf

Filesize
20B

MD5
6470e4383e287b0d1df3d381c40d0951

SHA1
22e0ff90603eea34c346ead2c03872b7bfb68f21

SHA256
deb6c894e57dd7d9fe5264e59f6b8905d095aec049ac2b246b1e26d426e935d7

SHA512
c0a729dd35183cae687c40531925cc0889539e81bc6ebb71a7ed7d310765f0cc558f1b603538f1e5a37959dc24833603ef14a951056b6bbe045ce710113b3ed5

Download Submit
C:\Users\Admin\Dark Orbit\translations\qtconnectivity_en.qm

Filesize
16B

MD5
bcebcf42735c6849bdecbb77451021dd

SHA1
4884fd9af6890647b7af1aefa57f38cca49ad899

SHA256
9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85

SHA512
f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

Download Submit
C:\Windows\Temp\{4474CB72-B4E6-424F-BAC5-C7EF4B988DCE}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{679127F9-1C40-4962-9FB0-9F92A87EF646}\.cr\vc_redist.x64.exe

Filesize
632KB

MD5
1d7599c4a31b82e70308c022e9494011

SHA1
7d04a03d5502df2838d40dd131b1cae226cb5205

SHA256
21d2935d29c807a3a56c406849b97dbc7f720822920930d0e2b13a44203c107c

SHA512
080ff020e0d2d9c0ce6beee8143c0f49e1b4450baa08072a8662f4b25ad6b034ee0ad174f2d4acd5b011cb8fb140656755007e245673f7677964b9e99555ab08

Download Submit
\Users\Admin\Dark Orbit\DarkOrbit.exe

Filesize
366KB

MD5
8abe73ebc0f1d5bf4c16b94b45203968

SHA1
b4c664ea84e528e1728b96927abb4571514894cd

SHA256
0aecdf49ec4984a016fce56f0fc91da973822f5a9b67def1daa1f71bdef2dda4

SHA512
181f893224e6b757ecbe55c5c77be0cd085aa90627fdd4cc62a1389c2f196e72e669e318d48054fe1707e88bea15f9a1cce9574c66e507edb4692c4538d9bfa4

Download Submit
\Users\Admin\Dark Orbit\Qt5Network.dll

Filesize
1.3MB

MD5
d9730d9354bc8b3d2b6afec51893a990

SHA1
e47a84d9961792180ba34380eb6200656d2b085f

SHA256
c5650340a415128f0d4f47ce1d94ea04e9bde9199943fb22f22547d0678264b1

SHA512
6fafba68a3ee6c24339e76b8c5f58b2e1bed0eeb9fe9ce09f6431a5e43cd8c9f30f5a8063aa890766cf02de9daa6c9b02e630617cacb9dc36a41216e8b5536b3

Download Submit
\Users\Admin\Dark Orbit\Qt5Positioning.dll

Filesize
312KB

MD5
4a420ecce02135eb07f6c4b183e87a28

SHA1
5902c0ef5a85d10793f5fa5f98fed6150748ef3e

SHA256
fca214bca8c24919c1e35bd016ec85f1e2e02f7ec8048f5fe63a87b23498d91b

SHA512
3e23c4fedc40fa70d8c8d062faacd07d839e63efb875e83c6a4b9f733e9bbc8086f74f41645d52a7d4b7cf42a872e090ba2effd70e0a5e2f1661a95e86d57a69

Download Submit
\Users\Admin\Dark Orbit\Qt5PrintSupport.dll

Filesize
311KB

MD5
8a34b25423f72318785706403ebd4ef4

SHA1
73ae861262e1909ccc98c99cdf1e2429f77cbcbc

SHA256
ad7c7b34ee8d70a081a0f994deed227bf08d8e08120d4ccf5a794a2d5fb24306

SHA512
fc2761b092c880ec2e4b2aabcd09bec3927137a3ab48102d7a9c79148c0fc5e4ea11dbd4a2188ee2d8b986914b28807582190ebb4dcd1f912bbced65da35b594

