orcus | 3786d314f4e3906400b24657ed15fca047576eba9cf17630246db69503fdbea3

Analysis

max time kernel
35s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2024 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OrcusRAT-main.zip
Size

25.0MB
MD5

4ebe8621171038676189cbc5e7053d9f
SHA1

2e3a3b97163d1e8af1e41c36f9495062fb4b1934
SHA256

3786d314f4e3906400b24657ed15fca047576eba9cf17630246db69503fdbea3
SHA512

e0091ae9f3acddc7e8d11b89a60debc3dab57b8af57bde4a3f538b2283eae398a1adec8224bf5fd2d0be61be015fc2a79c49b06cf786945073e1cc87d66be356
SSDEEP

786432:DFrAoo07VJxiSdlBx4IVwXuOHKW3kijZk:hrA+xJBgIEuMUiNk

Score

10^/10

orcus discovery rat spyware stealer

Malware Config

Signatures

Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
rat spyware stealer orcus
Orcus family
orcus

Orcurs Rat Executable 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe	orcus
behavioral2/memory/2880-198-0x0000000000AD0000-0x0000000001B0E000-memory.dmp	orcus

Executes dropped EXE 1 IoCs

Processes:

Orcus.Administration.exe

pid process

2880 Orcus.Administration.exe

Loads dropped DLL 33 IoCs

Processes:

Orcus.Administration.exe

pid	process
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe
2880	Orcus.Administration.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Orcus.Administration.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Orcus.Administration.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

1452 7zFM.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.Administration.exe

pid	process
1452	7zFM.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7zFM.exeOrcus.Administration.exe

description	pid	process
Token: SeRestorePrivilege	1452	7zFM.exe
Token: 35	1452	7zFM.exe
Token: SeSecurityPrivilege	1452	7zFM.exe
Token: SeDebugPrivilege	2880	Orcus.Administration.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

7zFM.exe

pid process

1452 7zFM.exe
1452 7zFM.exe

pid	process
1452	7zFM.exe
1452	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\OrcusRAT-main.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1452

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4888

C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe
"C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\opus.dll

Filesize
332KB

MD5
1fc04b8bb4896745163df806695ee193

SHA1
39174ce2fca9a3e86bb7a5686037bc42f2572de1

SHA256
3f2b2fd440fdd84288dadfc63e37a4bc7ea0aae26889ab0d4a5ef6148f44ce14

SHA512
3ff18bdd364f27e54ffbf2d1af53e3500ec57e7e8fa14185f7fb1ef6639d69ac6253543b9e2155ade45ca5bcd567e94334f1ee7ad0a7ff28194168dc49883261

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe

Filesize
16.2MB

MD5
a6347e4e194adb6d2a3fae52598d8cdd

SHA1
aa06c496c20d6e04142d4a5205a032680a452a0d

SHA256
911e3e95efddbae9d1c2f4b04027567c76823116755097b5868b7241c7e30cbc

SHA512
2ee24604c0edbc09096e2344ca6c1f74b1067b9aff7f077d0b4e42cd8f51dd1116e98016e34f0a1d951fcdbc8bfed33b1709a9692ba95b3ea3cd84d9ce080922

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\Orcus.Administration.exe.config

Filesize
1KB

MD5
2846ec087e67923c130a5b875193c893

SHA1
ab1049f2531941cb98e99e5f83e8fb6b5be3a7f4

SHA256
148dc241bfa25e5fda9ebef2d315aa95121f9468da29dc167573f32f14733d08

SHA512
a332471ee3d01a13d6f7fd3516ce58e43ce7f6d7dbc0f6b8cc90b26d1be13b2b5b39ce76c29be753edbf5146eca92c02de2746f251918ac12a1cf103df1899de

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\Exceptionless.Extras.dll

Filesize
71KB

MD5
d3fcd5038079ef42e23ed39a86af5a31

SHA1
3977309df5b3ddc0218a800ee463ddcbcae7503e

SHA256
9d4ab0418d94d3c3d7025ecc1c70ce1762ee12aaa4d35666c2dc7887df53a537

SHA512
8535e4b5b7b61cf31fe69bd43eb2ba4c2a248a2f2a6efcf9b1ffc9cf4d39b67dcb687d45964054b3900f5aa21662b4acc91302f02e99e819ac6f5827a0d493d0

