Analysis Overview
SHA256
f0be34597af1f13ecb5297508075745ee2af467564bd0ed6fc025a4885924456
Threat Level: Shows suspicious behavior
The file DirectoryOpus.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Enumerates connected drives
Adds Run key to start application
Checks whether UAC is enabled
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks computer location settings
Loads dropped DLL
Checks installed software on the system
Drops file in Program Files directory
Drops file in Windows directory
Executes dropped EXE
Registers COM server for autorun
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: AddClipboardFormatListener
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Modifies Control Panel
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
NTFS ADS
Modifies registry class
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 13:23
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral6
Detonation Overview
Submitted
2024-02-23 13:23
Reported
2024-02-23 13:30
Platform
win11-20240221-en
Max time kernel
131s
Max time network
289s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Download Latest Cracks and Apps from CracksHash.com.url"
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-02-23 13:23
Reported
2024-02-23 13:30
Platform
win10v2004-20240221-en
Max time kernel
297s
Max time network
294s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-8F0MD.tmp\DOpusInstall.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-8F0MD.tmp\DOpusInstall.tmp | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4368 wrote to memory of 2868 | N/A | C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe | C:\Users\Admin\AppData\Local\Temp\is-8F0MD.tmp\DOpusInstall.tmp |
| PID 4368 wrote to memory of 2868 | N/A | C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe | C:\Users\Admin\AppData\Local\Temp\is-8F0MD.tmp\DOpusInstall.tmp |
| PID 4368 wrote to memory of 2868 | N/A | C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe | C:\Users\Admin\AppData\Local\Temp\is-8F0MD.tmp\DOpusInstall.tmp |
Processes
C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe
"C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"
C:\Users\Admin\AppData\Local\Temp\is-8F0MD.tmp\DOpusInstall.tmp
"C:\Users\Admin\AppData\Local\Temp\is-8F0MD.tmp\DOpusInstall.tmp" /SL5="$C002E,39119681,803328,C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
Files
memory/4368-0-0x0000000000400000-0x00000000004D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-8F0MD.tmp\DOpusInstall.tmp
| MD5 | b589c1b34a069180a959b8e91b9c04d1 |
| SHA1 | 8875ce4398d7517cd07a88acf52f694ab44952fa |
| SHA256 | 74b960394e32a1d52a3ba45111b0beb06395637e471832ef6e284736407376b3 |
| SHA512 | acd0da0ffd40d2f06fdc9c183d18e4c19a31197ec3fceb0fd5c1d1bfdd265b15cf2e35496911be8f548d80d801ce0dce39390d050fbab94cb8e9d776f513198c |
memory/2868-5-0x0000000000960000-0x0000000000961000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-3MT3C.tmp\innohelp.dll
| MD5 | 269e20c08a480cf20685a645b1ee9a09 |
| SHA1 | c8cb5d7fc506bd982bac244734e31e54d4adeb31 |
| SHA256 | 80f8b49d1fbcc2db21dc5c1fc9a62c712de8f83691c245369280b32b6cf1f4d2 |
| SHA512 | b3e77a66960b1b86335d3a5a27657dcf998376336138a19ecc343b91d090c9cf52b3af07700fd4882d1ba64d766bd55b8b5f4fc1ecd7e17fddbeafe2db1bb3a3 |
memory/4368-11-0x0000000000400000-0x00000000004D2000-memory.dmp
memory/2868-12-0x0000000000400000-0x000000000068D000-memory.dmp
memory/2868-15-0x0000000000960000-0x0000000000961000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2024-02-23 13:23
Reported
2024-02-23 13:29
Platform
win11-20240221-en
Max time kernel
292s
Max time network
111s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-M1CRD.tmp\DOpusInstall.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-M1CRD.tmp\DOpusInstall.tmp | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4460 wrote to memory of 2672 | N/A | C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe | C:\Users\Admin\AppData\Local\Temp\is-M1CRD.tmp\DOpusInstall.tmp |
| PID 4460 wrote to memory of 2672 | N/A | C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe | C:\Users\Admin\AppData\Local\Temp\is-M1CRD.tmp\DOpusInstall.tmp |
| PID 4460 wrote to memory of 2672 | N/A | C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe | C:\Users\Admin\AppData\Local\Temp\is-M1CRD.tmp\DOpusInstall.tmp |
Processes
C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe
"C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"
C:\Users\Admin\AppData\Local\Temp\is-M1CRD.tmp\DOpusInstall.tmp
"C:\Users\Admin\AppData\Local\Temp\is-M1CRD.tmp\DOpusInstall.tmp" /SL5="$7022E,39119681,803328,C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.43:443 | tcp |
Files
memory/4460-0-0x0000000000400000-0x00000000004D2000-memory.dmp
memory/4460-2-0x0000000000400000-0x00000000004D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-M1CRD.tmp\DOpusInstall.tmp
| MD5 | b589c1b34a069180a959b8e91b9c04d1 |
| SHA1 | 8875ce4398d7517cd07a88acf52f694ab44952fa |
| SHA256 | 74b960394e32a1d52a3ba45111b0beb06395637e471832ef6e284736407376b3 |
| SHA512 | acd0da0ffd40d2f06fdc9c183d18e4c19a31197ec3fceb0fd5c1d1bfdd265b15cf2e35496911be8f548d80d801ce0dce39390d050fbab94cb8e9d776f513198c |
memory/2672-6-0x0000000000960000-0x0000000000961000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-9SH4P.tmp\innohelp.dll
| MD5 | 269e20c08a480cf20685a645b1ee9a09 |
| SHA1 | c8cb5d7fc506bd982bac244734e31e54d4adeb31 |
| SHA256 | 80f8b49d1fbcc2db21dc5c1fc9a62c712de8f83691c245369280b32b6cf1f4d2 |
| SHA512 | b3e77a66960b1b86335d3a5a27657dcf998376336138a19ecc343b91d090c9cf52b3af07700fd4882d1ba64d766bd55b8b5f4fc1ecd7e17fddbeafe2db1bb3a3 |
memory/4460-12-0x0000000000400000-0x00000000004D2000-memory.dmp
memory/2672-13-0x0000000000400000-0x000000000068D000-memory.dmp
memory/2672-16-0x0000000000960000-0x0000000000961000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 13:23
Reported
2024-02-23 13:29
Platform
win10-20240221-en
Max time kernel
291s
Max time network
264s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
Files
memory/1864-0-0x00007FFD61C30000-0x00007FFD61C70000-memory.dmp
memory/1864-3-0x0000027BBC5E0000-0x0000027BBC5E1000-memory.dmp
memory/1864-8-0x00007FFD61C30000-0x00007FFD61C70000-memory.dmp
memory/1864-10-0x0000027BBC5E0000-0x0000027BBC5E1000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-23 13:23
Reported
2024-02-23 13:29
Platform
win11-20240221-en
Max time kernel
108s
Max time network
112s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp |
Files
memory/3172-0-0x00007FFC0A840000-0x00007FFC0A880000-memory.dmp
memory/3172-1-0x00000281264A0000-0x00000281264A1000-memory.dmp
memory/3172-2-0x00007FFC0A840000-0x00007FFC0A880000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-02-23 13:23
Reported
2024-02-23 13:29
Platform
win10-20240214-en
Max time kernel
253s
Max time network
257s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Download Latest Cracks and Apps from CracksHash.com.url"
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-02-23 13:23
Reported
2024-02-23 13:30
Platform
win10-20240221-en
Max time kernel
312s
Max time network
320s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Software\Microsoft\Windows\CurrentVersion\Run\Directory Opus Desktop Dblclk = "\"C:\\Program Files\\GPSoftware\\Directory Opus\\dopusrt.exe\" /dblclk" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Enumerates connected drives
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Geo\Nation | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\inf32\{8931DE95-19CA-41EE-BC6E-F556DB152A4D} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{081E9FE7-E73C-4F78-948B-8771276A29A2} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{008A6EAE-0C74-4159-9339-4DF98B4DCCCD} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{F850F077-19E6-41B8-A944-927633A79E15} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{F2E2B721-742C-4923-A8C3-98A7CB752D57} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{7F90E538-84CF-4475-8B74-2435A52B14D7} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{008A6EAE-0C74-4159-9339-4DF98B4DCCCD} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{7339F7F9-8707-4F0E-B661-2D11E36E9C38} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{855AF0F1-EE09-4E02-87C9-A2A95A966F37} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{7EAF5F8B-6851-4281-8039-6F0802F46833} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{D276CADD-4105-41BD-8128-DB2D995809E6} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{339FA1D5-707F-4CE4-8291-B2AF27C34A74} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{37AADEB9-CCA0-4003-AE68-17CC5C3181CE} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{7F8E381F-0B2A-420D-A69C-F85A14323BAC} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{53D84A7F-66BA-4801-9DB0-4BD8E85830BD} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{0387E7CC-1CB5-4C91-8ED6-49B5F6372B8A} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{A1EDD3A6-A2A7-42BF-B0C4-1F2004775E9C} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{DEDAB166-2DC4-47BC-95C9-B0A092FCCD15} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{897672BC-BC38-462B-A2C3-5AE6CC3DE77D} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{7339F7F9-8707-4F0E-B661-2D11E36E9C38} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{ECC4FD39-C1CD-4140-85FF-8BF670D8177E} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{4FC73CDC-2181-4B0E-B00B-C0834AF769C4} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{C27FC34F-A633-42C1-B77A-3D85ECF6BDB6} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{339FA1D5-707F-4CE4-8291-B2AF27C34A74} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\argtmp39.dll | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{E9822023-7745-4992-AD4F-A5792A725E44} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{E9822023-7745-4992-AD4F-A5792A725E44} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{7F8E381F-0B2A-420D-A69C-F85A14323BAC} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{DEDAB166-2DC4-47BC-95C9-B0A092FCCD15} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{7F90E538-84CF-4475-8B74-2435A52B14D7} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{53D84A7F-66BA-4801-9DB0-4BD8E85830BD} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{92225C38-923E-400A-A807-27EB46E9D78D} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{F850F077-19E6-41B8-A944-927633A79E15} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{D276CADD-4105-41BD-8128-DB2D995809E6} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{0B499001-F225-4C61-9664-11CE528CD7E1} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{7EAF5F8B-6851-4281-8039-6F0802F46833} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{897672BC-BC38-462B-A2C3-5AE6CC3DE77D} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{0B499001-F225-4C61-9664-11CE528CD7E1} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{081E9FE7-E73C-4F78-948B-8771276A29A2} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{E8804616-84DB-4715-9D45-939A4EFB3F8F} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{92225C38-923E-400A-A807-27EB46E9D78D} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{855AF0F1-EE09-4E02-87C9-A2A95A966F37} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{37AADEB9-CCA0-4003-AE68-17CC5C3181CE} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{E8E1CA93-A9BF-477E-B8E2-820723C39AC0} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{E8E1CA93-A9BF-477E-B8E2-820723C39AC0} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{C27FC34F-A633-42C1-B77A-3D85ECF6BDB6} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{ECC4FD39-C1CD-4140-85FF-8BF670D8177E} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{34C53E7F-3CE8-4353-BFC2-C2F27254FC82} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{E8804616-84DB-4715-9D45-939A4EFB3F8F} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\argtmp39.dll | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{8931DE95-19CA-41EE-BC6E-F556DB152A4D} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{F2E2B721-742C-4923-A8C3-98A7CB752D57} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{A1EDD3A6-A2A7-42BF-B0C4-1F2004775E9C} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{34C53E7F-3CE8-4353-BFC2-C2F27254FC82} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\System32\inf32\{0387E7CC-1CB5-4C91-8ED6-49B5F6372B8A} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\System32\inf32\{4FC73CDC-2181-4B0E-B00B-C0834AF769C4} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-K5IO2.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-1CV35.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-H1GE1.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-BLRAI.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-UBSKI.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\unins000.msg | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-POCDV.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\is-1VV21.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\is-9BK0V.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\is-VON4I.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-VG25V.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-6JP5A.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\VFSPlugins\is-HFUHQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\is-8QOAT.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-MN6TI.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\is-PN31D.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-T35D4.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-VPP42.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-G0A26.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\VFSPlugins\is-VQKOR.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\is-382P1.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-GFN8C.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-I0QMF.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-5TBVD.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-II2LK.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-J96JV.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-ETHNJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-60FAK.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-GBQA2.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-EIJJM.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\is-R6SIC.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-E0CCD.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\is-V62TQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-1482T.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-SJIJP.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-PEN4P.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-BD2AE.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-KNNBH.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-QPQHF.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\is-8RAHP.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\is-H0OJT.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-8HN9I.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Policies\is-OIB76.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-5P8F5.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-P64BN.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\VFSPlugins\is-R8A28.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-K8EEC.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Images\is-KH7QD.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-DVKRR.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-I9C49.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-OGNJB.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-48DBC.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-360UF.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-072S6.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Images\is-T62OJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-NN3CM.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\VFSPlugins\is-T36CA.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Images\is-M38US.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\is-JCHT0.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-4CEBN.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Viewers\is-C2V65.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\VFSPlugins\is-HUVNO.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-9FIJQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| File created | C:\Program Files\GPSoftware\Directory Opus\Language\is-AMO3H.tmp | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\xpcc37.log | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\Windows\xpcc37.log | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\_isetup\_setup64.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\SetAppUserModelId-x64.exe | N/A |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe | N/A |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe | N/A |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DEDAB166-2DC4-47BC-95C9-B0A092FCCD15}\InprocServer32\Data = 66b1dadec42dbc4795c9b0a092fccd15404636315f25513f534e342358235c402739404125482f1a000000000000000088a988ee000000000000000000000000655de6d40abb975ba33b1a4f7555f06e | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27FC34F-A633-42C1-B77A-3D85ECF6BDB6}\InprocServer32\Data = 4fc37fc233a6c142b77a3d85ecf6bdb64e5451523e25485b5a5e5b234827245a5e39205a4e2f481a0000000000000000e2d489e6000000000000000000000000752c465c645d2a7e7f67ee8789e32a84 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F326FD86-20F3-4476-83C8-BCD2C7D9B5D6}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BBD5F00E-26A6-4fb2-BAE1-31543C0BEA47}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F85D7E1E-9662-4b38-B1AE-3CF1E9581A3C}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D2FCA36D-93CD-46f2-8324-6308F6E31B53}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9822023-7745-4992-AD4F-A5792A725E44}\InprocServer32\ThreadingModel = "apartment" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F850F077-19E6-41B8-A944-927633A79E15}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7F8E381F-0B2A-420D-A69C-F85A14323BAC}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3CF9ECE0-1A9F-11d2-8C73-00C06C2005DE}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9FE4040-3C93-11d4-8006-00201860E88A}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2}\InprocServer32\ThreadingModel = "apartment" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{081E9FE7-E73C-4F78-948B-8771276A29A2}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA}\InprocServer32\Data = 4f36a24cee7a7e4aa8a7655611b397ba3554413335254b5c474a54234826465742395920445a521a0000000000000000debda8760000000000000000000000009056e96b3c0b39e37883759599d81092 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{7339F7F9-8707-4F0E-B661-2D11E36E9C38}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{92225C38-923E-400A-A807-27EB46E9D78D}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DEDAB166-2DC4-47BC-95C9-B0A092FCCD15}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{7F90E538-84CF-4475-8B74-2435A52B14D7}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D276CADD-4105-41BD-8128-DB2D995809E6}\InprocServer32\ThreadingModel = "apartment" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{081E9FE7-E73C-4F78-948B-8771276A29A2}\InprocServer32\Data = e79f1e083ce7784f948b8771276a29a24e4f525654253c4e48345d23554243264739445b55595f1a0000000000000000603735660000000000000000000000007b7d8633d982549266bb4a2ca57b0f74 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{F850F077-19E6-41B8-A944-927633A79E15}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{53D84A7F-66BA-4801-9DB0-4BD8E85830BD}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D276CADD-4105-41BD-8128-DB2D995809E6}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD455886-C07F-4DB5-B414-18B1FEFA6117}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD455886-C07F-4DB5-B414-18B1FEFA6117}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB654B0D-CB3A-4BFA-A8CC-812C5E48D5E0}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BBD5F00E-26A6-4fb2-BAE1-31543C0BEA47}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{0B499001-F225-4C61-9664-11CE528CD7E1}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA}\InprocServer32\ThreadingModel = "apartment" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{92225C38-923E-400A-A807-27EB46E9D78D}\InprocServer32\Data = 385c22923e920a40a80727eb46e9d78d45544f4c51255d4e3d3a392356535650203942515b5c4f1a0000000000000000cb4510770000000000000000000000000b965996b10b8f6f4f634b91bf40dcdf | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D276CADD-4105-41BD-8128-DB2D995809E6}\InprocServer32\Data = ddca76d20541bd418128db2d995809e64f30535734255d4e523446234845444a58395d474020211a0000000000000000894cb0b8000000000000000000000000c68f3d51372dd96e2e04b6b95d8be33e | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3595AEA4-FA1C-498A-8EEA-5F2366D16705}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopushlp.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3CF9ECE0-1A9F-11d2-8C73-00C06C2005DE}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BBD5F00E-26A6-4fb2-BAE1-31543C0BEA47}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0387E7CC-1CB5-4C91-8ED6-49B5F6372B8A}\InprocServer32\ThreadingModel = "apartment" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{37AADEB9-CCA0-4003-AE68-17CC5C3181CE}\InprocServer32\ThreadingModel = "apartment" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7339F7F9-8707-4F0E-B661-2D11E36E9C38}\InprocServer32\Data = f9f7397307870e4fb6612d11e36e9c38373c42303f253f3c43553e233a41595857392c2520212d1a0000000000000000847fceb100000000000000000000000093daddda39cd89dac4361b71f3a04b8b | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D2FCA36D-93CD-46f2-8324-6308F6E31B53}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ECC4FD39-C1CD-4140-85FF-8BF670D8177E}\InprocServer32\ThreadingModel = "apartment" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{855AF0F1-EE09-4E02-87C9-A2A95A966F37}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{008A6EAE-0C74-4159-9339-4DF98B4DCCCD}\InprocServer32\ThreadingModel = "apartment" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{8931DE95-19CA-41EE-BC6E-F556DB152A4D}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{7F8E381F-0B2A-420D-A69C-F85A14323BAC}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{897672BC-BC38-462B-A2C3-5AE6CC3DE77D}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{0387E7CC-1CB5-4C91-8ED6-49B5F6372B8A}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3595AEA4-FA1C-498A-8EEA-5F2366D16705}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1EDD3A6-A2A7-42BF-B0C4-1F2004775E9C}\InprocServer32\Data = a6d3eda1a7a2bf42b0c41f2004775e9c5a51404131253e46525a3a235b2623455839434f465c521a00000000000000006ffefe71000000000000000000000000e37a1653396623ee208abf87329305a9 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{339FA1D5-707F-4CE4-8291-B2AF27C34A74}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F326FD86-20F3-4476-83C8-BCD2C7D9B5D6}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9822023-7745-4992-AD4F-A5792A725E44}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{E8E1CA93-A9BF-477E-B8E2-820723C39AC0}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{339FA1D5-707F-4CE4-8291-B2AF27C34A74}\InprocServer32\Data = d5a19f337f70e44c8291b2af27c34a7400000000000000000000000000000000000000000000000000000000000000009cb5966d7e7dda01f893291a1c000c00c47845b46be35133013e9cb1ec8d349d | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{855AF0F1-EE09-4E02-87C9-A2A95A966F37}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{53D84A7F-66BA-4801-9DB0-4BD8E85830BD}\InprocServer32\Data = 7f4ad853ba6601489db04bd8e85830bd4630433335255b39454f5f23382154515f395d2f5c4e551a000000000000000000032feb0000000000000000000000004c1c554a522859a59e67f39ac3568d60 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514}\InprocServer32\Data = fd746102e09ad94c9f3b4c148aeb851446575c315e253f444a56352345455c445f394f204e404c1a0000000000000000e2ce83ff0000000000000000000000009061e7daf21e86ac8a8d76f5d5c09f82 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{75C235EA-9D69-430B-92DD-C04B5BFA48A4}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopushlp.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B9DD4945-1BED-4cb7-994C-F40B72B7725A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F85D7E1E-9662-4b38-B1AE-3CF1E9581A3C}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8931DE95-19CA-41EE-BC6E-F556DB152A4D}\InprocServer32\ThreadingModel = "apartment" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{92225C38-923E-400A-A807-27EB46E9D78D}\InprocServer32\ThreadingModel = "apartment" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Enumerates physical storage devices
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{37AADEB9-CCA0-4003-AE68-17CC5C3181CE} = b9deaa37a0cc0340ae6817cc5c3181ce485d403041253e584f40392357415047413950555c494b1a00000000000000003d241e51000000000000000000000000b0a91f31fe7ddeaa9df1d4ebf10a4b89 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{7EAF5F8B-6851-4281-8039-6F0802F46833} = 8b5faf7e5168814280396f0802f46833455c535f46253a405f3f3a23485c4950213953235f5c2f1a0000000000000000eaef6e97000000000000000000000000ee03f59461faa15b199f9aa881523dfe | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{A1EDD3A6-A2A7-42BF-B0C4-1F2004775E9C} = a6d3eda1a7a2bf42b0c41f2004775e9c5a51404131253e46525a3a235b2623455839434f465c521a00000000000000006ffefe71000000000000000000000000e37a1653396623ee208abf87329305a9 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{34C53E7F-3CE8-4353-BFC2-C2F27254FC82} = 7f3ec534e83c5343bfc2c2f27254fc82444a4b485f254b5a323f5723555b4b4a543927525453401a0000000000000000c3e8e52e0000000000000000000000005246db741e0b3fc9411a24e7117da709 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{53D84A7F-66BA-4801-9DB0-4BD8E85830BD} = 7f4ad853ba6601489db04bd8e85830bd4630433335255b39454f5f23382154515f395d2f5c4e551a000000000000000000032feb0000000000000000000000004c1c554a522859a59e67f39ac3568d60 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{C27FC34F-A633-42C1-B77A-3D85ECF6BDB6} = 4fc37fc233a6c142b77a3d85ecf6bdb64e5451523e25485b5a5e5b234827245a5e39205a4e2f481a0000000000000000e2d489e6000000000000000000000000752c465c645d2a7e7f67ee8789e32a84 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{081E9FE7-E73C-4F78-948B-8771276A29A2} = e79f1e083ce7784f948b8771276a29a24e4f525654253c4e48345d23554243264739445b55595f1a0000000000000000603735660000000000000000000000007b7d8633d982549266bb4a2ca57b0f74 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{ECC4FD39-C1CD-4140-85FF-8BF670D8177E} = 39fdc4eccdc1404185ff8bf670d8177e403d304c56253f523d5e3b23594845584a395d50225f431a0000000000000000f19687e70000000000000000000000006677e21083b38278be1170af495ab2ae | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{DEDAB166-2DC4-47BC-95C9-B0A092FCCD15} = 66b1dadec42dbc4795c9b0a092fccd15404636315f25513f534e342358235c402739404125482f1a000000000000000088a988ee000000000000000000000000655de6d40abb975ba33b1a4f7555f06e | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{7F90E538-84CF-4475-8B74-2435A52B14D7} = 38e5907fcf8475448b742435a52b14d73145513050255e39463a592348245b465639474451544a1a00000000000000003353592c0000000000000000000000006bdac39dd836532a6629d0d389187290 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{897672BC-BC38-462B-A2C3-5AE6CC3DE77D} = bc72768938bc2b46a2c35ae6cc3de77d474a5c433f255e58455659235545274a2a3926225c56571a00000000000000003e6eb5aa000000000000000000000000f40a1a432407a44c26944b45ffc7abd5 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2} = aebd2dc0ba941f478bb57cccd9477bf240534b53562558424d445f2341485b265f39522e414b581a0000000000000000936d6f290000000000000000000000000ff6afd500b18d201b6ada2d685c5705 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{E9822023-7745-4992-AD4F-A5792A725E44} = 232082e945779249ad4fa5792a725e44373d525e4c25304f5f544b234256494452395b58242f401a00000000000000008bf49315000000000000000000000000724b88670262879dbaf300775c538399 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{F850F077-19E6-41B8-A944-927633A79E15} = 77f050f8e619b841a944927633a79e15444c50434325473f4d3835234525472a443952524d495f1a0000000000000000c1952e3f000000000000000000000000d3501637c5f05beb42f44672e65f75aa | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{4FC73CDC-2181-4B0E-B00B-C0834AF769C4} = dc3cc74f81210e4bb00bc0834af769c43545314332254c3e4f4b4b23364454275e392c442321581a00000000000000004212d30b000000000000000000000000dc1060aa24ca091f17e687502a51e1f1 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA} = 4f36a24cee7a7e4aa8a7655611b397ba3554413335254b5c474a54234826465742395920445a521a0000000000000000debda8760000000000000000000000009056e96b3c0b39e37883759599d81092 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{F2E2B721-742C-4923-A8C3-98A7CB752D57} = 21b7e2f22c742349a8c398a7cb752d57464f53483f253a3c5c4f5823485d292a47394d5724542e1a00000000000000000c4320cd00000000000000000000000011912411d91a1eff3c445149e5528c73 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{E8804616-84DB-4715-9D45-939A4EFB3F8F} = 164680e8db8415479d45939a4efb3f8f45303d4344254a425d5d40234822405f4339545d46494b1a00000000000000008e8c258d000000000000000000000000117415839834895852770fb5926c77fc | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{7F8E381F-0B2A-420D-A69C-F85A14323BAC} = 1f388e7f2a0b0d42a69cf85a14323bac4f36424a3125515d3d593a233652295f2b39215b564c481a00000000000000002cd2fa69000000000000000000000000b01b76e50ce9ceff9c32dfadd39ad6d6 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{855AF0F1-EE09-4E02-87C9-A2A95A966F37} = f1f05a8509ee024e87c9a2a95a966f3753533c5633255b5233594623574045475f3956425f524e1a0000000000000000f674853a0000000000000000000000001a6919f4dcf48f778db98c71725d4f5d | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{0387E7CC-1CB5-4C91-8ED6-49B5F6372B8A} = cce78703b51c914c8ed649b5f6372b8a5145314d412543483e5d4623455e2256473957252e49571a00000000000000002e4fe73e0000000000000000000000008ff7cac6538a909c4f7320b4fc596b27 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{D276CADD-4105-41BD-8128-DB2D995809E6} = ddca76d20541bd418128db2d995809e64f30535734255d4e523446234845444a58395d474020211a0000000000000000894cb0b8000000000000000000000000c68f3d51372dd96e2e04b6b95d8be33e | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514} = fd746102e09ad94c9f3b4c148aeb851446575c315e253f444a56352345455c445f394f204e404c1a0000000000000000e2ce83ff0000000000000000000000009061e7daf21e86ac8a8d76f5d5c09f82 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{0B499001-F225-4C61-9664-11CE528CD7E1} = 0190490b25f2614c966411ce528cd7e150305f3f4f254f48404135235644474127394d552120211a0000000000000000abc2e7ec0000000000000000000000003f533497b54506718cfc4b322a2d61b2 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{8931DE95-19CA-41EE-BC6E-F556DB152A4D} = 95de3189ca19ee41bc6ef556db152a4d44554b4244255f3d415843234a415a2456392141512d4e1a0000000000000000aad2c4b60000000000000000000000001cd63f7122e908a83c119c112f02e08b | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8} = 4138427acf41aa47bfc3721ed2faf1d84e53473451255b3c415c47234352434a5139512350594a1a00000000000000007f1c10f00000000000000000000000006489e4c10be50b3aabcd2f9564e0ef5e | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{E8E1CA93-A9BF-477E-B8E2-820723C39AC0} = 93cae1e8bfa97e47b8e2820723c39ac04e454b504b255d42485c4823495a464a52392d24222e4e1a0000000000000000a9660358000000000000000000000000f901b932fb9c84599cf87a2f18cf4a9c | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{7339F7F9-8707-4F0E-B661-2D11E36E9C38} = f9f7397307870e4fb6612d11e36e9c38373c42303f253f3c43553e233a41595857392c2520212d1a0000000000000000847fceb100000000000000000000000093daddda39cd89dac4361b71f3a04b8b | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{92225C38-923E-400A-A807-27EB46E9D78D} = 385c22923e920a40a80727eb46e9d78d45544f4c51255d4e3d3a392356535650203942515b5c4f1a0000000000000000cb4510770000000000000000000000000b965996b10b8f6f4f634b91bf40dcdf | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{339FA1D5-707F-4CE4-8291-B2AF27C34A74} = d5a19f337f70e44c8291b2af27c34a7400000000000000000000000000000000000000000000000000000000000000009cb5966d7e7dda01f893291a1c000c00c47845b46be35133013e9cb1ec8d349d | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{008A6EAE-0C74-4159-9339-4DF98B4DCCCD} = ae6e8a00740c594193394df98b4dcccd503c4750452541333d5646233d4154425039525744485e1a0000000000000000ba1d1ba5000000000000000000000000f9ac4727a23fc5245be45d7bc34cb0dd | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{EE0F1650-117B-4075-A78C-EA86C85710B3} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{EE0F1650-117B-4075-A78C-EA86C85710B3}\AppName = "dopus.exe" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{EE0F1650-117B-4075-A78C-EA86C85710B3}\AppPath = "C:\\Program Files\\GPSoftware\\Directory Opus" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{EE0F1650-117B-4075-A78C-EA86C85710B3}\Policy = "3" | C:\Windows\system32\regsvr32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\dopushlp.DOpusFileOperation\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\OpusButtonFile\shell | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE761688-C137-4b04-8FAB-3C9CDF0886F0}\ = "Directory Opus Shell Execute Hook" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\dopushlp.DOpusCopyFileExCallback.1\ = "DOpusCopyFileExCallback Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\OpusListerTheme\shellex\IconHandler\ = "{BBD5F00E-26A6-4fb2-BAE1-31543C0BEA47}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\OpusFilterFile\shellex\IconHandler\ = "{BBD5F00E-26A6-4fb2-BAE1-31543C0BEA47}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{8931DE95-19CA-41EE-BC6E-F556DB152A4D} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Folder\shell\openindopus\command\ = "\"C:\\Program Files\\GPSoftware\\Directory Opus\\dopusrt.exe\" /nodde /idlist,%I,%L" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Directory\shellex\DragDropHandlers | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F73F1A9D-C599-465B-A679-287A604077C8}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\dopushlp.DOpusFileOperation\CLSID\ = "{75C235EA-9D69-430B-92DD-C04B5BFA48A4}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{77530F60-6CBA-4C62-AA0C-4AD16F60C352}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DB654B0D-CB3A-4BFA-A8CC-812C5E48D5E0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.dlt\shellex\{00021500-0000-0000-C000-000000000046}\ = "{2DF394BA-1955-4a52-900E-303836135F67}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA} | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{897672BC-BC38-462B-A2C3-5AE6CC3DE77D}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{339FA1D5-707F-4CE4-8291-B2AF27C34A74}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DB654B0D-CB3A-4BFA-A8CC-812C5E48D5E0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9FE4040-3C93-11d4-8006-00201860E88A}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BBD5F00E-26A6-4fb2-BAE1-31543C0BEA47}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8931DE95-19CA-41EE-BC6E-F556DB152A4D}\InprocServer32\ThreadingModel = "apartment" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2}\InprocServer32\ThreadingModel = "apartment" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9822023-7745-4992-AD4F-A5792A725E44}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\OpusZip\shellex\DropHandler | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F73F1A9D-C599-465B-A679-287A604077C8}\VersionIndependentProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{77530F60-6CBA-4C62-AA0C-4AD16F60C352}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.dcf\ = "OpusCommandFile" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514}\InprocServer32\Data = fd746102e09ad94c9f3b4c148aeb851446575c315e253f444a56352345455c445f394f204e404c1a0000000000000000e2ce83ff0000000000000000000000009061e7daf21e86ac8a8d76f5d5c09f82 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3A297740-2C30-4A50-88B8-6F10EF07C4AC}\DllSurrogate | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{59CA7BDD-15EA-4B41-8ABC-F1967657B7BC}\VersionIndependentProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\dopushlp.DOpusZip.1 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A99A29D-5574-4936-9209-08A60DA2DFB9}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF9A2E82-D19E-4932-BC5E-4523B6C273DD} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DB654B0D-CB3A-4BFA-A8CC-812C5E48D5E0}\ProxyStubClsid32\ = "{DB654B0D-CB3A-4BFA-A8CC-812C5E48D5E0}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\OpusFilterFile | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\opushelp\ = "URL:OpusHelp Protocol Handler" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\ftp\shell\dopus_openinexplorer\OnlyInBrowserWindow | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\coll\DefaultIcon\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopus.exe,-187" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A99A29D-5574-4936-9209-08A60DA2DFB9}\ProxyStubClsid32\ = "{DB654B0D-CB3A-4BFA-A8CC-812C5E48D5E0}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\OL8MFtyPmMuKke\HxX6hZiguKlq7L/x0W0GsA = 1f15fa8598a0b8a96aecbff1d16d06b015dc0b4e46dfdcc7a74e5409654280c71cacabc577c65b28bb7f8d73eb4397fd2c300fdae7e1193c6d5549c719030487c91cc221d458de965af781bc9c73a05e | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Folder\shell\dopus_openinexplorer\OnlyInBrowserWindow | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\OpusZip\shell | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F73F1A9D-C599-465B-A679-287A604077C8}\VersionIndependentProgID\ = "dopushlp.DOpusZip" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E0B504A2-E75C-4E8E-9644-36DC46FC6728}\ = "IDOpusCopyFileExCallback" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE761688-C137-4b04-8FAB-3C9CDF0886F0}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\OL8MFtyPmMuKke\bGeIF0By46dYuRJ+8tkSWA = 6c6788174072e3a758b9127ef2d912584f8d4b0f77fae281f5146e2a3e64a3824495e88a319a0932bb7f8d73eb4397fddf7b67c6999cc33d95c660dd05030887ee1e91c686ddac4b7b43a28a426d916a | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\ftp\shell\dopus_openinexplorer\MultiSelectModel = "Document" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{75C235EA-9D69-430B-92DD-C04B5BFA48A4}\VersionIndependentProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27FC34F-A633-42C1-B77A-3D85ECF6BDB6}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\ftp\shell | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\dopushlp.DOpusFileHandle\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\dopushlp.DOpusZip\ = "DOpusZip Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2DF394BA-1955-4a52-900E-303836135F67}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7EAF5F8B-6851-4281-8039-6F0802F46833}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\OpusZip | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{2DF394BA-1955-4a52-900E-303836135F67} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2}\InprocServer32\Data = aebd2dc0ba941f478bb57cccd9477bf240534b53562558424d445f2341485b265f39522e414b581a0000000000000000936d6f290000000000000000000000000ff6afd500b18d201b6ada2d685c5705 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\OL8MFtyPmMuKke\+P5VXvBDraxl69LPB+Cp9A = f8fe555ef043adac65ebd2cf07e0a9f401de0c3b26dfb9bdb44829097d36e0c815acb9a961c34328bb7f8d73eb4397fd3cd2e15be7e1193c6d5549c7190304874eef30b3e6dbf642d1b011aeca004aa9 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514}\InprocServer32 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3595AEA4-FA1C-498A-8EEA-5F2366D16705}\VersionIndependentProgID\ = "dopushlp.DOpusFileHandle" | C:\Windows\system32\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Program Files\GPSoftware\Directory Opus:stockcert12 | C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\SetAppUserModelId-x64.exe | N/A |
| File created | C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File created | C:\ProgramData\sdpsenv.dat:naughtypirates | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| File opened for modification | C:\ProgramData\sdpsenv.dat:naughtypirates | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeBackupPrivilege | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp | N/A |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopus.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe
"C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"
C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp
"C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp" /SL5="$6020C,39119681,803328,C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"
C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\_isetup\_setup64.tmp
helper 105 0x3B4
C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\GPSoftware\Directory Opus\dopushlp.dll"
C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll"
C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\SetAppUserModelId-x64.exe
"C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\SetAppUserModelId-x64.exe" /cert2:1245660:1377274 12400 "C:\Program Files\GPSoftware\Directory Opus"
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
"C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /fixappname
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
"C:\Program Files\GPSoftware\Directory Opus\dopus.exe" /ignoresetup autolister=layout
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
"C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
"C:\Program Files\GPSoftware\Directory Opus\dopus.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | vfr0.gpsoft.com.au | udp |
| US | 8.8.8.8:53 | vfr0.gpsoft.com.au | udp |
| US | 8.8.8.8:53 | blog.dopus.com | udp |
| US | 8.8.8.8:53 | www.gpsoft.com.au | udp |
Files
memory/3268-0-0x0000000000400000-0x00000000004D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp
| MD5 | b589c1b34a069180a959b8e91b9c04d1 |
| SHA1 | 8875ce4398d7517cd07a88acf52f694ab44952fa |
| SHA256 | 74b960394e32a1d52a3ba45111b0beb06395637e471832ef6e284736407376b3 |
| SHA512 | acd0da0ffd40d2f06fdc9c183d18e4c19a31197ec3fceb0fd5c1d1bfdd265b15cf2e35496911be8f548d80d801ce0dce39390d050fbab94cb8e9d776f513198c |
memory/4364-5-0x0000000002710000-0x0000000002711000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\innohelp.dll
| MD5 | 269e20c08a480cf20685a645b1ee9a09 |
| SHA1 | c8cb5d7fc506bd982bac244734e31e54d4adeb31 |
| SHA256 | 80f8b49d1fbcc2db21dc5c1fc9a62c712de8f83691c245369280b32b6cf1f4d2 |
| SHA512 | b3e77a66960b1b86335d3a5a27657dcf998376336138a19ecc343b91d090c9cf52b3af07700fd4882d1ba64d766bd55b8b5f4fc1ecd7e17fddbeafe2db1bb3a3 |
memory/3268-11-0x0000000000400000-0x00000000004D2000-memory.dmp
memory/4364-12-0x0000000000400000-0x000000000068D000-memory.dmp
memory/4364-14-0x0000000000400000-0x000000000068D000-memory.dmp