Download Submit
\Users\Admin\Dark Orbit\Qt5Qml.dll

Filesize
3.6MB

MD5
55971b37b9c0a74dbacb3469a8b00478

SHA1
6cf8f408add8b0de3f74c5513d91a5ee6a01e531

SHA256
61dfa21938d2a1620dd44d220fdc2bd8991a34b74721c9b7dc0908451c0a2717

SHA512
896af7433afcc60633159d03b2934456a462ee1a3d7562fab05af75875c23a614a3c3bb61a94d4dce8de478f1b1820df7bdb608f37ac46037174de7b4b7ad178

Download Submit
\Users\Admin\Dark Orbit\Qt5QmlModels.dll

Filesize
431KB

MD5
52147e0b5531bd4585b88f3064668eb8

SHA1
81f3aafc5edbbb2492eeebd3c0108b6bf5dbf6c6

SHA256
6d431a7691061c4ba88dda8cd165746151e26a64dd53e70c9a8258cbc2216aa5

SHA512
fd64cfa85de44459b14914badc0fdfcb6a647ec715b4021e322b2df1decd9f06c3d6f91484baf471bb8dcc5ff39a0edeeeb0caa3e4cebe5762d546e44a9e3c3f

Download Submit
\Users\Admin\Dark Orbit\Qt5Quick.dll

Filesize
4.0MB

MD5
b70f124298e93a9f14456640c8eabf14

SHA1
f88b860ff0b65bac369c130a2f0d486f257eb50e

SHA256
3b12390ba4c14181262d0e38835f697d667dc4a72e25cf8028890d65cda5a2c9

SHA512
34ea966ce33a13cf6272dbe95684f6f70e21eb411eb4e2e37dae1db5144f27d0df85a01f75f971248c7c75d763f608d1481859a2ab221096ddbfc57f1726a143

Download Submit
\Users\Admin\Dark Orbit\Qt5QuickWidgets.dll

Filesize
77KB

MD5
cafa3a400e27cac75e709c05e5e86675

SHA1
65c6f9c9ee522e71ebe131f245706a2af458cbd9

SHA256
0b75ff566be55aeb1d6e04f3a15509bc1c4e0e285fefcc59365533d0a2e6fe60

SHA512
41a94502209440c1709ffe045e4800cfbb62f7fceb2bf3afce0d1b9a220428331c65cddd8052b0629ceaf8763d0cc4a3428607ab239bf18af029f746e73f1c09

Download Submit
\Users\Admin\Dark Orbit\Qt5WebChannel.dll

Filesize
133KB

MD5
d52d7e980e43d1daecdac66f61a2e26b

SHA1
b4906b7817b1fd3589ceeb6ca2a4b3c61f52747c

SHA256
d365581beeff41ba656ec8d27625ad912284acf51cb13fb3b9bf3203f4767631

SHA512
c392eb609ea50838f6e2987dbba79d88eab50c63a405f93aad3a7c70882a84bb668996be6688a34251db2bd7e37d429eaf81652952789076ed2759294e0c123f

Download Submit
\Users\Admin\Dark Orbit\Qt5WebEngineWidgets.dll

Filesize
248KB

MD5
e1cc59b40aea4454d6e1ab2685819358

SHA1
9bfbf5cfa9918df6d45b092b9f623ea4b44ddbd2

SHA256
bc28740a1720ec06703f735e18370c618bd2bfee06c048491498dd0a1179d90b

SHA512
0f3ff02aeb8d06f9d3db7a385d27a5255e967af59d5926854ef25df8d0fb4b91a17cb6248a6effdcf00297c4857419c09dfeafd819aac30dfe7ed8f9680d7593

Download Submit
\Users\Admin\Dark Orbit\Qt5Widgets.dll

Filesize
5.3MB

MD5
220bf38b520fb1e7fcdb36b514fdea46

SHA1
b143c471b47b2c524e35305ba977cbf9d54edc23

SHA256
54f56144d8e1199f548a2462519c1c2e42fb49faf15fba19c032284e82f1c883

SHA512
59a48600f80ce86e41eaf8ef61211754447de331ff9f5d8ab3fe6e1d2a4f55533824a32e1c4e6d99df430b784fe835d421cd646bd371d439e8ea4495ee7ddffa