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\Exceptionless.Portable.dll

Filesize
678KB

MD5
6aba9f00d64371b940eedc21804ea9eb

SHA1
5fb0e520a23c780474b0866218c61ff55d083b3f

SHA256
22c949720dacd2dc19b7744185b18faf53dc18199c36af44158257a08ce7f3fd

SHA512
9166ff3cfd7adc334f3a98f4a40736c178a1c793f6ca264722bd1b962a3d059d88035eee1f45aab2b45a8692a13ef50c8e762c4c8600937b263fd7c2703185c0

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\FluentCommandLineParser.dll

Filesize
43KB

MD5
9b5e37f89268ccce0e098222004093ad

SHA1
30b12174abda6a420b2cc152b5c682ff8f106c37

SHA256
fe068b6f15a5423f86558927dd22ec35070c041db9cde1ecade0590d93ca5285

SHA512
23e8cbaa6103f5a76729ee8470b5b208d67be22c9b9fa78340055ac8ded04dc6147c8c50cde96f7c10b111f81cab3e5504227ac5b8f1a616c1a1384c6350257f

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\MahApps.Metro.dll

Filesize
918KB

MD5
fb1e8eee84791cc015e043ab0ce32bba

SHA1
42fb789011213635a7d022ba4fd5461a0d9a134d

SHA256
0de72da4bc2d16d39c30368af880d754fa0bd9745897652ba50213e589d265c5

SHA512
748af415c875cd5d44f305cf58060e7e66ef2ef041b6e86e3a76287a51af63116096eaed0877dc48c17da6594ad0c8dbf0ecadecb763dd469be8b6cc1d02d4a0

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\Mono.Cecil.dll

Filesize
274KB

MD5
6d6292bc8e698e53e69556add6f62442

SHA1
fab26eb07adab421797689da27ad754aa1c31810

SHA256
0f6465ce57a0cbabc37013c8e3c9f110672de1c127b6192177d59eb1c7809772

SHA512
f77c995857bf3c62bd87cce4246d9792d388af33664fbabf05bfcf574ae9332c45013697be7f698bff6cd33b02573abcbeae172b53c75979339e01123c61ae32

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\NLog.dll

Filesize
517KB

MD5
27c2b96dfbebba578638588d2c95705f

SHA1
6223920526982da59a93ccb2d733e9bdbb1afbaf

SHA256
a74414ee5a23d73d879c216d9cfd96a9a8ad048773fe689d8a8b3022c9869cdf

SHA512
aa90ef4fef936a43c3413c90427668b7956742bb88eb2693d8dc23654952997771e702f5c0b8ffa04e8f0ef8e16809d8bb3ac1f007bc9989b039e78a1d2a6358

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\Newtonsoft.Json.dll

Filesize
510KB

MD5
c3c04754418382f505cafc18d64427f5

SHA1
cac5e36dc498d6bb16170020be021ff5bd18a9e2

SHA256
df8ec2e0245829ddec5b79f1918c3ae3a3fa540a5a0e3c410e2b6ef0bebc7927

SHA512
bda5efd0f69a9c7198841e5d31744fa2bebb05cedb1e2846a0d2dbce6c3193da69c181be1116f38cd5f3d61b441567b1da2c844522184323e3d429294aa91ab5

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\Orcus.Administration.Licensing.dll

Filesize
80KB

MD5
70e207da89961cd32217eabbe3ac0791

SHA1
305ba309e762a128ae098e5bf0241ba71f3a331e

SHA256
83f968c6682b0e52b217daa6aa3da21be6967aa194a14631f43cc76c11a142e9

SHA512
8d9de9a9b3ad265a1df7bd7ab790db639d6ef4b871275a5b2fbb72f9b324cc3158d2073de2de78692fa7ffe64e78e31e7d7f75cb3b50c0d6513da21094bad075

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\Orcus.Administration.Plugins.dll

Filesize
34KB

MD5
358e21f82feabac03af75599b09532bd

SHA1
b6523b40151fa7090d1a2c44f2b7335170b2d7aa

SHA256
ba011053d673579f781de553994366683d7ea57410ae8d10d9823387ee94b918

SHA512
7334c3b0dcddd321f9fa0536b5000151a4b65f7da5b41e1f70009af7cfdaee70c44d07ce4d5f7eded97d30a89b9c1bb71a18e39fc6243b0fc07a5e3ee05dd1d9