memory/4364-15-0x0000000002710000-0x0000000002711000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\_isetup\_setup64.tmp
| MD5 | e4211d6d009757c078a9fac7ff4f03d4 |
| SHA1 | 019cd56ba687d39d12d4b13991c9a42ea6ba03da |
| SHA256 | 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 |
| SHA512 | 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e |
memory/4364-206-0x0000000000400000-0x000000000068D000-memory.dmp
C:\Program Files\GPSoftware\Directory Opus\dopushlp.dll
| MD5 | c67bb70e79fa8eaf74d69a5446be9c68 |
| SHA1 | 86fa4fe42ee945c4d70c15c8d5ca2cb72ec21f8d |
| SHA256 | e0e8ba480ccfd84b2ba050977a463fa29e73f83e0beb1b9a65798bb46a382f6a |
| SHA512 | eb33c16035ef7d804180a4484f3ebbd5bbc17fecbd32af5b2e81ff7851e9c109fcd649fc26e370ec1fe428d9563b04512f7183a38d369a158d790a7f514f1e2d |
C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
| MD5 | bab136d128f22bd604d683f552c2cc6a |
| SHA1 | c16caffa8b3ca19eca4f1a5406caa5fcee67ab5c |
| SHA256 | 13164dc59446bcffc01804ce236846918be8f00809d6c1c0ab12a8f675e70d13 |
| SHA512 | 29e13f1015e44d77531f40d633e1e5c52de60c5b46c8c82b0e8d0859b4c245e5ef4f43886f5ffd0326bde06094ecc87b570c17cf826d1df1f464e4dae202bc56 |
\Program Files\GPSoftware\Directory Opus\dopuslib32.dll
| MD5 | a461abde6b7cf87b4f8f016faedb30f3 |
| SHA1 | b9f7209aa8b40a0f21fa12006fdd7aaff0b0b533 |
| SHA256 | c67c810c3cdb4c22156ca58c01f50ed0dbeb6ab19ce7e05bc69ec21b6f961c26 |
| SHA512 | e98cf5ffc74829b8920c16dc7a09fab618c14b4da0e99b436aa87ef99a756e41beacf059dd0dae41a7c0155df31d092750dfb238ad2f87eb04f8e433902c9683 |
C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\SetAppUserModelId-x64.exe
| MD5 | 1f193f1b45fbb3dfe5159baf37e5c42f |
| SHA1 | fa86bf28f29c18701f136710cb4b92865dcf281b |
| SHA256 | d0090ce09daddf3848d35ad0c5e1e11344ddfe35d8c7daa78d31b07967d7adc6 |
| SHA512 | 1dd3329af6faf055e958242860f63942938c38b19509be5e32ddf7a60f8b42328d2a577ec3e4e76397f3714d2712ce83e5a1e3b280e5cd14c534449c2f7143d5 |
C:\Program Files\GPSoftware\Directory Opus\stockcert.txt
| MD5 | ba6ae2623c9f437dfffd4a0c8385b085 |
| SHA1 | 70ec32695a49e78ba2e4940582ceccd5ab0bf949 |
| SHA256 | 9d8a262fca2c58135b6be75378d3e4848ee9ad5d1b23381a826715067b661cc4 |
| SHA512 | 89515c5bd90b1792c504b85112a08ff2b65d8f35ab40b482f7d6721ddbb520689d20ed00e570de9e32ff899abddb3e4ba5de5d943901971c1374506130b26f6b |
C:\Program Files\GPSoftware\Directory Opus
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
| MD5 | 4eb15737020dc0400a996ed7bb3a6cd9 |
| SHA1 | 199aeb94d696f0fb41bd761a454ee3fc167b3c51 |
| SHA256 | 33e86b2febaa8022e0de897f889b178c0b3bcd3b4987c8e292274e33f6a4861e |
| SHA512 | ec401a6ec80490fbffae11fff2ab6cb73349053fb5198cbfff02aa2202105737ab4712e9981e32ecd7a1a1349937ba02950371a4db1a9dc504f89a366b4a8e1b |
memory/4364-263-0x0000000000400000-0x000000000068D000-memory.dmp
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
| MD5 | ed344b2dac5ac02344a84db13e0dea01 |
| SHA1 | 54404af6553e6117b6f7c9fcdf22557d798d6631 |
| SHA256 | 0a93ff74e3462384eec02a71664bbf2a7ebcfba6711115fc6e3dd23137f66ad6 |
| SHA512 | 564d1c5625c8de0ce1716513423ed055501786d651772c5ff95248d0c6b13daa17c57828cb8aaca8fcb758a0a229c4a37053f56bd85e67756b2a5e67a242e984 |
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
| MD5 | ed58a56592eaf36c20d78e23423d427a |
| SHA1 | d3ef486b9820feb8bc5a57f92d21cb326190cff6 |
| SHA256 | f3e055f4693a8b3bf732499c210423233db6aacb5429f3adcf2486d71fc61c70 |
| SHA512 | 76fca5f56a30e56524827e4125d26b95dc201b6645a826e350d52d3afcf4a61dba8a11608e65e1dc3f807dfe60afb4bf68e92a97dc70237ab7727731289ffb98 |
memory/1520-267-0x00007FFB377E0000-0x00007FFB377E1000-memory.dmp
memory/1520-268-0x00007FFB377F0000-0x00007FFB377F1000-memory.dmp
C:\Program Files\GPSoftware\Directory Opus\Language\english.dll
| MD5 | b13cf787b095794876c7d03206fdcb7b |
| SHA1 | a56668453ebd9de9fa526d0dc2fa83f79f9332e6 |
| SHA256 | a1897834f50d556c6d394736c3a6aaab50aff45ce1fdc59aec63eb53c22ab538 |
| SHA512 | f9b17ddb4e0302afe7f544909a11528ffb7255be4eaf373fd9b9588dbfa7a74add584505b668e10f4b9234650039fd2d6b221fd52cb868c7654b4284286c1299 |
C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\dopus.dat
| MD5 | 4157c90c53f6330c2720843c78dafb78 |
| SHA1 | cb3a0bb71ad67b32a1c5ceacf57516ab637d8ffb |
| SHA256 | 22bb631237d88a6bb421c3c24bec6f37d36cad7984aa80306375c888e47cee37 |
| SHA512 | dcc933ca8ebe3e8531dc98d9c6a4da3bb0e4d24eb14250afd936d47f1302aeff423664ab54cc9f111e972b5a6e2fac2572221eaa53a808f10a9c53bacf2a85df |
C:\Users\Admin\AppData\Local\Temp\dop202402231325330884.tmp
| MD5 | 6f1e79ec9296d3b4704cd41a1a7d5bd9 |
| SHA1 | 303554a590d51a28a8a081d23758491d78675dcd |
| SHA256 | a868acbc17263ab09cdbe6d290a9e790cc90e98b73f2227e64121eee3a45f989 |
| SHA512 | d65cd90dbcdad9eac5f752597d9f397106106fb14f2464eb80c2d0230a42cc02e9ff9c54644031ca124a269ab612f761216339cfc48b567b6d5db23d5052180b |
C:\Windows\System32\inf32\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2}
| MD5 | 2ea29a8ba61af10e8e082810bc221b62 |
| SHA1 | 1fccecead69049a5efb84133832a42412e2726f9 |
| SHA256 | ae74e9a9cb22e38864bfd64ed68b31362f9dcfd8a61e7b718dc77acee2c99d39 |
| SHA512 | c75c7a34edbc443bf1f3a0881801c4bf4757509d752b47bf0873f95def69f94f67d18e9b1a04528a9483aeef21114896648f4625bd81524c883e8855870aea0e |
C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates
| MD5 | ebe2a7fee3d60c9c54620db4ba16fbd7 |
| SHA1 | 22d11a1836171ec767951a7b6d132282c33d4957 |
| SHA256 | f7264d19e65846a4ab34a4c1854c711210edc41d26b67c2cea3cd558fb6d242a |
| SHA512 | a9483a20b917c1dc16b8da6968c4c022c65fb63bb9ad195f064161d360b117d5c6936e601e0d73845d71c8077fb5baaf1a1c2792f231356ac362e9a8e49b6c39 |
C:\Windows\System32\inf32\{855AF0F1-EE09-4E02-87C9-A2A95A966F37}
| MD5 | 9cd09ef26730d05f46b61a2daf358315 |
| SHA1 | e40bebe095153d58d9caf1b56411b9654c5a1e24 |
| SHA256 | e5cfa275d0d0ab4bc37cbe1a3b8e79c5bf4a2aeaa5a590b46e45eca4b72daac4 |
| SHA512 | c63687cbe5f597301c8dfb679ec5bbc99395ebb327e17496f5c43411e3f0cc4782c33e1b5d04d1f4e5aa2a5f22ebc0af443907ccc40a30439bcc8e1cae12b6e8 |
C:\Windows\System32\inf32\{A1EDD3A6-A2A7-42BF-B0C4-1F2004775E9C}
| MD5 | 093f106be68b9c41576f850869811896 |
| SHA1 | 3235e1533cc9f2ee785f60daeffdb73863ec9cc4 |
| SHA256 | 1728407d07eb01725316fbb8049b0e1023487da0bdc7cbb38534fc8d34dd94ea |
| SHA512 | a9d8c58fda0a231e7962081e1a469253e5844a72d0bedd23066cdf6e71186a97e4fa62ad092793b5470372cfad02eb776f948dee7321cea018d96da3ac63d9d9 |
C:\Windows\System32\inf32\{008A6EAE-0C74-4159-9339-4DF98B4DCCCD}
| MD5 | 9d2c33fbf55114c9ea40cb1eea7e1e41 |
| SHA1 | 071ae7fa0a3b381c8965abb29c2ef36ff7e2ccdc |
| SHA256 | bda43b67a80c62d6ce6a79ce01bd0d6b02f9082a0ef336dbfa40173c202d05d5 |
| SHA512 | a13f3b5c72c1be98cc1d214f137be13491d2dfbe07bcda1f8684e4200c702f1dd02b9eb7e01357f8433b840076ab9e0cedd1bb09491edf81420b587520658764 |
C:\Users\Admin\AppData\Local\Temp\dop202402231325340037.tmp
| MD5 | 3734c8632efd2a13b0ee678ff537d13d |
| SHA1 | 7d8f2c53acede2caeaddf335b6347a4eba302af4 |
| SHA256 | 6dd4c72247977df57c51f70c2f396114af4be90f190475711a7b12c00be568d1 |
| SHA512 | 3988a2d9cde034fe957b52bea61d9438cb4c2983738417f571766f5692d4365bd79bd65c3303017e0b303de1091c5f49466e6af4c9be3ce19e9c655e711e1a5f |
C:\Windows\System32\inf32\{081E9FE7-E73C-4F78-948B-8771276A29A2}
| MD5 | b940d45853e39d6be840117e5482dfca |
| SHA1 | c34b7db99419ec73eee7abf3c8522eceb58d8cc9 |
| SHA256 | e28d9daf1c52cac10543af43e1a492d52b3c419bbbac4035e45c1c92f1bb2928 |
| SHA512 | e6c8fbb4750dd9d5edf2c899f47ea6ae9dbeeea1ced7fcd3438dad574ec8b602d6b3394b9a1ba7986998e45c7c8906afa2ce35fbcd325481343734892507e4ea |
C:\Users\Admin\AppData\Local\Temp\dop202402231325330990.tmp
| MD5 | 118f8a78e6f5ca7705feca7632587e07 |
| SHA1 | cb79ce7810ba64c32ffdd7d2a25d777d3601439b |
| SHA256 | 5fc16bb7396c039bec3fb2ea4114ba14df7b6fb88e744eec1e42b2dbfe3ccaf2 |
| SHA512 | 8a3781fa48c0efe1d2be9c537947aa9ce32144821cdbf47778a99b45d9013573486f3a390131701764cf06fa53a74568191d85501bd79e1c7630997d3460222f |
C:\Windows\System32\inf32\{F2E2B721-742C-4923-A8C3-98A7CB752D57}
| MD5 | 890882257faf798fae65a799f68f68c8 |
| SHA1 | 86c0972b926bbff472a1d9a0eee75b386ea8c07e |
| SHA256 | 333a5052ad5eef37cc1b3bf2478ea24642693801a82d6fc605a317cd76d6d632 |
| SHA512 | 8d902970ec9ef3b9101219e8727c8c9180c2a3f08d2062ede71b29737c0f8ee58b8609bc2a0fd0f57c8d0ed1a5701d1367cd8a337db2c4feff0b93dc04b6740b |
C:\Users\Admin\AppData\Local\Temp\dop202402231325330978.tmp
| MD5 | bd7ccd21114324822706dbd6ca5f4563 |
| SHA1 | 30f1314388b913576b95cedb7cb8b0d6bedd1092 |
| SHA256 | 2fcd1b8959f03bd0d4dd542fee140431fa442c77b3255f9ac752f4c77cdbede0 |
| SHA512 | 12af76ac2bed51d11c93e92c319151f25be5b31b2e4d30bc93ff9055cd7d9dc151d86b5fca8af66087abdae671bdbe55b1e58e1ac06d76b3d499f1c23e1b1d74 |
C:\Windows\System32\inf32\{ECC4FD39-C1CD-4140-85FF-8BF670D8177E}
| MD5 | 1d7bc9336571ff380ee9940f0cdc44fd |
| SHA1 | 81b7bbc2629053c59928ff2bcabea3ef396daf6d |
| SHA256 | 9b17d2fd9a3fd6f5d9588e729aceee93ab46601ede0ca2b2d9fc35ec8eb8d968 |
| SHA512 | 61893470cc7784f9b7384415d82377139f2b11262291116ee4bde64d80c6a47b5d1d65ddf802e5eed28febad82ff68a247bdad8a3110d799e34d52abcd209ff7 |
memory/4364-388-0x0000000000400000-0x000000000068D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dop202402231325330959.tmp
| MD5 | 69929977df32a2e218167e2cc6f3d5cf |
| SHA1 | 99b1c5cf8d6e21c23639940c6d8fe7a376a4e33c |
| SHA256 | b67228d62cf209c5593f5cb633c9444739617eb04d9c53c4df11b1ca92176357 |
| SHA512 | efe041acd8168c5f309e8094ad3f4760deb46173b2175bb300383cddbdedf037e2e74b175bb6285e1fc444752ccc9c545d22208097b20159b6ef4cccd6e761de |
C:\Users\Admin\AppData\Local\Temp\dop202402231325330897.tmp
| MD5 | 6bbc51e2a4737ac912b29836ce436c28 |
| SHA1 | f5595ebaea75bdf9b47f6dd3c099debec5919e62 |
| SHA256 | bd32712ab10eca6d989eab78b645ec4618f553749f809fc8762250cd3e3255e2 |
| SHA512 | b103498bc5592bc0c4182a33ee10f96de4a505c8448fbe67383238dfcc187f847476995ce343987059ce9bc0329a0dce2fe7ad6191761cc03a64012d5aacd2c5 |
C:\Users\Admin\AppData\Local\Temp\dop202402231325340444.tmp
| MD5 | 7a9370fa52fd2fe46b3940faac784d90 |
| SHA1 | 0c705473c3fbf619f35fdda7afb97b7fd8c24057 |
| SHA256 | f58f7fa70dceb475c4eba105d738b65084febf3eaf55c132a2eadc03921236cf |
| SHA512 | 7e6fa0352917139c73ea3ba6ec8f738caa2f3627c0db34c9514daf02cd16fdd4c3f504dec069ddc3ad3da777a68dacdb810eab3fee36cbc69cbb2068cf45216d |
C:\Users\Admin\AppData\Local\Temp\dop202402231325340475.tmp
| MD5 | f10da6890fb8b95e8efc09e46829a53f |
| SHA1 | abdb4fda12b70762ee5ef71d6ade959023ff8425 |
| SHA256 | 55a93e7e315959da9dae7a2fe3eb8784083d0295e7bf8f4838242c43eaa98bb5 |
| SHA512 | 6e69c40217a3e3df52f2f9afcd9d2646467237a26ff437a88a3e34c0639adb17658fc2609b2e13f3a5f955cdeba05de574d8c493a55a7a118069f4947cca2b0f |
C:\Windows\System32\inf32\{37AADEB9-CCA0-4003-AE68-17CC5C3181CE}
| MD5 | de4dea3d54084c6911aa8dfcf38cc661 |
| SHA1 | ffb86ec1932baa5765f230f6a3c1eb146535a8c6 |
| SHA256 | 9267b7ae7ac29ddf0b4569d7c8134521ab4553e9aa6e0542626297e7dfb39a61 |