Download Submit
\Users\Admin\Dark Orbit\Qt5Xml.dll

Filesize
208KB

MD5
63d91b407a350da5ce19b5d79924b1f4

SHA1
45886a4018b60a5eab7d4b743f4df2a9a4318edc

SHA256
22b626313a535c85ce6a097571c53a6e6678a9d4bc5d0db9f81660adc7ed366e

SHA512
fa06ab2b1ae116bc7ae93ea64d4c258a7149a23c0171c077f0919956101a22a59dd8e3f975c64073319842f01d6183253f637a0edb514f0c02c9d88b0e65e6cf

Download Submit
\Users\Admin\Dark Orbit\imageformats\qico.dll

Filesize
36KB

MD5
ea433c13e69f529ad2a3e47c3b989e78

SHA1
5df7d37b8d6d82a0d5e26a6d7c99c2000de574b0

SHA256
95ec18bed437f343ba7ae4cb32184ea9d81c3221080152a7dfaf8a1221d3939d

SHA512
4acceede221d873e55320f66805611e35ac3af13c13634c28736380791fb4ee764f0c55ed43b461ec7b19b88bef0416ef0bfe89bea264f3c7077dd23dae69d7a

Download Submit
\Users\Admin\Dark Orbit\libEGL.dll

Filesize
23KB

MD5
fb6fedca4e36d7e32f5802fd67ad33c4

SHA1
37ab111310849297b2e2f1fed35bf8ae56c4f016

SHA256
a80fc8dc56cf9cd7a8b472ce61e1b3f36be6fbb220ca75476675ee8881227bbc

SHA512
ef9239492bb70d4b5d2c8198b7c863ee2d58e7060d8f0e192d6c391031a9db6be516fde46c772431a1e40f2601b7fa0c478c9b379ed96c0b056798890e09a8b6

Download Submit
\Users\Admin\Dark Orbit\libGLESV2.dll

Filesize
3.2MB

MD5
713b4c7c22b824052ff7b67bb7f3b98d

SHA1
9cf3e26b3ee9bd0be6d157b0284b17e3164b6878

SHA256
13ca0160c45d3922399c956ac707124093ddc4da3e1ebd4e25e8e8344be4378a

SHA512
4922ac368540b9cdca5ea613275868ca07b35f324a0d93f7a8d94423d3d409a53ea67631d72879e5614e4c94d0bb71982f977118fd50e53e53f0cdd1860d9f3f

Download Submit
\Users\Admin\Dark Orbit\opengl32sw.dll

Filesize
20.0MB

MD5
7dbc97bfee0c7ac89da8d0c770c977b6

SHA1
a064c8d8967aaa4ada29bd9fefbe40405360412c

SHA256
963641a718f9cae2705d5299eae9b7444e84e72ab3bef96a691510dd05fa1da4

SHA512
286997501e1f5ce236c041dcb1a225b4e01c0f7c523c18e9835507a15c0ac53c4d50f74f94822125a7851fe2cb2fb72f84311a2259a5a50dce6f56ba05d1d7e8

Download Submit
\Users\Admin\Dark Orbit\platforms\qwindows.dll

Filesize
1.4MB

MD5
0e6d9926455b73c9e67de1e06f02ca19

SHA1
840c1ce586f8684b7d0e80dd0f1643a2bed4676d

SHA256
bf1a1e1fc37faf7a2f541674b66f0af5b3b70d753444c37cec9259fbf84f36ea

SHA512
45bc1a205b1059975aa36d724ffd2f5849a0f1b11a01d1ae902f9d8a646e9101bbb059effbf83ffd7bf942c54516a7cf52f2ca66a87b8824f14f4a877acc7bcf