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\Orcus.Plugins.dll

Filesize
21KB

MD5
88e74301f491db06cf075502629b6e56

SHA1
21e970cd1a672fc00eba203ec52a7e4bcb972420

SHA256
e33b1f7ef345a2fde88b2f70e24f1df739c4db0d33f4c2a6fdbacbc4e4190e91

SHA512
0efd79562d68912d6526d570be6a9334cbc79df0c68c105b7287ff6f36b5b6c85a7eb99ba8d6b057e86333c0e8909fe50fe49fe42f2c717f10801a88609c4ecd

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\Orcus.Shared.Utilities.dll

Filesize
25KB

MD5
155e691e9ff9b79b713836b5d469e3b9

SHA1
17988767d56448bfde33c20d1cd46089ce1f2852

SHA256
680a6a746f6961b6df5495d91c44bb4007c62090dd76948c45640ed01c0bd56e

SHA512
e8ad235a5a847a9da3bfc476e44f3cbf7d5c400e6b63c2ce3fce15d2ce7c39a0ae5b9cb13680a9ecc4c36c529f865fdc3351a1dcee37a36902d132f829b908a7

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\Orcus.Shared.dll

Filesize
282KB

MD5
d5d297629e1b1e77758f4221d1a5bf66

SHA1
5a56ec678d97ea260dbd40825cd1148332a8e06a

SHA256
c046865c41a0880ccd223c57e148a1083e7e2fe4da647fa15a04a3dc182da5ae

SHA512
8cea7bbea5734f9a6054314235be4047fa51408b51e171f94f7a727520efd13e47f1fe0476d2cabcf946d51a6c17ab3cba4f2eb4263e6ff6891e3024eb9fccc7

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\Sorzus.Wpf.Toolkit.dll

Filesize
43KB

MD5
efc2bbca9bfe174475d17e62ea0f5b4d

SHA1
3d74ba1d65245fe86cbca4cff525856e9b1755a1

SHA256
9f025d34cb7dc817df9f7f722c14eff6f2d95946ef24c486c7063d8ce9e0236f

SHA512
575a9700ea8d4fa1d470632c3654425c816b82c7a5f60c8c9787cc699961d95b2eee82ebedceaa77ec17a96329958235b3a94b6ee868e3a900bcae770506ef23

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\System.Windows.Interactivity.dll

Filesize
54KB

MD5
580244bc805220253a87196913eb3e5e

SHA1
ce6c4c18cf638f980905b9cb6710ee1fa73bb397

SHA256
93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf

SHA512
2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\Xceed.Wpf.Toolkit.dll

Filesize
1007KB

MD5
96a320c552ce1152cd674895ffad9f10

SHA1
7a345edab598a794d71d03cd36b78e1ce683e5c5

SHA256
fcadc89d8b2154008f96073da5562575c054e5520f8cd1ff5e292ffe7e67efd7

SHA512
465032415e03c4eb27eb07c157139962d1a3f04619b4bc989bbc1455a62fb5491e7915ac5df9be83c3b17f7287086ab0de0d4caf0cb161f857f3eff05ff776dc

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\libraries\nUpdate.dll

Filesize
2.6MB

MD5
253ba7f0427e3f8e032b97496a019a24

SHA1
62793783943b04d8836746bb452145722cf63001

SHA256
814eb85113211fa90efe952f35d06e537f01bf38febca48e2c0cef02ebdb1877

SHA512
29f848f4293454a0103197cd3bb59e364df099b7a26f926673b30132ffe3d15b505fbfc3e0391482d9cd9ed53efd0f3193d0cdf83e0fb59ce3e27de878b83585

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\plugins\ApplicationAudioPack.orcplg

Filesize
628KB

MD5
b8cd6b3141a11fa161b2039ded9dc0f1

SHA1
bdf56b2b8b84940699034a2afd9be6fca554d905

SHA256
c82a13255716c73b3ed9d89c48eb000d556e9690f4f830d444ffb64041f7e813

SHA512
deba05e0c5e077aba1b17985863abdbe115d7f9476a2902d6ddbed081b7632b79510601561276354516350553913d162333842a1e896af8af5b1dd5bc2c00b4f

