637ceb8f9ed182a97ab805a3a19231242075e98924152bae28c64c14c8e15d8b

Analysis

max time kernel
73s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 17:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Orcus Administartion.zip
Size

65.8MB
MD5

db450971badc670cfec922987bd3b369
SHA1

c48fdb5313622543a1c9196ecb494b4b23f74b37
SHA256

637ceb8f9ed182a97ab805a3a19231242075e98924152bae28c64c14c8e15d8b
SHA512

4e69d594037e74e55361178c51d2d09785e9faf0c220c60b1f56cde94f817a7b3ff223de7afa524f3ba88e484dbed35e18d17272ac4838093a55cc845cbc05b0
SSDEEP

1572864:Ju9ICaeJE8kxjlwh2ScMaVvZT5rKSFm95YLAJLfX:JuWIkxj02NlZT5eIm95zBX

Score

10^/10

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral1/memory/2588-286-0x00000000067B0000-0x00000000067BA000-memory.dmp	disable_win_def

Executes dropped EXE 1 IoCs

pid	Process
2588	Orcus.Administration.exe

Loads dropped DLL 36 IoCs

pid	Process
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe
2588	Orcus.Administration.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2916	7zG.exe
Token: 35	2916	7zG.exe
Token: SeSecurityPrivilege	2916	7zG.exe
Token: SeSecurityPrivilege	2916	7zG.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2916	7zG.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Orcus Administartion.zip"
1⤵
PID:2100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3488

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Orcus Administartion\" -spe -an -ai#7zMap3643:98:7zEvent10470
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2916

C:\Users\Admin\Desktop\Orcus Administartion\Orcus.Administration.exe
"C:\Users\Admin\Desktop\Orcus Administartion\Orcus.Administration.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\Orcus Administartion\Languages\OrcusAdministration.ru.xaml

Filesize
147KB

MD5
5798a83663db5c53fa109286d8b3c0e9

SHA1
db699ee41b5834ea1c0b1a2e1a8c81f28412f7cc

SHA256
49d30b16b840ea1e8f05030ab4444a42bf70ac0736a0d5a56b497f254894e289

SHA512
e574be5b7d510d136e4133c23c4a9341102e467acd02562a1d02588f704dc92a82b5e6075873f06e21ad3aaaa272e8eeb44f230038b095f64dc04006a64d1ffd

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\Orcus.Administration.exe

Filesize
1.7MB

MD5
4e5b3ac6043a2a30cb9a6c5b7d83a92c

SHA1
4cdadb0e2a43efd29d677ccab4e79f9176fdaa0c

SHA256
dd688ff9c60bae29cedfc389e0e7e1e961210406ec3e2ffde79fe4124d819fb8

SHA512
40852a42eebb27d72014347ccc5c6722631eb59235db6a3424bfa2b6bbecb211b613bbf3c5e246d5cc79723f316bc84652617ecca893d79e087ef3d87c015092

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\Orcus.Administration.exe

Filesize
790KB

MD5
e83a8a54bf77fe76c1f3cd7bf09835d6

SHA1
e97c7dbd32323b518b15a8c987c7176410cc0029

SHA256
7bca7f7d766e74796a57faefbe833009217ae457ee7fd90009b866bf1dd8abf4

SHA512
f0ace17f6ae8eb24f69d60aa98fb1129454a37a8f7b08d2b3a40ac543965ee8194367c60c3559208a64f5fa14cee4b78404b148f2c8254d513d280d7dfcb8547

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\Orcus.Administration.exe.config

Filesize
1KB

MD5
d689a8f25c2be9024f4841123b3e4053

SHA1
22070d67b9edb78f63bae994dc17d6ae001e6cd1

SHA256
7383bcefafa33afd801befed53528cf8b1f16eff9233ac106c3297cc5d54df1f

SHA512
e2245628f91bc7368599716d84f2fe7680bd998ec4a3b4f9ce17e4d993648672c139f7878f22f03776571e7462095046747cf5e46cc8c3aad02d51512c2038b9

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Exceptionless.Signed.dll

Filesize
195KB

MD5
54654c5a7e32935caa9c7ac726b9180d

SHA1
983fd77215286b60306d05edfd733f942287f9ca

SHA256
ec0e254f71c11c424c42ced4287fc38c56d7aab73a92b5665e24528d54a59630

SHA512
66f25943a755e4a8a00fc893788a861a24c1092b78618a141e1befd834a8830c0aa9ae4af73af76a3398f2fb1bdca0d039d46e323dcdb15776fef7c58e0bbd07

