Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Orcus' = '"%ProgramFiles(x86)%\Orcus\Orcus.exe"'
- <SYSTEM32>\tasks\orcus respawner
- %APPDATA%\orcus\err_2e2ba559e1e44d47b4a1a2b0867189aa.dat
- %ProgramFiles(x86)%\orcus\orcus.exe
- %ProgramFiles(x86)%\orcus\orcus.exe.config
- %APPDATA%\orcuswatchdog.exe
- %APPDATA%\orcuswatchdog.exe.config
- '<LOCALNET>.0.32':9000
- '%ProgramFiles(x86)%\orcus\orcus.exe'
- '%APPDATA%\orcuswatchdog.exe' /launchSelfAndExit "%ProgramFiles(x86)%\Orcus\Orcus.exe" 1816
- '%APPDATA%\orcuswatchdog.exe' /watchProcess "%ProgramFiles(x86)%\Orcus\Orcus.exe" 1816
- '%ProgramFiles(x86)%\orcus\orcus.exe' ' (with hidden window)
- '<SYSTEM32>\taskeng.exe' {B8305183-AE5C-4AD4-BB03-86681336CD73} S-1-5-21-1960123792-2022915161-3775307078-1001:bhqabnpiv\user:Interactive:[1]