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\plugins\BSoDProtection.orcplg

Filesize
14KB

MD5
727dbdbe573b1ef41a2c2457d9d1b9a4

SHA1
b65d0ead80c87f7e4b6543c362c257185d5e33c3

SHA256
fe204d16f31a6b210343be7e52279f8abedf8587206503daa6f2c8f6224679f2

SHA512
0b1530ca35d6772da20ef7018bd1f81554d9e2f1b9f30ea12db5c40f7f800712c88caa77b3df29e503ebd40b33d06cc16125eadab7804f974d659b2f6c577681

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\plugins\BuildPumper.orcplg

Filesize
54KB

MD5
595efdf47d3a392ec489defac02ad7cb

SHA1
40741f2a47c5f1f210f860c10fac7bedc4eb058d

SHA256
9fac7662c10a44f9870f42e1a5d407b31b0d7e4428b7ca95c28bc705625d0613

SHA512
a7c5bde085b6d9465cf01798631381e3eb73b9b93db8d06bb7ab7c759bef1a92fe8174b6faf2bfcc7b300d0c242bab2adc90c488ab36d257bbc34d56e8d41bcf

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\plugins\DisableWebcamLights.orcplg

Filesize
21KB

MD5
5f32cd5a2c08ec5504de906c6f598281

SHA1
7adafa9de45c29b0e58c7df98f1c756ebf05dcb2

SHA256
f54ef6da320b5f66f3562e44a36bf0cea3848d452ebe2b53f7f5dbb28cd2b61b

SHA512
f3f9affc5157a1ac09eea0f2075184d5649dcd8e49c888ead27e633faf543e30d4085997c0af0942398f64b3ef2a62a8a37028efcfa30b77f491e2d34fe34b72

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\plugins\EILoTIRiXAudioPack.orcplg

Filesize
2.8MB

MD5
31aafa3933fdab7683e889ec1038ad35

SHA1
d11f7fa55e2cf75ebbc6487468ed4b0674f1111d

SHA256
24aa9269afbac24251495bd0c86538b814089cdaa0aa77a2ef653d31dbc33bcd

SHA512
e63ef239f6f58692f8b5c1fe4dd60e91f2892da696b8797437e4cbc6b7bddfeb0dbaaccee0be0185e50e05162b5cc141ee14da9aa153f26252bc7461d8da2da1

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\plugins\ExceptionTest.orcplg

Filesize
19KB

MD5
a5b3e031c0d6b20817422beb12bfc78f

SHA1
e9a909e13889a2e6688782d3a290ac375ba4b528

SHA256
c66c8d3ae5f3af64ee34da2f7df88055e314fa1e9254aa9e2425e1f527db9e81

SHA512
f96ad64a771767bb626de49786f5adc4e94a56fa10f68588b9af06ae33dc2f73fade1fc9758ecbefd56a94a6a6221392addb6b9a2b1295f8f39940d7e760a509

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\plugins\ExtensionSpoofer.orcplg

Filesize
20KB

MD5
2e27ddbcd452e61fe204dc593e1846ff

SHA1
005a864ba1c68802218cfba31756a62193a3407e

SHA256
ef736367bc542ca05bc3ca14455934b412a3f88564d022bb14c59f82d0433ba2

SHA512
4bc127d9e21667b113df85f4beda96c00d1a5933c9f25d65ec6084b7efdec58500404eb394f648a5cfbbf50c4e32af0306686f978a09ad0f6a3212427b0ffcff

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\plugins\GamerView.orcplg

Filesize
405KB

MD5
8b6269e7ca2180ffd4777552f2335760

SHA1
c809c7c37db0d73662f1034d6dfea63a7db0b229

SHA256
8c0d48a0383af350f80c2dadd34e67bb8c0e2b4186871e59178715f0c4aa4d54

SHA512
37c4323b10d663cad2c0869000dcfd47cc61a74c8e4fe2aeb5029e3d64a3301b3a32b32177aae382ecc3c2e68dc677ee362563eb305ac5003a688017db1d327f

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\plugins\MicrophoneRecorder.orcplg