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Exceptionless.Signed.dll

Filesize
128KB

MD5
1914eb30d2349f38b3aaa3c010f5863e

SHA1
aa4a4a580a3b3c4de219bb01c04a24d3235bdb21

SHA256
82a33d50cb7e81654cd305fd26fd239f2c60839fd3ae35be52622e4ee5f46c71

SHA512
7af972b301ded5a00f4c4c1a2d8b71ae932a6a5fb7a5009d52e3ddbbed97ead34d50476f88040c15bdf930be65ce83e6317e9abc2c142448fa9e18bd4cc0d147

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Exceptionless.Signed.dll

Filesize
109KB

MD5
afb0c47ce1b641f244834bab185f656d

SHA1
58bc8c66dde91cded920bb821ce567c0595d71e2

SHA256
1869a0a689a65c62611bd1a3c8148919cf9e6a13c0d04c22b3db2e53429b2085

SHA512
b906b8e86d99ef20145c4bc3d23a8c6505456ccd7f1762914878cb8cdc24d5e508465e2674183f70cd4c8e948c89e619b412ea4fa3105e871399ae9085ff4d6d

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\FluentCommandLineParser.dll

Filesize
43KB

MD5
d0220eb32a8a631ca29f55929c7046cb

SHA1
553ec4ecc90676c7bb1de9f75a6b1226f39677aa

SHA256
e6124423367a9ec411176e2714c16a041c1a8b3e1691845040b57b0d779bef14

SHA512
63c2d7ac019d511751c57153bde64c5c57819a74ffbd1a893ea980211185296f018bc09980537394bb33e92508b4e14d87da8a6fba2ca87b820b9276d07a3445

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\MahApps.Metro.IconPacks.Material.dll

Filesize
166KB

MD5
af4ecc8525974bbcb956d4e213242167

SHA1
9267be8bdf017998d6b85fd6b3ccd56e6a131eda

SHA256
22e538233889a728d899d87df6b5c323a067eb951a3acadfa27e777a062347ec

SHA512
123adc1b14bf70faad7c6c744c7dce64ecfaa224b918e0bf078197def5fa1909924e79585541ff34fc15fbec33e85b6236fdea985717b0302d9732b0182b048d

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\MahApps.Metro.IconPacks.Material.dll

Filesize
98KB

MD5
240f9e87f17fcd567c1835a178a73bab

SHA1
1293de90b0a151675445dce73fe5e32101719ac3

SHA256
b71d8efec6e7883bcb50f03c75a7f2a1186cd8ec5a67b75cde4aa44158b17e04

SHA512
843bc42bfd07dcc97e2cd38c0c7004ba852eb91ca515fc9aba4ccddd11fee9445fb870f5b78010fbc29cfe3f54774c6af634dff351174af29f61092d0d04d4a0

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\MahApps.Metro.IconPacks.Material.dll

Filesize
141KB

MD5
dc97c261d520728f1431347f6e44b63d

SHA1
40d39d81ba38416e8d71ceb7eaae5c12531049e3

SHA256
4fe2c6c0f0a6395274f81ac9d385a11bbcd9e1df3a5dd9cb5aee92c0093907df

SHA512
51cd7ee5c9453281fb150af0f27d7ecea69c6b2aaedce73431ba7beb6b8d2baede1c5ff17ebb807707e822640fd359899fea5f4562a3a3436da8da761b2dc3cd

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\MahApps.Metro.dll

Filesize
44KB

MD5
b1383a4998e2676b231a2dc021d4067d

SHA1
45698f7a5dc3d4180df6d4687eeaaa7a62372cd9

SHA256
434033925d4e5038a31a43569538d2e05875c197e2ddcac26c5a0319d1617499

SHA512
9f46dcf0c5d58b1026e4eef4cdb2e5c2b9c46dd4a07d05bc65d7e3e04ad2f3c8cef50778a5e0c86b0bd69b42500cc7e85cfce6a445b511a88573b19766756ee9

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\MahApps.Metro.dll

Filesize
39KB

MD5
06ddb28c2ff7071867d97447c1283fcd

SHA1
6f26c7858cdd68285f868500a4f46f34bc3882f2

SHA256
1018ff81c2cc1c5aad38e27146939e2625b79709f238685bfd09f34d33b228d2

SHA512
7cb1b0db38d8ae5112c36bf9f08bcb36da1551fdca4a99e0c6034625cfaf309295b2b8fcf85a99bc2711ad8dc14ffc06fb081f848b440b6128724ddfe6ca8444