Download Submit
\Windows\Temp\{4474CB72-B4E6-424F-BAC5-C7EF4B988DCE}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
memory/1680-688-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/1680-722-0x00000000775F0000-0x00000000775F1000-memory.dmp

Filesize
4KB

Download
memory/2012-3-0x0000000004450000-0x0000000004650000-memory.dmp

Filesize
2.0MB

Download
memory/2012-0-0x0000000000310000-0x0000000000320000-memory.dmp

Filesize
64KB

Download
memory/2012-609-0x0000000000310000-0x0000000000320000-memory.dmp

Filesize
64KB

Download
memory/2012-610-0x0000000002620000-0x0000000002622000-memory.dmp

Filesize
8KB

Download
memory/2012-12-0x0000000002620000-0x000000000262A000-memory.dmp

Filesize
40KB

Download
memory/2012-11-0x0000000002620000-0x000000000262A000-memory.dmp

Filesize
40KB

Download
memory/2012-9-0x0000000002620000-0x000000000262A000-memory.dmp

Filesize
40KB

Download
memory/2012-10-0x0000000002620000-0x000000000262A000-memory.dmp

Filesize
40KB

Download
memory/2012-1-0x0000000003E50000-0x0000000004290000-memory.dmp

Filesize
4.2MB

Download
memory/2052-721-0x000007FEF45A0000-0x000007FEF49AC000-memory.dmp

Filesize
4.0MB

Download
memory/2240-679-0x0000000001FB0000-0x0000000001FBA000-memory.dmp

Filesize
40KB

Download
memory/2240-645-0x0000000000200000-0x000000000020A000-memory.dmp

Filesize
40KB

Download
memory/2240-680-0x0000000001FB0000-0x0000000001FBA000-memory.dmp

Filesize
40KB

Download
memory/2240-727-0x00000000023A0000-0x00000000023B0000-memory.dmp

Filesize
64KB

Download
memory/2240-726-0x0000000002390000-0x00000000023A0000-memory.dmp

Filesize
64KB

Download
memory/2240-725-0x0000000002380000-0x0000000002390000-memory.dmp

Filesize
64KB

Download
memory/2240-731-0x00000000025A0000-0x00000000025B0000-memory.dmp

Filesize
64KB

Download
memory/2240-735-0x00000000025F0000-0x0000000002600000-memory.dmp

Filesize
64KB

Download
memory/2240-737-0x0000000002D00000-0x0000000002D10000-memory.dmp

Filesize
64KB

Download
memory/2240-736-0x0000000002CF0000-0x0000000002D00000-memory.dmp

Filesize
64KB

Download
memory/2240-734-0x00000000025B0000-0x00000000025C0000-memory.dmp

Filesize
64KB

Download
memory/2240-733-0x00000000021D0000-0x00000000021E0000-memory.dmp

Filesize
64KB

Download
memory/2240-732-0x00000000021C0000-0x00000000021D0000-memory.dmp

Filesize
64KB

Download
memory/2240-730-0x0000000002590000-0x00000000025A0000-memory.dmp

Filesize
64KB

Download
memory/2240-729-0x0000000002580000-0x0000000002590000-memory.dmp

Filesize
64KB

Download
memory/2240-728-0x0000000002570000-0x0000000002580000-memory.dmp

Filesize
64KB

Download
memory/2240-724-0x0000000001FB0000-0x0000000001FC0000-memory.dmp

Filesize
64KB

Download
memory/2240-617-0x000007FEF4D60000-0x000007FEF52A6000-memory.dmp

Filesize
5.3MB

Download
memory/2240-644-0x0000000000200000-0x000000000020A000-memory.dmp

Filesize
40KB

Download
memory/2240-801-0x0000000000200000-0x000000000020A000-memory.dmp

Filesize
40KB

Download
memory/2240-802-0x0000000000200000-0x000000000020A000-memory.dmp

Filesize
40KB

Download
memory/2240-803-0x0000000001FB0000-0x0000000001FBA000-memory.dmp

Filesize
40KB

Download