Filesize
399KB

MD5
152544f1ffd1a61aadeb23fdf4078b0d

SHA1
f3a65b9def674f4e139dcd92766e9df7280188b1

SHA256
bac443cf632829f3a946d79f35fe75fa6648949b7cc9b51ec7197691a3b84eee

SHA512
520da08cec73947a8cb66d2e4e70c3e5f2a5ab230d8cae95f9ea60961878166151ab5053fbfc11a2441680bad7b21e7c1222ff89a68c7e1d5a06d248b0c16388

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\plugins\NotificationCenter.orcplg

Filesize
39KB

MD5
307e0f115911e72fb3515cd3e974b802

SHA1
23c392e92714df39f50411abc74210f973f13891

SHA256
e4b01417828da0489b97f1a6e3173b501cc510a1c14e5536f65b6f5929dc24e1

SHA512
cd8c9eb1068a7c0ca1c015575a71efaeb4a2a51f00003f011e6a00e862bf11d8f51632f97d2a351d17ad707b35a2b01d63beaea45176f3a87b28450a211e456d

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\plugins\OrcusPatcher.orcplg

Filesize
28KB

MD5
d73970251dd27aab5d6bfb79b98e672f

SHA1
48e90e2224b492d4b3356b669614806f9bbaeff7

SHA256
3051a1f1cd8c2984d56656fc7cda2bc63b57735dcf1a56c39a1d77e6196d3d38

SHA512
5e6e7b40d5cc93aa12782974a6e19c5d8c28a05dc32195b0d1f6ff28f976bdfb79075aa8cc3cd22c760ba5ce611f8dfc0f99ff0509545510fd21da649cdab331

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\plugins\Screamer.orcplg

Filesize
1.4MB

MD5
c4fa0302349ea02d1a86e8c3538441a4

SHA1
830cd230e1b53cc0b6eda814ddd8b1851b94e475

SHA256
2c5b663d664e3e5fe58a27bf5148a35770f096005df2069af859fb2d4ce6959b

SHA512
cf9fa52e7bf8f239b746d6a3cc95315dca89e00029e8a32c0b6372b11386a6805b7a47f09e56c85f24c8e2329e4cf54fb004a7509303b926ddbe27022d9b6bfc

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\plugins\ServerStressTest.orcplg

Filesize
58KB

MD5
4cec7a3155b93a82f1171e1b4a27ba44

SHA1
d3279fe76c74f30ff4a44e62383e2f67884e4fd9

SHA256
a1c433464b65db673ce7228aba3788a16f850cf4813e389f989b6fe04f1fc1af

SHA512
6e9efddfdcb68c0364605042e061845f3df6971328b12c6284e818549c54ddabd0fc7581ed5fe88aed239b58c5f24c6814681fbe3b70957e8f5134c6d09b234b

Download Submit
C:\Users\Admin\Desktop\OrcusRAT-main\settings.json

Filesize
897B

MD5
9ef365494bc362da1a6ddf86acc48b7a

SHA1
e466a6fcd0e8bcfe9a4657e113d81be7a70092e8

SHA256
6f9dd8f4ce48574ce886f3ebd30cead17aafcab6defeccba45ff1348ffa6c8a7

SHA512
9628a120f96d29820a8ee9a39f11579bb2edf0504a76169bbaddba2692fd54a007d8b57f73633c3bca39e32c132cb1ded0374851f5ff5b6107f8d2642ccb2bab