| SHA512 | fdbc3945cab08cd8acffc7aaaa2bf407f08c148fe27668277158b9317c185ad1566b8f7a9a481c5ea135b8ed2060cb6fb574f082c0432b5b2ad721eb96739c30 |
C:\Windows\System32\inf32\{F850F077-19E6-41B8-A944-927633A79E15}
| MD5 | 4458a340eb65a568add646d4bc9fa053 |
| SHA1 | 68825a4831745571bfc83f6358132f1f2e9b3731 |
| SHA256 | b8038fbe3577fd871145387cabea24db8b0d4f2e0cea651572ace58b974bfb53 |
| SHA512 | dc37ef8b84979e25969646ee4237e5d29923d327174db4e8bf9eed6233a7e4d0d9c9bc2d37df448d85eb415aaba232b7111976141313262eb634e95a89e105a1 |
memory/3268-775-0x0000000000400000-0x00000000004D2000-memory.dmp
C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates
| MD5 | 20182ce31f231cb46c99c92a27d5fd9d |
| SHA1 | 1e29be257a01913d5404ed909d7308f91fdc4aaa |
| SHA256 | 240c58f49cc293fbe0b49cd93b174b60cee766d7488400007f091a468ba90d3b |
| SHA512 | 37bbfb70233fa9c9d1a0693cefd98854fe97681b133a1aa5729a921f6b347672e70d4267fd446a29f2a700f55f851c80894da1c416dda8f069b37b35a0c38077 |
C:\Windows\System32\inf32\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8}
| MD5 | 6b06e3b476fff74160a23e9caacfa71b |
| SHA1 | de031bc617b3a3d4eeabc0cf5792089a83bfaeb9 |
| SHA256 | d6822449c6d4fc1c1744f8d7eaa35d0ac1e7a0cb70c378f1c072265932909922 |
| SHA512 | 7411fd61a283c147fe7a51eea6b3c5030374fe182d249a8e77be1fdcb88cff309f1ae1b8dc0796a65a63fe831556dfe9e1313a15a078ea613ece12c12b83d45b |
C:\Windows\System32\inf32\{7F90E538-84CF-4475-8B74-2435A52B14D7}
| MD5 | 29f0275a6a92092dc8a52ecc84dad20d |
| SHA1 | a52dc9f4d5248e854216b0fa66b1fbc6f4d7c538 |
| SHA256 | 62a88647f79514cf59ec41b53b4734205d70f76407ef67395ed51e94009540b9 |
| SHA512 | 7e5cf63714fca06432af722c6ba3406a05e5caf02d15e65f99d2e53fb65f130616019a8f1c4ae0cb8a97f49a6027493ae6c4b517cf3dce75f2bb5e0aea5f3d95 |
C:\Windows\System32\inf32\{7F8E381F-0B2A-420D-A69C-F85A14323BAC}
| MD5 | 9ff94deac8d312f1304da3b3a7a0b59b |
| SHA1 | cc4ff9373bf8d7abe564f2d291df67892c118147 |
| SHA256 | 1730d3646f2ec08af69f845391028861da06e102008760c6567471564bbb8d0b |
| SHA512 | 6a6ff24df6cfcfd8f6c91db927cf1f5505714489d2a8ed36bbad131c7d573bd5879b20e68487b9af599fa8532dc516ed19e9fda829adb0ce5307bb28ded6575f |
C:\Users\Admin\AppData\Local\Temp\dop202402231325340756.tmp
| MD5 | 5ff08620fb8ac87f4e15998456455b20 |
| SHA1 | c054ee9480c5b41c1372e319e66bcf2079d7c0b1 |
| SHA256 | b460613eecd76361e211b76273db0ed0f205312c45a9bb771f7f58ec2ca55c42 |
| SHA512 | 5ea5def2d0ec174882027b6813fec8fcce5d58a6fa49f6d439188d8489cd4e73de4ddd7bb22d27831e83bd2abb99875e17acde1f384d52218f2258b5a120eb88 |
C:\Windows\System32\inf32\{DEDAB166-2DC4-47BC-95C9-B0A092FCCD15}
| MD5 | a1f3bd1fbad0fe1b488cfc10188edd92 |
| SHA1 | 6c5a5274c18a8afc66e70491f4ddf8645bb8511a |
| SHA256 | cead9baf28974c7cf26b5933d47180631db0ca4713bec96b0f9dc3ce4848734b |
| SHA512 | 165f56cc6a14beeb6d931277beb7770e6d92ec2545fdc743da6bc99be678840d21e966c059d9ddf2b8c42df24e2db948b07bc453587a67f9386e43ba4eae356e |
C:\Users\Admin\AppData\Local\Temp\dop202402231325340647.tmp
| MD5 | f80f993b2557f4bab79c7dcbfc2cbb38 |
| SHA1 | 1d05aebd9fda0facb92aa5016da75a77a70763dd |
| SHA256 | 464ccc2e869276189f524ad4fc1bb4e7f7cdb7e181189c077e0b4a24a2ad4a34 |
| SHA512 | 7ad20706b48e33b577257ec85134d7baaa0e3ea8cda900c1ebd74f9f20ae3afd2c67b55d64364f2bff69dc87aa5d2bd6e08195efb60e8d1d340965425e8a65e7 |
C:\Windows\System32\inf32\{34C53E7F-3CE8-4353-BFC2-C2F27254FC82}
| MD5 | d5f9ec1d04273f38325fb8ba456cc8a1 |
| SHA1 | 7a3d6d883572d4f50f2739f99a45a8144dbd2dd0 |
| SHA256 | b61d14bc9151c13d9c5ca787a2e1dc4fd06f0405cbef978c46bc1d965f88e284 |
| SHA512 | 283233a6440bae38baed96c86603ef2ee08b20cf4476dfe067556de8a6a4e144829818d9b85dfeba91d8e0438234bd59e9057b65a08f5e21ed040b2921b99818 |
C:\Users\Admin\AppData\Local\Temp\dop202402231325340615.tmp
| MD5 | 3ddf8edf2bbdffddcff63fb8b99abcb4 |
| SHA1 | ef68bf81ba6fdc1b40d30dbec473e50a23c373f0 |
| SHA256 | 7fc22594b1de4e387311b14a74f2833923d0d910c18d93b0da4419957cc7c698 |
| SHA512 | 2ce9d45f916a8300b7b6cb61c4d790f4f2fc87f7f2d4fa660aacf314935b90e56f1d021aefd53237e38d44b271f9b83d3d32049ae7dddb5d18d5a721986ceb3c |
C:\Windows\System32\inf32\{7EAF5F8B-6851-4281-8039-6F0802F46833}
| MD5 | adc159757619ceb53cd569a7732e95cc |
| SHA1 | f09e68794451341898ba5d297ec63851c2f25f6e |
| SHA256 | aa343264bc9201f2d43640005660fc58b811a3453daa04438470c923e234089c |
| SHA512 | 45286bc0515361e0f687f3038942fee8e29b4e517f026b4b129bcc19fda33159ad7d11a5713c30d6949804b933886232f9f13f062580a45c542479817918771c |
C:\Users\Admin\AppData\Local\Temp\dop202402231325340600.tmp
| MD5 | 1c93f2021fba9bbcd902b4952413c279 |
| SHA1 | cf224d3023bbebdc41c11a8bbf6289880d4692ec |
| SHA256 | a1d93f941790270f222995bf2afc1e11382163046f63c5f2c3907fbffb33e9d8 |
| SHA512 | 921d75990a0e35d989255cf9256d19afc4e3524264ff8857587b7e55c197fb2784fd2f64e061e8b65daa186b58a085fe5f163d8e81978ffd30fdd25577041546 |
C:\Windows\System32\inf32\{E9822023-7745-4992-AD4F-A5792A725E44}
| MD5 | 7a00c5eff8175b9460a502fcf2532b01 |
| SHA1 | ba35d2e622cde3e45f8a6cf5c0d3969dac732b8d |
| SHA256 | ab2d0367ec9dadc3533f5df9eff8ac4c288c0dd6ce53ac0b256de229f605d7ee |
| SHA512 | f59d96e3b1ae0ba11896106e703fc7d3ee769831573ea34d729581513252918696035db0b9485e5d82c63d50b39c041c9fe7663a968c50f435dcbae92cc92e4e |
C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates
| MD5 | 568af8c061963e990b589d903af5a7b8 |
| SHA1 | c9f86503b6527c247ee486bef5d8afdfd49d0d0c |
| SHA256 | 99afe8187efecbc18a8a0a0d578c1d2fc3f151dcd80550a272ec5778af71d6ce |
| SHA512 | 843ffc999ce9c976f2ce98a3a1f105afe49154d225f50b5fd79693f83b540941296f9256fa002eb0bbb03604430e65bf337d8b5756efc60adaa85ce9c60d4454 |
C:\Windows\System32\inf32\{E8804616-84DB-4715-9D45-939A4EFB3F8F}
| MD5 | e0a38c6370b329fedd40393f90896562 |
| SHA1 | 32501a453c9c8aecb1a00aa5a14356b80b5b1e06 |
| SHA256 | e7b9c8aef589ad3829137aae277587bbc1feac0fa0850b71917bd74f56b59d5f |
| SHA512 | 06102f870cfe5da648acb59610e922330d7634e450f108507c714725adf2d013f33052e8c86a7a30027ebdc3dc6057f69f35752ea4a06223bee2b8161ef4956b |
C:\Users\Admin\AppData\Local\Temp\dop202402231325350225.tmp
| MD5 | b8e971ce6cffccfcdef5cf9f3a86699c |
| SHA1 | 0008a7422976b49bd070ad9d3743489961e70546 |
| SHA256 | e25b7d75683526b2905c723839f9add49bfb43f374ffaa8bd6881001012dc3f9 |
| SHA512 | e8e1897ca85f12e3bf108a90f95772ed80690f29667db03aa60c557152a509a9f4285a1f6ac2db75f8d021f3027899f7ec8dc57df4ba3be76521f7c520c1b9ed |
C:\Windows\System32\inf32\{53D84A7F-66BA-4801-9DB0-4BD8E85830BD}
| MD5 | 07884b0793697314bf84137dc80abf5e |
| SHA1 | b06d9ae9683a81e3f25ae06ce29513a24d8913f3 |
| SHA256 | 15f277a353631f019dfb95989a184d4a8faff130c55c48c14a55687731c317e7 |
| SHA512 | 3d7e2854d310aa1757dfc5584503757b288e7228f61a464a874235291ca80b2a41fea8657718c1f3af172de19c4b4715959cd0a8ecbf76e4e278ab1f0e98fb48 |
C:\Users\Admin\AppData\Local\Temp\dop202402231325350178.tmp
| MD5 | fa02ce049d5170a52d2bee08ab99cabf |
| SHA1 | 0d609669c71ca25c11ce54f465439a479e2c3ca2 |
| SHA256 | 45fd077062229395170d622e025d4ddef691bf69b4b2c1fcedc42e2395c82f55 |
| SHA512 | 3f0a5bb9f155740387347cfe97f57ccaff6c542f97c126d23b0812517dad0588591a5f5dcd9113e4e1d66d288b513c7db23024c775aa653931fcc995ad2e0b29 |
C:\Windows\System32\inf32\{E8E1CA93-A9BF-477E-B8E2-820723C39AC0}
| MD5 | 8b38e8521d8decd83d4ee07d869dc19d |
| SHA1 | 4eea63bd1918fe5fe7134afe293e48b887a0b993 |
| SHA256 | 57626233062d14e7deaee5dce0be76e0814b3608adb0dc4d91cabf36994a9bea |
| SHA512 | 5b64f6c60d7fb32b5576a63c37d608c149ed5eb62a97e7fa03c997ec6ac5c1cf71a8897feb7f03a0cc112692f8138eb87a0524eb2fc177a41cdbdb835e980d77 |
C:\Users\Admin\AppData\Local\Temp\dop202402231325350584.tmp
| MD5 | 835e641e0160dcd73285aba2dde085bf |
| SHA1 | e024fe5956e870b002eccd6f7c6b85e3382a79c3 |
| SHA256 | 3537026eaf6444a4a1028d527a9ddb23329df8a248f21496bf957c696e00e186 |
| SHA512 | 27c6022190bb2df2a2559be6781e97c8126dab698a057252cbaacfd8ed864381515753d108abb30856ee1a2a747aa9d5be6cbedd9bff926927c95590837fcc61 |
C:\Windows\System32\inf32\{0387E7CC-1CB5-4C91-8ED6-49B5F6372B8A}
| MD5 | 51d2da58720b12160f56b4cac4d1b9d2 |
| SHA1 | 8e021557c976c0ce2c2a41fa0813909f1e92ac56 |
| SHA256 | f7054923cfb7e299bfc94259257fd1fff7d1c3c3012f9432969ef9f25a1f618a |
| SHA512 | 391057c1f65ef8330a4f0626d614a417914545830cadcc0c6b020e0ed915cd66b0e78d5788798dee92c62546dc16de7b988fd39552d9004b5016c683e5c9b918 |
C:\Users\Admin\AppData\Local\Temp\dop202402231325350490.tmp
| MD5 | 15a5bd1675fd2d07e096ea3bd7e5312c |
| SHA1 | b9f396cfad32de0edcaddb037694e6b9b2cd1e22 |
| SHA256 | 41a7b8ac585f04686677c5e19160d36dab882e41ffaf8a26c1f3bb31c17e6532 |
| SHA512 | 685f2b8b2cff9a62fb9fcf1ab201229c428e4e55d2c3097446e80758d04bb8ffccd27a8d3eeb2ad35ebef9e9d1f8f6aca14397261b3fb910e35e7916fb6f4880 |
C:\Windows\System32\inf32\{D276CADD-4105-41BD-8128-DB2D995809E6}
| MD5 | b5cc87795ffcd599548fe78c4a4d8486 |
| SHA1 | 5e916780cd14890b5d3a1b82f569b3c8422c51c0 |
| SHA256 | 1331840af75723855d4285f68b683e3c078ef09f04624cb3731b3d5003d53fca |
| SHA512 | f90ec05baf031e3ceaa00c3d4850f2a7be2cc52da9e18823606e3984920d9f00152624c1a388cca2d20b78a6972b6903c8060edec3b377cf2d6829c97e749721 |
C:\Windows\System32\inf32\{897672BC-BC38-462B-A2C3-5AE6CC3DE77D}
| MD5 | b9ba6cb5649e5509d9b5af8dfa885291 |
| SHA1 | 6ea3cb00e599e527d597388817a9acd0733b4ed0 |
| SHA256 | 938c83b60485efdaaedc863c97b5347c923bca42bc5814ef2aaf4af4f590c8e5 |
| SHA512 | e93a6823d1fbaf6ac0052979003b873fea7f9c720fee784a868eb7931e0fde1bce8ec30b3521c827965d435377923a887afc5dea5129ab2309c4cf43434542d0 |
C:\Users\Admin\AppData\Local\Temp\dop202402231325360209.tmp
| MD5 | da064c78707077ab37c24d7fef025850 |
| SHA1 | 5287ce0eabb103c21d10c6bd94925b3f18cc0b1f |
| SHA256 | 11e2d4e0a877782cffc4f3debf3b1cc8930adc31bc2cdc88489e68a2e41ef157 |
| SHA512 | ccf32a7481f8f40305ad3cec81adfdeb31ffc50f707a3cadfe0a8886540537fa0e1ca1756a17d9a2d3e07549644b193ed18aca2580b76a99ab3c8204a87c6dbd |
C:\Windows\System32\inf32\{C27FC34F-A633-42C1-B77A-3D85ECF6BDB6}
| MD5 | b4a9f2b936d04baa4d3d2b6f6d92693b |
| SHA1 | 5fe649df5bedb0b0cec56ea9da8cc7d24d848d70 |
| SHA256 | 5be6350a051bdc014629ccf69c954e3efc0d694bb06a7e9c2fb3b59d85ec886f |
| SHA512 | 6cb66d82f80e22485d2d6c684e2419b17b9410657eef7529517fe9be2fdf1bc16b14f06aa8c1fb89aae9d15c484c391fbdbd5fe5ed063386cd81d5daf0d88a20 |
C:\Windows\System32\inf32\{4FC73CDC-2181-4B0E-B00B-C0834AF769C4}
| MD5 | ed10b7ec7de38aed7d492af7d5385b23 |
| SHA1 | cffd7bc3894e3b37f52df8a56b5f0fc7d81fae58 |
| SHA256 | 7058f6fc0ff61e66b5f237adbba5b3a31a838ad2eefe810cc9bcf8c929a4bb36 |
| SHA512 | 720799673d9cfd8ad063b5ef190c9edd95fb53434699d738d8d0415ba87d4e9eefcd00dd39b04421b438424f720426739ab0a62b4190bac2d6ca915527997236 |
C:\Users\Admin\AppData\Local\Temp\dop202402231325360178.tmp
| MD5 | de118d394641533fed28a5f6830a794e |
| SHA1 | aed269616b6d9aa81605ebd5e0292db33fcb9a34 |
| SHA256 | e8ab27aae1b9838150d7b2e4fe711f876d86f626b777f06f95ab625b3db57828 |
| SHA512 | 960a0460cc1d9cf5352b4fb498595f2664e60b2bb9603519e116da3344d895baba023cf2e93f82ba7f758b272e8595a69705d0571b8a93ae4092acbd2b48533a |