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\MahApps.Metro.dll

Filesize
54KB

MD5
a829102e99fa00912ca8c06292b21cc3

SHA1
b5c6c29585c62e04ddfdfeeca37a640d04b0c18e

SHA256
b735afc69703525b749e3e9095cac7193680ec0c8e86d3db7a8871060d7e9e24

SHA512
7ea70541cb7512aa87a50faec9f68ae403544645f01dafaa0ee4ffb24ec407166e599878a82d8365eddc3f5777e24a39eb0a970993b915de4df0436cf71ade5f

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\NLog.dll

Filesize
81KB

MD5
d358ba00a0fa564cdb59a1eaa62bcbed

SHA1
06d58589076179d04a3dc120686718bad27d1593

SHA256
bab84192975c6a21e442ff3b52bc53f0d4b0e64d84acf9e1919db0b2c9dc8e6a

SHA512
6003cd6e7b3b1107d81df938ea61b7818d62172bd696ef1c45ed9644a926007290559370a73d8a80931ed044766cc38ba70d53cd3e47a67e41df8716931e27de

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\NLog.dll

Filesize
46KB

MD5
8f8980accc9ea977621e6f936b325ec5

SHA1
c4d784c84a26b10696c2969ae8f2763159088dbf

SHA256
72ceb79ebcbbedc42207bf574d4d3d3c065014eb6d5ad907b1b4e6c209c6b9f9

SHA512
21d0be8fa6083f4ef8379d6464c545f6c6320b4203f00bb11747144dfa2b1a1d7358467de3a777cb6b2fd675373f8d1b60cd132e01f7c9d357f73d08e07e3b8d

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\NLog.dll

Filesize
48KB

MD5
0d73d8e7fc3b3681d2bb927249879d7c

SHA1
6ecccb167885b5acdf79c8f3b3aea76f510555c1

SHA256
339710ef5bfc9b6aa03738f3f3e166ea24ee1f7d79be52c25f25a49d65e0b8e9

SHA512
3fce913e47ea30a590a380b5cefc7c048fc498a6664661582cb2c73686fdd3dd13d3a0194dd74dc78448919823a411118954602324c724c68194c680fc02fc63

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Newtonsoft.Json.dll

Filesize
198KB

MD5
d59fcef5a0ef6702c47e9405fbc68fe6

SHA1
cbecacc002e9a24c1541970eca9d43e2adaa9036

SHA256
f5ca2066cbede4fc80c5ee2190508c057b9aa6be0b8857768dcdf3b49e3b234b

SHA512
7b483319ca4a20946efbee3f9eab81ad41a501a0d5e14c471e5863827b0ece15bbd247774ca8a363ebe127618e50e63d4c4e0952c64f2e673dc86a7099c7643a

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Newtonsoft.Json.dll

Filesize
246KB

MD5
ef0872c7e90ef867ae399cfd6ed3abb1

SHA1
25b071f1bc8662f496e7e03cbdfd1c156b773592

SHA256
598e14acdbc3aed0d9f9a84053772d16aa73e61038b2cd8afdad5bff11849ed4

SHA512
9d895c36debc7666a8f5eaaa0bfe3931fd7bc1ee2ab0800c45275243a8cd9a40e97a02642709ad3acf73497c3641d0f4081fb151332e9a6109dacb54a2b1019c

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Newtonsoft.Json.dll

Filesize
153KB

MD5
6dc7f738f03f283a6662b2992299fc88

SHA1
04f465d344f92b082cd39a1356d11e0b9a3ba8d4

SHA256
4e4d3bc79519d6c9e513bf0b71918352693ff471fb2ea84c4138e228f0a202bc

SHA512
3bd27dd8bc54509e2a27b74662b10bb2d50d04739c1ca2b3c177708da09e05b9635a8e0835e6d8777115467e9bd6fde9ed8f3b88a4c7c162ffe91820e25d02e5

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Orcus.Administration.Core.dll

Filesize
152KB

MD5
146418e58ecc531454e59455ed6d7066

SHA1
fac62ebb503c4c548c82c2282a81fdfeb3bda2e6

SHA256
ea018b939e9138a5ab5001c90c8535e28fe488fdb0a79b533194e83e0e26ac94

SHA512
e21ac11d49bfced783e26e5482056763ae74f11ea9435fca9cca8978c553ae2040d1b09059be37771ea2ed887823f3b7109c8ea6a8aad3f2154498c230f2416d

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Orcus.Administration.Core.dll