Download Submit
memory/2880-216-0x0000000006820000-0x000000000683C000-memory.dmp

Filesize
112KB

Download
memory/2880-206-0x00000000069C0000-0x0000000006C56000-memory.dmp

Filesize
2.6MB

Download
memory/2880-220-0x0000000006940000-0x000000000695C000-memory.dmp

Filesize
112KB

Download
memory/2880-253-0x0000000007CE0000-0x0000000007CE8000-memory.dmp

Filesize
32KB

Download
memory/2880-235-0x000000000B850000-0x000000000B872000-memory.dmp

Filesize
136KB

Download
memory/2880-255-0x00000000086D0000-0x00000000086DA000-memory.dmp

Filesize
40KB

Download
memory/2880-215-0x0000000006E60000-0x0000000006F62000-memory.dmp

Filesize
1.0MB

Download
memory/2880-257-0x0000000008820000-0x0000000008828000-memory.dmp

Filesize
32KB

Download
memory/2880-221-0x0000000006810000-0x0000000006816000-memory.dmp

Filesize
24KB

Download
memory/2880-261-0x0000000008B70000-0x0000000008B78000-memory.dmp

Filesize
32KB

Download
memory/2880-240-0x0000000007C50000-0x0000000007C5E000-memory.dmp

Filesize
56KB

Download
memory/2880-259-0x0000000008830000-0x0000000008B72000-memory.dmp

Filesize
3.3MB

Download
memory/2880-269-0x0000000008C20000-0x0000000008C32000-memory.dmp

Filesize
72KB

Download
memory/2880-211-0x0000000006C60000-0x0000000006D4C000-memory.dmp

Filesize
944KB

Download
memory/2880-265-0x0000000008BF0000-0x0000000008C04000-memory.dmp

Filesize
80KB

Download
memory/2880-225-0x00000000069A0000-0x00000000069B8000-memory.dmp

Filesize
96KB

Download
memory/2880-263-0x0000000008BE0000-0x0000000008BEA000-memory.dmp

Filesize
40KB

Download
memory/2880-244-0x0000000007CF0000-0x0000000007D78000-memory.dmp

Filesize
544KB

Download
memory/2880-229-0x000000000B7E0000-0x000000000B7F2000-memory.dmp

Filesize
72KB

Download
memory/2880-272-0x0000000008F50000-0x0000000008FE2000-memory.dmp

Filesize
584KB

Download
memory/2880-271-0x0000000008C40000-0x0000000008CA4000-memory.dmp

Filesize
400KB

Download
memory/2880-207-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download
memory/2880-276-0x0000000008ED0000-0x0000000008EDC000-memory.dmp

Filesize
48KB

Download
memory/2880-251-0x0000000007EC0000-0x0000000007F72000-memory.dmp

Filesize
712KB

Download
memory/2880-283-0x0000000008EE0000-0x0000000008EF2000-memory.dmp

Filesize
72KB

Download
memory/2880-248-0x0000000007C70000-0x0000000007C7A000-memory.dmp

Filesize
40KB

Download
memory/2880-285-0x0000000008EF0000-0x0000000008EF8000-memory.dmp

Filesize
32KB

Download
memory/2880-249-0x0000000007CA0000-0x0000000007CB2000-memory.dmp

Filesize
72KB

Download
memory/2880-202-0x00000000063F0000-0x00000000064A0000-memory.dmp

Filesize
704KB

Download
memory/2880-289-0x0000000009040000-0x000000000908A000-memory.dmp

Filesize
296KB

Download
memory/2880-236-0x000000000B920000-0x000000000BC74000-memory.dmp

Filesize
3.3MB

Download
memory/2880-291-0x0000000008F10000-0x0000000008F32000-memory.dmp

Filesize
136KB

Download
memory/2880-233-0x000000000B890000-0x000000000B916000-memory.dmp

Filesize
536KB

Download
memory/2880-293-0x0000000008F30000-0x0000000008F42000-memory.dmp

Filesize
72KB

Download
memory/2880-294-0x000000000AAA0000-0x000000000B044000-memory.dmp

Filesize
5.6MB

Download
memory/2880-295-0x000000000B050000-0x000000000B058000-memory.dmp

Filesize
32KB

Download
memory/2880-296-0x000000000B1D0000-0x000000000B1D8000-memory.dmp

Filesize
32KB

Download
memory/2880-198-0x0000000000AD0000-0x0000000001B0E000-memory.dmp

Filesize
16.2MB

Download
memory/2880-300-0x000000000E4F0000-0x000000000E53C000-memory.dmp

Filesize
304KB

Download
memory/2880-197-0x00000000752CE000-0x00000000752CF000-memory.dmp

Filesize
4KB

Download
memory/2880-302-0x000000000B2C0000-0x000000000B2D0000-memory.dmp

Filesize
64KB

Download
memory/2880-303-0x0000000010650000-0x0000000010658000-memory.dmp

Filesize
32KB

Download
memory/2880-304-0x0000000010750000-0x0000000010758000-memory.dmp

Filesize
32KB

Download
memory/2880-305-0x0000000010FD0000-0x0000000011008000-memory.dmp

Filesize
224KB

Download
memory/2880-306-0x0000000010740000-0x000000001074E000-memory.dmp

Filesize
56KB

Download
memory/2880-309-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download