C:\Windows\System32\inf32\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514}
| MD5 | a2a90f8b523f02cb0c3482ea0feb3eab |
| SHA1 | c4103dcccdddee5dc39467211dca28c96a6a47a7 |
| SHA256 | 00e78aa7399bdb653e233de09be96d00c523a70ef070e4c57880a261fde13adf |
| SHA512 | 05f1f5b3df3a182da172b7cbb6602bbaaff5722e1f8d7d9a763efec2253d8c549435e4a1c63a3e71cc35299b59afd22ab7f62866cd0bd0b29241471285f2606f |
C:\Users\Admin\AppData\Local\Temp\dop202402231325360334.tmp
| MD5 | d4f38277f1cc6151afbedc8a72fd9318 |
| SHA1 | b22a11510affc19bcf7326275b63e67179e94c0d |
| SHA256 | 4b6abcbd087cf38ad188561a51f6c32053b596ab27bbd5beb7e65be33b153cab |
| SHA512 | 7d4bec33cd2004a63b2b76549d5127fd407713be23ff0c9e7adf31888fcfdaaf723ab7e27bac3d3f14e44002548ba59d0fe3a279e3a4a972a426bd69f22c430c |
C:\Windows\System32\inf32\{0B499001-F225-4C61-9664-11CE528CD7E1}
| MD5 | 0ff3909f7b8b757bbbf075ad75cf3a98 |
| SHA1 | a20b46581432abe950921d015f8e94018336a934 |
| SHA256 | 34abca0f41857ef292d69b7a3317a066f9a3bb60220359541351026cfea918dc |
| SHA512 | a0c1fd6122c5a971177f5499bf4c147fb482ffa2ff8f90088cd92bb5ed9aa26a66dab2f9e19b01618ddf7e1a0f8b61dee78cbe1f1d332eaec5bcb82780ddf8e0 |
C:\Users\Admin\AppData\Local\Temp\dop202402231325360444.tmp
| MD5 | 5189d4fbaf54d78b49bdbe446ece1f5a |
| SHA1 | e3dd0399c2352a6691744a26c6104afd6b3aadfd |
| SHA256 | 38c6a62abee164a485b1c372de800e1b73cbcc1db32331274a9a7524076ded0d |
| SHA512 | 8f795faa28b22329e92c2d958e7f455fea5db7494155cfb071d8b8669ce7c47ba2ecd615b210bf295686ffc550335e0626f814260e9b303cfc8691481d943bc1 |
C:\Users\Admin\AppData\Local\Temp\dop202402231325360397.tmp
| MD5 | a048ce87309463d55ff4dd4d8541c122 |
| SHA1 | a00dc58738755e02a5d003507115486ea30b737a |
| SHA256 | 1faa7188d9e5ef3218d7b8f3bf31558add92f2bfe299093525040cd47416b19d |
| SHA512 | db05bc86740237377832b45b9171e3183718d58f092705d1702421f2bb4bd3640be5a396cdf59356736c94316352d3a0e9b4e0fe140a02f342d43bb059ac083b |
C:\Windows\System32\inf32\{7339F7F9-8707-4F0E-B661-2D11E36E9C38}
| MD5 | 0c5eb74943a2292b2d111147951ed4e1 |
| SHA1 | b0dfdfcd1197a1081365bcbcefb71a042bd960a8 |
| SHA256 | 5e5cced44b6c51ed066f5ada1dfe557c12eeb3f7e4c53241ce8c6aa17b095b49 |
| SHA512 | fb54ebe6412eb182d04152104b36b1dc00a9cc024d1f13efe87a9a3ab74ef1a9b0bff3e247c2342670b6a77772b4707da60cb346069d68f70398bcb1e27130a7 |
C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates
| MD5 | a24657652f6d5da464a45bafb35edb36 |
| SHA1 | 4c49dad53094b1949e7e1e86bceb2aa36de08240 |
| SHA256 | 8f7312ec1d28b95a89a361812fb5272ba63b2ade0789d1d66bd50c47627449d5 |
| SHA512 | 6fb4bdadf4dfa3fed06e10089376ed28a4d7b0c84f39481190f77b19f9cedcd825ddb2d78cb4ee81f0917d046b226cf923d36ebca4270b1fe53d7a3d883c144f |
C:\Windows\System32\inf32\{92225C38-923E-400A-A807-27EB46E9D78D}
| MD5 | 0e3ffecb1ab5568257df1b17e2320d46 |
| SHA1 | dc36b1bc1b572281159ac2e69464659ee5c86e49 |
| SHA256 | ad0cc3885f32efdb20f22431edd3f363db6ba609db5ddb6b607bd283a0a66aec |
| SHA512 | 6b309efbf3a743670a69f2a46dcef147c1c7db2ed432090d54d507696b86061831ee68cd7e6a0cf1173b36cd1bd745bdc3a684843ddcd72bcea2b9a630af71b9 |
C:\Windows\System32\inf32\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA}
| MD5 | 00548ab37b52524f44a039cac0ff9487 |
| SHA1 | 7f776d4fc41eeb9f074f064e9a1abdf9374346aa |
| SHA256 | 0fc1392df250ae92a27c65b113eb9df2422e3f0e6e8e673fc36b57ad6e2f71ab |
| SHA512 | 19395746ef8a12cc899b610a9a7114a917ab031ebc4e654df154207825c7a670bcf150ac70d442fd97d5636bc5062682d97460cf01ba33a45cfd0034c7b6cb6f |
C:\Users\Admin\AppData\Local\Temp\dop202402231325360791.tmp
| MD5 | 902eeeb5c6fe8ac9fe603881d840a9ab |
| SHA1 | 258193f94919acbafac4131dd3cc1c4ea448eb8e |
| SHA256 | 807ff116faae2bcf3488dc13b485b6327eb2cafa4ac46da7985ff17281654ed3 |
| SHA512 | 541e3568c5fd7e6c845d978706eb723f4b64a0a1915d02c93614ff3c3a36facfbb3b357243b005ae2a99f0abf8de104a298fb69a481c4f93c91261d84d64aa17 |
C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\userdata.omd.tmp
| MD5 | 4a395f5b32d0754e7087e2ba87ec32e8 |
| SHA1 | 8be9ba7753020597b5dcecf820b87afb918093b5 |
| SHA256 | ed14644c2b202f38463c4ae58d33c1aa477b9ed3d197975b27b61efb3d672bf3 |
| SHA512 | f8d61ff153a4d7ca2098413ae080d6884d0321fa76744146e250a100fe1f1c104fa9472ae694361cb514942f82b0ea7eca0627c677f66f1a2cfa197b27afbe24 |
C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\userdata.omd
| MD5 | 919b8f65c3ef1726dd87dfa54123d958 |
| SHA1 | 47ed8a15c7388ce24dc2d89c9f9131513b7eea45 |
| SHA256 | 0cf15319f9339ea60adf46c71295bbe79ac905e05cfccfb28d2bb819ae5211c6 |
| SHA512 | 66feb66d7c9b98face6bdab4fc1ffc0f3cfbedd81ec13487afd2fcd85cf19675c84ccbaee3596bbb0690553e6cb259a64287aeec286fd81e2f81bfb510fc545f |
C:\ProgramData\GPSoftware\Directory Opus\Buttons\OpenOffice.dop
| MD5 | b6818847c7e573d96f73a648b1f38570 |
| SHA1 | 7e55be38fca51196b5f7e1bd4ec1ce409d65326d |
| SHA256 | 21ca70e470967a4b5f6cbe3d1bffa087653a532bcd57a00c187ea745309b1b09 |
| SHA512 | 5793fe4a9bdf777a7621a3d027d0cc0cded432114935e35107579ba6b0750b5947584f190db9f377615bb3706ff009a4cdf35c500c58d66d704030538105f07f |
C:\ProgramData\GPSoftware\Directory Opus\Buttons\Office365.dop
| MD5 | 9e59f69f9f5faabed753d8c94a40d63a |
| SHA1 | 191b32d6b45c21ca0ef412bc0523a9859c2df791 |
| SHA256 | 9f6dba06f65cf1316f77e367107fa7c27b94154f8e0bb3cd4b06169169162704 |
| SHA512 | 9e2b205f8bbbe0a5aafeec5f0935155ebe0ccd58222733bf00341709b27188d6e01799f4692be11776d48e4dfca5907c8b888de3e3b138921f4008a58afc9ae2 |
C:\ProgramData\GPSoftware\Directory Opus\Buttons\Office.dop
| MD5 | c552fa579d191c172843bae17e732230 |
| SHA1 | 869d474d385d676995941350b8870fbc6f9ba56e |
| SHA256 | c86149f85284c094c2388ba5b281dd19874c2cc131f9d6b3f19ecabdc356f7ff |
| SHA512 | a94079da09bc22e3b217190f6c1d63c6b26a88ce26e83b3e0d05ff6b077afd3fd8d03645933258df55b4c7e7355b4248da71d2d0eb65f80228b2a5a9333d3f62 |
C:\ProgramData\GPSoftware\Directory Opus\Buttons\Drives.dop
| MD5 | 63914bdda20a1317b5ad9e880ea39aac |
| SHA1 | a488c43ca73c695760cd12db717f9e3eb7db74ad |
| SHA256 | 3723b0053e362a269841b5be3cc4c80b48330ca01f8bf365adc14f7be825e988 |
| SHA512 | 665bce7952b9e14f7e08b1e20ad46296f7a95857d8afd506500f8799af497318c22b460ec652b1bf187e2a69bdf5987e8762e08b658fbf44f3f66902b2cb28c0 |
C:\ProgramData\GPSoftware\Directory Opus\Buttons\Applications.dop
| MD5 | d27f04da167278c81c5762868b75c094 |
| SHA1 | 464a24503572f7b3a7f0afc41c8907b8adbe1fe8 |
| SHA256 | 285752a34696e5db71b4f4d7f865b7f88f26d9139b8e7a4c3cf128c09dd0209c |
| SHA512 | 61ac374afba30ab1823084673fc1fae4a290db1c00f6209bb330dedb28188716b5dd6e25c0f7e1351689777a0e48b7438291ca6b89e095061a3be8abc8796574 |
C:\Program Files\GPSoftware\Directory Opus\Language\czech.dll
| MD5 | 9c6cf1abbf0401707486e785617910b9 |
| SHA1 | 8efa023f887e76399206149fa1b11fe22cf15065 |
| SHA256 | 4b47b1eaa4a78b4e1b9f22f2c4f1f960dc599b3d9841bd79fb0107198b56dbc6 |
| SHA512 | 1297576918ae0aeaeffb07b5df2f2da958fba2ce846dfd243862cd340e0271d1a145f550e62acb0f372a730325df1f56c51b8b71d01b6cadd7a92bd726f0bd52 |
C:\Program Files\GPSoftware\Directory Opus\Language\cht.dll
| MD5 | 00c12798381315126563fef549295266 |
| SHA1 | 151e6b98f7da9554c0942f65e75b0988489a8f99 |
| SHA256 | ece6eed8d61d36d4ec94148da9f3a14b12c82371e3df03c6fe5b9db6d08d398a |
| SHA512 | 58e108e1579cb78a456cd368813f5ac7c8498b7440f969c1bb7a965c33b14397b3af48dfad9568f878bd6bc728a4f79b7d387d935b3d8873d27c5f50a9961b0b |
C:\Program Files\GPSoftware\Directory Opus\Language\chs.dll
| MD5 | 3cb4068b15fa35dac0899461aa02f55c |
| SHA1 | b54b339570daf46006634c52080aa3c651ae6a10 |
| SHA256 | c819c5387a223b3b76f795370e0c402c2fc4e978df702981a66c61bd635a05ac |
| SHA512 | 70c6bdeb460624de0d0ae76d5777c116a2ed025730b070563a6a00f31c44532f6969813559b4a288d47b793a61e88cfd175437d9fda0e51f8f8257eac03ca79c |
C:\Program Files\GPSoftware\Directory Opus\Language\dutch.dll
| MD5 | 6f4a7e8c84d488c35e670553d66446bf |
| SHA1 | ab22d35dcd57878557ee7fe4e765ed4352c0f760 |
| SHA256 | 4bb850b66dc060a3c45898d2a88d821dc175c108dd0789f0cc331ad8e5edeff0 |
| SHA512 | 6e9ed09fdd6743ac8a5aaa33e2b26364a4ef8a7c364b35d463626c9f25eccfe23017d04a80f08731242e505f7b14a07792a9b974214e71309e090e31c5aed652 |
C:\Program Files\GPSoftware\Directory Opus\Language\ell.dll
| MD5 | bc7a54859cf7464fdc7c66f8c983a49f |
| SHA1 | 778e5ac306292d19c7f8ed1a35dfceaf616881c8 |
| SHA256 | b9fa56662ebccdc635ff5d1fc994a0f37ee4538a49900df0766c95d2fd88d7da |
| SHA512 | c69362f08075d8cfb26ed47290b57bc62a3af134086a7976a6a5a75acfcd76a0efd0c78595ec7184e5e20693211ee7c7e0a25222ef9c47fa1abaf832b46426c9 |
C:\Program Files\GPSoftware\Directory Opus\Language\espanol.dll
| MD5 | 2bbb86f4f49c53bb8dc84e6081bc4a46 |
| SHA1 | b482cd25386b190e36084bf5d7cf99519bc2a302 |
| SHA256 | 2337ad92d2cde0afa5b6a443c7ce17df06c2d6648543fc7b1f3b3dc3806e21dc |
| SHA512 | 8957b261ef098212f19a195b755abe598463b07cca197d67d031296f1282fdbb1873103a83a6c146c557d9b7443d263d3358f41e662078949a022583bbdf0c53 |
C:\Program Files\GPSoftware\Directory Opus\Language\kor.dll
| MD5 | e25648d42ab74233fcca2c0703852c60 |
| SHA1 | b7f7bbe211c34ae72b461fce86d98b6dfa6c7af6 |
| SHA256 | cda3fe8d1e71317701278d23375a32087e4751f1148f606aa3eace33ba7766b1 |
| SHA512 | 7c331da59f0fd5c97ca1373ecc835c4615f4e5d37b2eeb7dfbf31741873e8ec803499572e09ae92f3be0725d8b69b422363c4fc003b3d89a112648a621b2a1b5 |
C:\Program Files\GPSoftware\Directory Opus\Language\magyar.dll
| MD5 | 5a0f37038c1098986a16141f7f010f54 |
| SHA1 | 8d2d260aed6bd60587a667cec718390af3ad695e |
| SHA256 | 5298af8ea507fab69c6d80ea5e8e52462ef64385c0242d96420561de6c4f42b8 |
| SHA512 | 052db0ace26e741fde0c90b446a067b5feae241b69c3df07b932daf594675732fd3d6c578102f83611b30ebfa2e42cbdff232b982aba0e276017ee55ca331f20 |
C:\Program Files\GPSoftware\Directory Opus\Language\polski.dll
| MD5 | 18a341829ee8733387ec963ec49a58c3 |
| SHA1 | 18101e1c2bf26eff27fec5b8bd9323b24bac32e1 |
| SHA256 | 3b5bc67c7343dd9fa2c3f22e7610d0ddd0f261167fe40eee48ab3f3261aa7825 |
| SHA512 | 0e9367b239ed88323d464b1b5213367b1384025f391e8819a264416b22fa7454f16faa4e39b6af5ff8417b420ebc2fd46592457d7f89a62dca8d48517d0c429e |
C:\Program Files\GPSoftware\Directory Opus\Language\trk.dll
| MD5 | 64f5be23f58b4725e201e8e33aada9e0 |
| SHA1 | a4354265aa0314570de6f7e4dc20c99d5dedc7ad |
| SHA256 | 93fd72681cbc21f14d3d63f2a6bf4420a9a87c17f783dc3c04f1c776f2af437d |
| SHA512 | c210b026d5b5c4c57919bbe3d5d9d4f1e794d23a4739bcd020a654bddee1c4b7d6c67956976d0e139e4ff6121edb4213fc0f76fa85ddb1baab8a92a1cd5f935c |
C:\Program Files\GPSoftware\Directory Opus\Language\svenska.dll
| MD5 | 0fd162a235c40b1d0b7b0be2e0409c8c |
| SHA1 | 1637894d13fc10dabad7102e5c34d0a699645ae6 |
| SHA256 | 69f6dccfa36b0e4fee40a56290a54cb3f41d97142e782153f7c552a999dda494 |
| SHA512 | 78acbbcef9d5004aebbc5d3e6a5a3456ca561e070fc367bd0c47efa61f923f85041c94a14750b5db3d13b9e0a9f7784c87f2635d982971cab2bdb0ff7a7d3135 |
C:\Program Files\GPSoftware\Directory Opus\Language\rus.dll
| MD5 | 82be5b75f18dd0a376279259b4b8c422 |
| SHA1 | ee412d33969659f38d26397fa937f69411aaff9c |
| SHA256 | dbab830f85f0d7235204c4fc7a4cb6765a12b50018cbf8f1827aeb79685ed2b8 |