Filesize
189KB

MD5
d110be6ac6382d19d05903be93971e86

SHA1
41fe69482951e3428fb626e769aee84e21997a17

SHA256
c4e3142467712c92dbcb4e174c0e05b743491a8286fefe88002dd3a8a4f1aa77

SHA512
b54fb10583a977927e720bf9e9780aea849b363dbd35161a77152d69e0b98ae0dfbf7107148a6e77fed023a7da04806bf4b5e80febfdd202dd178ca7acb28470

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Orcus.Administration.FileExplorer.dll

Filesize
100KB

MD5
9b7425039ad7955532cf1670a235e660

SHA1
1daf749998a52a5488c9d51b9e7df274d7c74759

SHA256
6a3b9a8c18ec9c954164baad55c59c1c9ab76e91360055d13116e3d6a44accce

SHA512
843807570932b34b992f11d2f7147f1e50b60bd9254dbff17f3ba92cfee92430e5ae170588156e5e4ee0599ea6b5dd5ce09c7af6096d54c07f8375b97c1ba07c

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Orcus.Administration.FileExplorer.dll

Filesize
121KB

MD5
94bc86a93e235420489cc0121beb6066

SHA1
249fe43834b95748e50c7a8740263cdd1e9ba7ef

SHA256
91a23a4bc37080bc10b92aa3137df95bcfb0792f7693c594980ea86065bef3b7

SHA512
be0b16ec7a518c71b4089ef91339aa8dee1887d60e34c7d60b0c7d239ad7f9f9e224f2d4bf283ea3b9ea7f43d78178f474cbf0cee0f59ee6fdee6c8a4e99ac7a

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Orcus.Administration.Plugins.dll

Filesize
37KB

MD5
4cf28fc963d03cfce340a018850b2f95

SHA1
d4cde3b66b5666a8a99ae4c8a62c6412c932b823

SHA256
a70662914de7fc43763b855f0deafd5fb14d4075fa6d4f6e646967b44ac2d286

SHA512
780aa4e8d401e1b82bf56bdfd578915bebc6110280b0e9f5cfc59a447a7bd8d6853f9ed252fc873d18d6a5acac278519e685230063d7d8250f019413320943a2

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Orcus.Administration.ViewModels.dll

Filesize
222KB

MD5
ed032556aebda3b4bb62252487911eaf

SHA1
1a0980a58ee6e7ebc58f0994885a17a418117671

SHA256
91af3def8c1bbf6388c860d6b1e4070d328fffe138c6daa5e673f0e5c2890dec

SHA512
96bedb0843de59b1acbe94130c94a8af483f61a1ac35c7c027903e4eedcbc0e80cd429515ad3652d9e205a0c31a31eb0ac45761ea9855c1f67fbe1dd82739156

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Orcus.Administration.ViewModels.dll

Filesize
154KB

MD5
386a8dc75db5ed3da91e0296a0285e67

SHA1
f78942dab26f9b909cc2821c0fe6e5bb0e2d995b

SHA256
9ecafc3ac85ecec0e44acdffff467267e10cd60ca25859627917842328d31214

SHA512
fc008de8548ddeaa71d8091c93546861d304dd84f715304258d56f69dd4929a3d5e43059544839a0056c043470ab500dfe0be5f29ccb59418953a3241b80cc53

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Orcus.Administration.ViewModels.dll

Filesize
229KB

MD5
6efa91269ff83f8c7fd8b4f7ea9d82a2

SHA1
fb6a2089ae6fd0f0ef0206d6ca2b13a2b924ae5d

SHA256
2450206c9a12a88d88dc05bcdf37a114b32137b0bfa7954bb92003d14f17d10c

SHA512
6449570e890f1dc3357a38f276a7e95f90a6488097bb5ae9d988bcba02eee1e445d8e76c658c33e03a8627d48045a688400386c33c38ddadb7594d0f7dd3a3b8

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Orcus.Plugins.dll

Filesize
32KB

MD5
b6c772932d5afdede7c7e1bdbe472404

SHA1
3efc9797e72ecf3a2a21c68cd2012bc267b64e84

SHA256
fa78a9a0c6b0b531e744b38d77bbf121196b2e88dc2bb3e4c79509115cd6abe2

SHA512
f64e05650d7acaa675345aad248f4185c26a0035973f79fd7ca87f86ecdee926da18941b55b7b3313a734c922d29bc73be8dd2c64b848df540f798f3bc1ad59c

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Orcus.Shared.dll

Filesize
139KB

MD5
8acabdfdba5a1d9e1af44edb7147911c

SHA1
4afd27e3f0e31e906e6579d275b084ac356cf1f5

SHA256
7f819b96ba4d9b37b12b513e4f42c399055e1e9bb01ce79e6d67ef1de4a2ef18

SHA512
84d13ea3926c76ea2925fc73568058c8e790dbca6e78eae277a236c9116be75d09d90915968856b3726f8922fac4fbbc537ede5a80f2218dba22d5c8a0daa445

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Orcus.Shared.dll

Filesize
106KB

MD5
0299f70971189ab0f6740a359fa376d4

SHA1
2869f308ec133a6e226d80c7c209bb30682f5bbc

SHA256
3be9a230730355734d2ba33e4c9f1a92b8372af681338acac8873f8738aee0d6

SHA512
1ced8ca732eac36438014d4ba05befb4aa02a828a3d4398e51e1ad4ecaa7934c2e15e1c522cdb11e63f308860648f628e46184aff204732bbfe7c4e45e5b450c

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Orcus.Shared.dll

Filesize
133KB

MD5
984b2876dc0739147fcd144dd07ca463

SHA1
797cf4b65154278ce941d211c28e42773b05a4a2

SHA256
22006cba85d53a7a74976753287fed8d5bdd784f9a246032e17168edf9365d48

SHA512
a5ce9fc145160deff4c35ba23f8bb7e118506e152878bb355d6c9e02097b45fe55a68aa14681fead22cc68813965a3baeb9cd898e27149351db3c0dfe82b0852

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Orcus.StaticCommands.dll

Filesize
75KB

MD5
aa74ea8c62054d7e0ee71036d865f139

SHA1
4603786f5adf87aca0c6426f1761b0e555fca1d0

SHA256
2995082b7870f87da635934a749e0d258c0712fc664385cd8ab679153cd3071b

SHA512
4594530b6d811c8ef112ad4af09b3d7e687876a6edeb6769a46d15dc3cdd9a31d846cf46244ced390a98dcc50ee47528fb673215a592b2d0e1133e61af14e69f

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Sorzus.Wpf.Toolkit.dll

Filesize
60KB

MD5
ad100bd000dc8301a6caa9b6426ae5da

SHA1
b29863359973f228f11c1c567c5c5c2b98e373cb

SHA256
4d9b236309b7c2ea4f824a2d301c9b7b09733ba1c08c7824d435c4afe5de9886

SHA512
9855648988d4bc65612a9bb3b8800db4a0b4e4b0e27e03d3836c852060f65698a2cd3a64aad8e7657ec6798b0959c9832f979411923a8d41ba6cbb43505787f7

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\System.Windows.Interactivity.dll

Filesize
54KB

MD5
580244bc805220253a87196913eb3e5e

SHA1
ce6c4c18cf638f980905b9cb6710ee1fa73bb397

SHA256
93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf

SHA512
2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Xceed.Wpf.Toolkit.dll

Filesize
155KB

MD5
f8fc1cce6ba560e3131d93563d9f2774

SHA1
6c532c20df1aa788d45618b2696644fdb7bb972b

SHA256
86fb7879e83a0bd4d4eec66da151db9954777f39a109ad3f0ff66a798aa1520e

SHA512
863c5aa807d1cb42d543f5ae6aeb4359971fe4bf9000d3337832d388d16577c16301c926da6ef05a21100ff34ce4c27dfea9752a9e43d79e06e9adcef3d5a2be

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Xceed.Wpf.Toolkit.dll

Filesize
166KB

MD5
92d53f2a5437e73dc92ea2b32a3c9e7e

SHA1
9829fb1c1915850b5d66af27e8c16c03c8834e3b

SHA256
f25d1f54e76542c0d9b855d742d0a2cc8006c073c1eae41535f41df99518ebd6

SHA512
0001a1ff77910b5893e25b87208448b8a82406f6ab73975759500dba39349c543dbb787d8da0d0b3abf0d164985146bb59fbe3ffaa2d65424b7b3fa1d294c67b

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\Xceed.Wpf.Toolkit.dll

Filesize
143KB

MD5
827bbc6a78b525315a0e7b032dc39a7a

SHA1
ded81d160073ed571f6a4fc0b13332053d1ef15d

SHA256
0a126abf57e8a7d752ec1c6c1a945dcba3810a6585f31ea89e38012f265e07f2

SHA512
584f4f6b8eb9a18805ebe546826efed89823c4bc65aa28b54852902060cd9bada123112963637793e0ce9b308f4640021f2e7dcbb742c91424fe29b5c196f047

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\nUpdate.dll

Filesize
85KB

MD5
0bb93a3f49a56cdd83b9049f77f8f854

SHA1
565b467cf49e29a1de22e7fbd204ccffea3082c2

SHA256
cfc23e5cb4e13212394f4a67c2d6611672947fd1c67c1e18b8e1beb81aa04b34

SHA512
888cd8352a238e7e998166a141d1a27b51ad54782c0b458845ca1349fa61a160589708ed6802bfc66a70a46831c8c4d31cb07ba02c5aac14b4d25ac7374cdb3b

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\nUpdate.dll

Filesize
192KB

MD5
868d11a0318fdf2349824f38246305f6

SHA1
72b818aecd3ccf3a40ca7f0f90bce4efc88a790d

SHA256
ab493b624dffc7667c05936dba3f2178a97a573571f1a9691065e7c45b1ba7fc

SHA512
2dedfb7a667c44c40fb1afa979f75f55d2af98a1e3b194c82eedf3794949a2cc4f500bc9e959a4dac0cfe0400ff76af520614a9db38179aa0c1a322e77e0a854

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\libraries\nUpdate.dll

Filesize
121KB

MD5
1acf82cfa3619b2f3b230aaf05c5d953

SHA1
a779030d588fcaf9dbf94716c03a517357e73298

SHA256
d3a2c175b57fdd2745e6cc4dec4e950aed0066ae11916fb4327fafffdf31cf39

SHA512
f77927f4aaf60a4349891644c55cbcd555065a0492f6638985b61ee9a2f8e7e8f123d8009ba4afecb0f6feff5518497023931150323ee2541ae8ab9666bcc71e

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\plugins\ApplicationAudioPack.orcplg

Filesize
75KB

MD5
2e1f82916722f07895cbb8cb69216fa3

SHA1
c81e2f7eb89af147a857613c628681f6e965f9b0

SHA256
605489fc4431bab842f8630c3abe21ee3af38bf54d52593de2e5f84b7d1a3eeb

SHA512
3eb1e82ed280071ef25f5f7ec5d683336e3c0175625b47cab4fa7168ef088c874d83813b8081599de02b8d31f960695a949a56e0fbc604cf6e1d7949e2c5ea28

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\plugins\AudioPack 2.orcplg

Filesize
40KB

MD5
0f6dbafd5fa969228746275f2a5dedb5

SHA1
8f404a20665c8b675bcb376afa5ec2bb0410ad99

SHA256
3873e92cf82a217add8748a7a428420c63c520c29fffa50a6f542ea16a9e7930

SHA512
2ec36149357e487ae5fd6921e1c95f47479cc6c9ddd7deb968114feac6354f751739db7d40f73e7b0e82e2c1e33a61aad359f1a91e2f2c0d2c0127e56f4a23a8

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\plugins\BsodProtection.orcplg

Filesize
14KB

MD5
342cec4ccb94b6a50c3073e3ca2ee68f

SHA1
f61c77debb0b178e5f7bdb8afba4569c204ad943

SHA256
4214932f8489cb6f50d42caab20a167ef5124c5acaf6351d30db05be225f6958

SHA512
55de1cb3ce6a84b84b2250aad9aa98f5dc7892610794a8e0edc86a96ee63aa6b6ba14e9a6578d78f6fedf0490c8b5641ff12a71f9648059096f85d6b3c79f1d6

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\plugins\DisableDefender.orcplg

Filesize
4KB

MD5
438fdcae2a176be771d1cc5882cb6071

SHA1
d66c25a53983a1dc99b735e91be662908ae18abc

SHA256
060e13704004415d4dea25081c3eca43aa4b8ceb01c82d02ed81e251f8ef24c4

SHA512
f6eb07f81adcba380201367d49b3a9909b0e4f25e5bf60ca7719635895ddce2e794f04a3c202ca8cf76a0963a6e3b0aba29f74fa1e321e78f04f0cc8139a0ac8

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\plugins\DisableWebcamLights.orcplg

Filesize
21KB

MD5
5f32cd5a2c08ec5504de906c6f598281

SHA1
7adafa9de45c29b0e58c7df98f1c756ebf05dcb2

SHA256
f54ef6da320b5f66f3562e44a36bf0cea3848d452ebe2b53f7f5dbb28cd2b61b

SHA512
f3f9affc5157a1ac09eea0f2075184d5649dcd8e49c888ead27e633faf543e30d4085997c0af0942398f64b3ef2a62a8a37028efcfa30b77f491e2d34fe34b72

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\plugins\EILoTIRiXAudioPack.orcplg

Filesize
32KB

MD5
90e5f542f00e4f63affd4ddf072a8576

SHA1
5d1edf92f7902de15d291f044a13c4bed1a9a5d2

SHA256
82e13a1a11a8a52d061767d356c4dc890fae7ebf6f4742837dbff7da9e35e642

SHA512
1e594d907ddd500909aec8255c29c879b9d3b8f28a6a11557d904c9648d2e3ba3d9eadb9fd76064987ac5392794eb9b77b8244796dd5cd59b0b554d8437a576b

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\plugins\ExceptionTest.orcplg

Filesize
13KB

MD5
01175630155405b937221bb958c27158

SHA1
67dd066b4ee720f602f5d206e6e1b0f5df79672c

SHA256
abe2f5b4d9d46d27335cdc1ff38039f0a644a3db5456156021975f3d3cb6c4e3

SHA512
d79a7af76847f3beb8108206756a9bb99535683f40a7ec75642551cba50b70526b97a0a8ac1a8bf66416436acddfe68171ffcbda7a95f701883e1ed530e77225

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\plugins\MSLIFileInfection.orcplg

Filesize
7KB

MD5
547c8e2d996eaac3fbd68b1238aaffda

SHA1
bb4405e01524206ccbc5e250b22bca17f48cb20f

SHA256
736ebe894afef379a8b05f36d807df87220a451fb60a78f4f69763c4952ce0f5

SHA512
b76ebff30bf8bc5a00f732c714508028fd17bc35e441fbb50ef2698c996d0e667cd1494e645a011d869153a394adb23952b7a434be3664dcac9a9fc9fabf0919

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\plugins\TrollPack.orcplg

Filesize
118KB

MD5
b3a349d651469199ace2109a02bcbe9d

SHA1
bbc16672a9c319c81aee9297b92e954c14cf6426

SHA256
618fcdde0c4cb6a17fea7ff9aff529c6811855e9cf830ceb00dc36d3192c6e7e

SHA512
d64bb100847df536fbc3fe2819310d74375fd67b1caf29a19885b3c550adc964736b3f8199bb3e8448fed9d3d2d243d1f3ab25772261c79c9c6c1d6e89d6c8ec

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\plugins\VahrameyAudioPack.orcplg

Filesize
75KB

MD5
78be45ce23efd3b2a7018e79f9c8c4ee

SHA1
2f67c5d5273c0eb0ad69d0717dd47322ac91a957

SHA256
9f56dd9c225ab50718090a396f3b625b7c53c94a80020c32cfedab35137e8d34

SHA512
3cbf1c07c20e1454fbeabb05583b842e21b00b9df750073e2c03266f3b092e45e21f1c2d381d3e9a07dba580f874b898645f51f58b22cbea281e748ada72fb8a

Download Submit
C:\Users\Admin\Desktop\Orcus Administartion\settings.json

Filesize
998B

MD5
a7edf3ddd64c8c67787bf100c880ba5c

SHA1
6bfaa7ec9cd3818e666fbdad24736dd902ff8797

SHA256
d5b343f5f39cc8eaf60d07fb45715b4b056fd9a2ee042ce752f8f0b0092134eb

SHA512
c702741f54622b21dca29a875d723d4951a5619f2fc242f402a442176fece97821fe907fd683c2021f69bc8fedbde2911e9f3783ca66af2f174d8eb792b3dbda

Download Submit
memory/2588-240-0x0000000005EB0000-0x0000000005ECC000-memory.dmp

Filesize
112KB

Download
memory/2588-239-0x0000000005E90000-0x0000000005EA6000-memory.dmp

Filesize
88KB

Download
memory/2588-271-0x0000000006870000-0x0000000006BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-264-0x00000000066B0000-0x000000000670E000-memory.dmp

Filesize
376KB

Download
memory/2588-270-0x0000000006710000-0x0000000006732000-memory.dmp

Filesize
136KB

Download
memory/2588-268-0x00000000067C0000-0x0000000006870000-memory.dmp

Filesize
704KB

Download
memory/2588-277-0x0000000006FF0000-0x0000000007002000-memory.dmp

Filesize
72KB

Download
memory/2588-276-0x00000000070B0000-0x000000000718C000-memory.dmp

Filesize
880KB

Download
memory/2588-279-0x00000000072D0000-0x00000000073C6000-memory.dmp

Filesize
984KB

Download
memory/2588-260-0x00000000062B0000-0x00000000062BE000-memory.dmp

Filesize
56KB

Download
memory/2588-280-0x0000000005C90000-0x0000000005CA0000-memory.dmp

Filesize
64KB

Download
memory/2588-248-0x0000000006610000-0x00000000066A2000-memory.dmp

Filesize
584KB

Download
memory/2588-256-0x0000000006300000-0x0000000006312000-memory.dmp

Filesize
72KB

Download
memory/2588-252-0x0000000006280000-0x0000000006290000-memory.dmp

Filesize
64KB

Download
memory/2588-282-0x000000000CAE0000-0x000000000DD48000-memory.dmp

Filesize
18.4MB

Download
memory/2588-244-0x00000000062C0000-0x00000000062F6000-memory.dmp

Filesize
216KB

Download
memory/2588-288-0x0000000007010000-0x0000000007018000-memory.dmp

Filesize
32KB

Download
memory/2588-235-0x00000000064E0000-0x0000000006606000-memory.dmp

Filesize
1.1MB

Download
memory/2588-294-0x0000000008670000-0x0000000008678000-memory.dmp

Filesize
32KB

Download
memory/2588-231-0x0000000005E40000-0x0000000005E64000-memory.dmp

Filesize
144KB

Download
memory/2588-292-0x00000000070A0000-0x00000000070AA000-memory.dmp

Filesize
40KB

Download
memory/2588-227-0x00000000063B0000-0x00000000064DC000-memory.dmp

Filesize
1.2MB

Download
memory/2588-296-0x000000000E0F0000-0x000000000E458000-memory.dmp

Filesize
3.4MB

Download
memory/2588-223-0x0000000006170000-0x0000000006276000-memory.dmp

Filesize
1.0MB

Download
memory/2588-290-0x000000000DD50000-0x000000000DEF2000-memory.dmp

Filesize
1.6MB

Download
memory/2588-219-0x0000000005C90000-0x0000000005CA0000-memory.dmp

Filesize
64KB

Download
memory/2588-286-0x00000000067B0000-0x00000000067BA000-memory.dmp

Filesize
40KB

Download
memory/2588-218-0x0000000005ED0000-0x0000000006166000-memory.dmp

Filesize
2.6MB

Download
memory/2588-284-0x00000000053D0000-0x00000000053D8000-memory.dmp

Filesize
32KB

Download
memory/2588-214-0x0000000005970000-0x0000000005A2E000-memory.dmp

Filesize
760KB

Download
memory/2588-298-0x0000000015A40000-0x0000000016E50000-memory.dmp

Filesize
20.1MB

Download
memory/2588-302-0x00000000086A0000-0x00000000086B0000-memory.dmp

Filesize
64KB

Download
memory/2588-209-0x00000000746D0000-0x0000000074E80000-memory.dmp

Filesize
7.7MB

Download
memory/2588-303-0x00000000076F0000-0x0000000007756000-memory.dmp

Filesize
408KB

Download
memory/2588-306-0x0000000007780000-0x000000000779A000-memory.dmp

Filesize
104KB

Download
memory/2588-210-0x0000000000A60000-0x0000000000EDA000-memory.dmp

Filesize
4.5MB

Download
memory/2588-304-0x0000000007D10000-0x00000000082B4000-memory.dmp

Filesize
5.6MB

Download
memory/2588-307-0x00000000077F0000-0x00000000077F8000-memory.dmp

Filesize
32KB

Download
memory/2588-308-0x0000000008600000-0x0000000008608000-memory.dmp

Filesize
32KB

Download
memory/2588-309-0x0000000005C90000-0x0000000005CA0000-memory.dmp

Filesize
64KB

Download
memory/2588-310-0x000000000CA00000-0x000000000CA38000-memory.dmp

Filesize
224KB

Download
memory/2588-311-0x000000000A940000-0x000000000A94E000-memory.dmp

Filesize
56KB

Download
memory/2588-312-0x000000000FC10000-0x0000000010228000-memory.dmp

Filesize
6.1MB

Download
memory/2588-313-0x000000000F570000-0x000000000F578000-memory.dmp

Filesize
32KB

Download
memory/2588-314-0x00000000746D0000-0x0000000074E80000-memory.dmp

Filesize
7.7MB

Download
memory/2588-315-0x0000000005C90000-0x0000000005CA0000-memory.dmp

Filesize
64KB

Download
memory/2588-316-0x0000000005C90000-0x0000000005CA0000-memory.dmp

Filesize
64KB

Download
memory/2588-317-0x0000000007640000-0x0000000007654000-memory.dmp

Filesize
80KB

Download
memory/2588-322-0x0000000005C90000-0x0000000005CA0000-memory.dmp

Filesize
64KB

Download
memory/2588-321-0x0000000005C90000-0x0000000005CA0000-memory.dmp

Filesize
64KB

Download