| SHA512 | 6f370ca0419964212d5e0a58e73bba396e98a0a4189adc632f0428f3070dd012b3732888a33bbc33f78e520a97326cd1c7813201cf65af5253f20e9bb270c940 |
C:\Program Files\GPSoftware\Directory Opus\Language\ptg.dll
| MD5 | 0492df10cb340694b5ce85e6965f3adc |
| SHA1 | 7bd90aaa117538b1dc600a6e432d6549712c1c64 |
| SHA256 | 95a0ad799f29016d5892d1c3186dcca51b07180d2aaa47405a4cc2d00bb5c54c |
| SHA512 | 9d1fac9690293c9136ad75557c3c4b340837ec9b7b6df23d93358693d0373bea82f46576c4e6964d2f3f4cabd8c7c8d132d3a6e6853915ae47954a60079d1ab3 |
C:\Program Files\GPSoftware\Directory Opus\Language\pt-br.dll
| MD5 | 92473ac0e301a01bb0f5fe9f994c56df |
| SHA1 | 343d560332f1b2cfc92acee1fee500b9545b82de |
| SHA256 | 1f8adda6ba20b99d6d203e10d2f88a8392c08f5f1e52bb1e1dca0ef9ccb12d9c |
| SHA512 | c4ae0377c2c317b4fe0ea4cf738553b73ad290a5c7797cac48823ae1deb30ac9943918d92645152ad15789f1c2f84785412ff40ac587d8c4261513b9f77b03e0 |
C:\Program Files\GPSoftware\Directory Opus\Language\nor.dll
| MD5 | ad6881453ec3b6f111b2a8e1476aeb98 |
| SHA1 | 15f344a2962f94b0b2ee4d092af0554086295f0a |
| SHA256 | b2c3fe5d917e77d60394c69cb221dcde55457e6858a47b7c170cb680454399ea |
| SHA512 | 5d0b74a6176ef554ef54415e0c72df06c81554926e18d6d0c139d3581933b6fa72ca69173018054672c4b4ab12211f9dc0c155659cc005b9f0e24ddc7f24452e |
C:\Program Files\GPSoftware\Directory Opus\Language\jpn.dll
| MD5 | eb07cefdab354aad2751606e478f293f |
| SHA1 | d8a6fb85a7f4502fa375b13b9c403d71d0efd898 |
| SHA256 | e41c1267f88f74073263dce0e6396b7765d4d328434c33b81c5a7705d92a1420 |
| SHA512 | 243fddd1b0738f7e997feabe1fb7547dd6c8611373d3531c40fe097717fc7ff6c0ff9c4f53d83cb547a92678ae242ee9bffd2468fdbbc960bec27cfad2c6d176 |
C:\Program Files\GPSoftware\Directory Opus\Language\italiano.dll
| MD5 | 041190e9e4358b6a03de6f85b25bb9f4 |
| SHA1 | 6f48ff7edd1c00b7ca7e764d4a33d80e07a1a5ae |
| SHA256 | a412c24f229fcba3b390df2bffbd66777a04f0d72197f0fbf29512a8897f322a |
| SHA512 | a8ca67a6813125cc157599c5db8f11b94470bab8a9c35c29f15f996c55df48bd89dca682bac19759137d436988a159c739193b22108eb0e2128dd19169a62178 |
C:\Program Files\GPSoftware\Directory Opus\Language\francais.dll
| MD5 | ae8bb9a7e0ab1bc14ed7060761e1afe4 |
| SHA1 | ef36694d2728206fcdbfc418a8a3d8577f0a58d4 |
| SHA256 | 07446900fc9e1013c2b9db16608213c838440000982960645492050091fe1bf3 |
| SHA512 | 86fd6f6d9cc6187e600e6446cbd075f69e014c52706ef8df576181a45498bc12b031d453b166429f20483861d314667a5fdd32b31a1f99fc7ecc72e724ca8668 |
C:\Program Files\GPSoftware\Directory Opus\Language\esm.dll
| MD5 | 1f859e969ce52dc9413f60d070fa9d1a |
| SHA1 | 09da34591816ed67af1f75bc971c32047c7cfa89 |
| SHA256 | 79659f904fe437eb9482b1edcf920e6b774525c84ce353f6d19887ca078b163f |
| SHA512 | 8dc6d3cf787abc7f86d6ce0d85fcce249a732c1dee7c3aafc8965bc433aa56387105a13d7e65c7b768622b0ead2aec5b50b793074a48c752561ee5be0ca92e96 |
C:\Program Files\GPSoftware\Directory Opus\Language\deutsch.dll
| MD5 | 649c8a375006b855e8eea3b483ccba0a |
| SHA1 | 81d0fe7efeb446be37febb27cfddbb6b85f752fe |
| SHA256 | 44a9508a3d78e83de6acf816e7d0bb442f6ddce7f43fec02c7ee31e19b3a10f9 |
| SHA512 | 7f10f2b535bab1dd8aac172ea0a242f06a4e0710dc0c7a0999b73ecbc08df9c3e4ba56ec690c5eb437dc39581c268ac67689fefce3b4c1a1858f980555248958 |
C:\Program Files\GPSoftware\Directory Opus\Language\dansk.dll
| MD5 | 0c87c5ca2c72be8448810b890cc34361 |
| SHA1 | 8b94e74ca518d7e973997e38a95545867eafc16c |
| SHA256 | 1ec253c700f1f5cc085103d3d3ea77b76f5ed9aef1cd05eae213f8b7a66a5ee5 |
| SHA512 | 620ccf23f9192817605242f14b4cd6ff6dc6dc17df80b53c49586230a76837c7c2b8ad88076baaaa72bc75f6f116a32286b0b16f10930607141028b805934cf0 |
C:\ProgramData\GPSoftware\Directory Opus\Icons\DOpus9.dis
| MD5 | 0b3e319f62a0a3e7bc85f228c44b8bc7 |
| SHA1 | acafb44114e947d6d5098a58536adc87a847603b |
| SHA256 | 14b9c26913cb8d6e17e4f8c6f675678a7ef95fc9b3513cbbbf4425412161a6a6 |
| SHA512 | d8bf067b9cd3780de621f98050e233ebdaa46dff5165b4fb32e24d033d15948f9ab313080297872e25c79900a4343e1112a3d42813b93f7efbe26a3a2333cea3 |
C:\ProgramData\GPSoftware\Directory Opus\Global Data\globaldata.omd
| MD5 | 2e71210c66a0205a59ded5b2d95dd234 |
| SHA1 | 602bfe8679a6247d8e517a2df33f5e077c6c7713 |
| SHA256 | 257f15b71435ec8ae4993afa3992162017d8fb8d36314b7d16d6d97fe66fd1f5 |
| SHA512 | 22ea589086dd90a13ebc715adc8dd1abe09392a9413e242899784a5083f996453429d3ee7ec958a65d5b64a19fd7fa55a0364ce22a4d14a79d5f98b25e9fdd0c |
C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\ConfigFiles\toolbars.oxc.tmp
| MD5 | 5d88e5b676ee6fc7300d26df3afa1caa |
| SHA1 | b20b6086e4290f81f5b9806a16b0e0e326461bf0 |
| SHA256 | 233289aaa83cc3176691cc8f0ed09cbfcb993ea6c868f4456e478d258bfbc08d |
| SHA512 | 5339f1015479053279218bc7770dedcb1a0f0875bb12aa4d5589abd8911addb59ae7d0b105b7b792b3342b4fab94795f9e3ff39dda38e34a2c9621f00b1d8ba3 |
C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\ConfigFiles\toolbars.oxc
| MD5 | 63af086c67141e5b4e278fac8b141d8f |
| SHA1 | 6f73b37c687ec1a6c1ddec4ea9630dba69025ce2 |
| SHA256 | 0718a23576d6717b23f6fba219b7592c1999c8da8b316c6cee535ab90a747dea |
| SHA512 | d02037de904d117227c8ac2fc4d0aab144c834fef13dac5b4680ea8f4bffaa304ff40394f1fad08dcbc4f100d9aa7072de45f67a9b2f491ee1a73c4432f05114 |
\Program Files\GPSoftware\Directory Opus\Viewers\wma.dll
| MD5 | acde06a9f9d64ca2cbf963068c4d267c |
| SHA1 | 4809ce4160d1661c8db9125f290f2712cc1ab089 |
| SHA256 | 2713b4c6ce4f49a769e005fff7cea749982930a71d59eededea766e624e81a5d |
| SHA512 | 4e0d0862f638f81150e722cdd2385f7497505cbb67407b5675845e8e478f9031dccd26dc185e0f8086bd8ac737539a4190c249610b2d7ebc53cad523ec23b8a5 |
\Program Files\GPSoftware\Directory Opus\Viewers\movie.dll
| MD5 | 80ea35d47c325bbe5906e9830432ab90 |
| SHA1 | 4fb2d3c449e4d3c25445c97d859cc0f5a9b42245 |
| SHA256 | 8b5e95f546e23821239bf2be809987e725bb28d4f773a9f23f0519fe6f777867 |
| SHA512 | 6a98ced85785d517b06b907612481888a56f899fba86a7130e078d7d151793b1a7b3ff66898502d4ac815e36955b5ea87131b735e10d455e3a3447ffc3e11d1f |
\Program Files\GPSoftware\Directory Opus\Viewers\multiview.dll
| MD5 | 217549d065ffaf42d67af4f39d18ea81 |
| SHA1 | 9013c9aab6df6ca026ad2cfb67a7110fb3b65e68 |
| SHA256 | 8356fa6fe53273d67defa2c790b3d29c5bd6fa691d9d81ec134290eb5bc89cd9 |
| SHA512 | 24ff2d94047a1d6937e2761f1f34e41caed04f0b8f8cef446f4596df01891437043de94788e14784a2e5cc7a840741c011b405d0cc832c81df4c929096c61ff3 |
C:\Program Files\GPSoftware\Directory Opus\Viewers\opuswic.dll
| MD5 | 206504a16ed83733fc542079bfb01529 |
| SHA1 | eebf5c32fb0bf001716a33580d4833af814d0a03 |
| SHA256 | 9ea8c9074f97728184562909d1e778251e1c997b9ee966d3dcf41e5e731648d7 |
| SHA512 | 0ad5fc1707675eb443ed95b012b16e9f4bd0bedd5f63a5bb7bc239696d3e4a13de6dd336c04cfeef0b92fd4806f3fb200cf2e905de2ac71a34d6b62fe519512d |
\Program Files\GPSoftware\Directory Opus\Viewers\j2k.dll
| MD5 | 2a044888d9fc36a25c6e47d92ee804d9 |
| SHA1 | db3036c2c17bbfd684484a62e76255096ebabf9a |
| SHA256 | ab32f4781ef9fd5b26c5f0bcfcdd95826d719ff4c5e7d1a4bc15322d36c0cdbd |
| SHA512 | 079f624a650b223a4388d144af4730900dc025d4cc313a78a0b0b6e44cbadb8f850da320cee7f9e4f0ebe57da39b34a302444269e222767111bb1c3c1fd5b023 |
\Program Files\GPSoftware\Directory Opus\Viewers\gifanim.dll
| MD5 | f5ef1481d94cdd18aafd517386796806 |
| SHA1 | e7c25efc1bbe2ccdd99515d3028ca47a30d91bcd |
| SHA256 | 65fb6a831c4382fd3cf5292fc9164993d2f4c5ad2930e70eeef22987084eeb4f |
| SHA512 | 09d1a7f78619126460da85f6126ee23aada037ee9f9b4a8e56ecab86463cdfdf8e98466696f954a70349fcdb826d65acf2b0bae4d3e29f8b1cde2787b9668758 |
\Program Files\GPSoftware\Directory Opus\Viewers\docs.dll
| MD5 | 52ef5de9b53f72c792bfb97d9cad3d06 |
| SHA1 | fc637a8a90ad7f29a4f36b2866c07c625a707843 |
| SHA256 | 5367bb3bb18fb345b7906357b42ac5dec0b7e651c33c0b8c9d953cfa768c6097 |
| SHA512 | da8c975a42b3d7b59789bee2b96c051ae77956d169cd8b49a16b44b871b8cf89ac08b68a693292e1e0696061da7b72ceb4792a6f86807ea176d020ef6f12608f |
\Program Files\GPSoftware\Directory Opus\Viewers\dcrawrap.dll
| MD5 | 48547131cab3d340410eeb8bcc790754 |
| SHA1 | 179948cdf302eee5410a1ecd10dbe64d8d2e0085 |
| SHA256 | a46cdab1156188e853ee6f5d2fe27491cfffc7c0635f7f43e9d4dc99112eee1c |
| SHA512 | 47cfba89d9f63f84c5ad5232cc108158e0feaaa32a04c4ab016b79a938de46d694a364258527e856c9c783c4500412441f8cfa7dcb356ae6c02298ec9d2605e0 |
\Program Files\GPSoftware\Directory Opus\Viewers\audiotags.dll
| MD5 | 75691032e4b8ca7ddeda91de2d1d0576 |
| SHA1 | 36619f913631e26ac60d9d949498e5fa73f330d3 |
| SHA256 | 688bb8f0ad3869d26ecbb775a74de598cc81223cbeb789e5ec4ca0b057ac6864 |
| SHA512 | 0c2cb92ead45a166e93c40c04a61e9d0523983c6219bb3e956651debbf0c95f597a17835bf49b59bbd0b6bb35ec4fb27c296aa198fdf2f326acffaf651625d4d |
C:\Program Files\GPSoftware\Directory Opus\Viewers\dcrawrap.dll
| MD5 | f5a33c3e19dcb90ba19ef99047493392 |
| SHA1 | ddff18426e89069dc0a17f3087a4aed57dfdc2dd |
| SHA256 | a60b12a9648d39cc243ec52beff2410f2565c51c02e7f0e5237a2764fdd93400 |
| SHA512 | b6254e009cc53cd8034a7565867ac71100bb96afafe0c8e47dc9f6aa2caa59a8e370ce8ccc9baebd73020aaff5c46cb8fe3943f59383e0378516c00d4fec80e6 |
memory/1520-1788-0x00007FFB35AD0000-0x00007FFB35AD1000-memory.dmp
C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\userdata.omd.tmp
| MD5 | 4415e2cbb7187e301d47b324f78f7fb7 |
| SHA1 | 06c1d7fb59566fba2e442db5e79161eb1031fc8f |
| SHA256 | e41d3e5f8ac8e2a2a1ce55246cdd073e148b7668de35517225be49adc9288638 |
| SHA512 | 864d9522026f5acc82daaff1f597f7baba8f7a103804825b5b766da6b71f3c779165c98f57f6d4d2ba596417f5d095c332d60ce43d95e571220e94eee2c240b2 |
C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\Formats\default.off
| MD5 | ead5bfe3e6f98bceaefefedd4d9e4645 |
| SHA1 | d83bbf46803a6b72c862d8aca7fba99a2e00d5c9 |
| SHA256 | e8d09814a61ed4dbce653055df236500d1abdb721144d4c1faff97447a61a863 |
| SHA512 | d21b804e14d1bcd85dd8331b4cccf92a667301a34a7f315e9708584583abd9338ccbdcc476ad64e7557c9776981fe3c97ee161bd872ede8fe513bfa371613687 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
| MD5 | 4b77644baefb25d84d68da6f77cea216 |
| SHA1 | 356b3b55c41bc9b5881f333beef11bc928cbfe63 |
| SHA256 | 512a9d74b3c075f3a58682d069cc60b7353f34dc34f79fadcd5d0d8f104542ee |
| SHA512 | 2381d4f186a70bc67779e2835afc00d49726023384dc137e89799647c6cdbd83d800b841562052c6944cee5db2ed8ecf2a2ebfee3b80b1f3548100a69fcfc5e5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 13:23
Reported
2024-02-23 13:29
Platform
win10v2004-20240221-en
Max time kernel
274s
Max time network
276s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
Files
memory/884-0-0x00007FF89BBD0000-0x00007FF89BC10000-memory.dmp
memory/884-1-0x00000181BF9C0000-0x00000181BF9C1000-memory.dmp
memory/884-2-0x00007FF89BBD0000-0x00007FF89BC10000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-02-23 13:23
Reported
2024-02-23 13:29
Platform
win10v2004-20240221-en
Max time kernel
131s
Max time network
95s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Download Latest Cracks and Apps from CracksHash.com.url"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |