Malware Analysis Report

2025-08-05 09:27

Sample ID 240223-qm315agd9y
Target DirectoryOpus.zip
SHA256 f0be34597af1f13ecb5297508075745ee2af467564bd0ed6fc025a4885924456
Tags
upx discovery evasion persistence trojan
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f0be34597af1f13ecb5297508075745ee2af467564bd0ed6fc025a4885924456

Threat Level: Shows suspicious behavior

The file DirectoryOpus.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx discovery evasion persistence trojan

UPX packed file

Enumerates connected drives

Adds Run key to start application

Checks whether UAC is enabled

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Drops file in Windows directory

Executes dropped EXE

Registers COM server for autorun

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: AddClipboardFormatListener

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Modifies Control Panel

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

NTFS ADS

Modifies registry class

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 13:23

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-02-23 13:23

Reported

2024-02-23 13:30

Platform

win11-20240221-en

Max time kernel

131s

Max time network

289s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Download Latest Cracks and Apps from CracksHash.com.url"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Download Latest Cracks and Apps from CracksHash.com.url"

Network

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-02-23 13:23

Reported

2024-02-23 13:30

Platform

win10v2004-20240221-en

Max time kernel

297s

Max time network

294s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe

"C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"

C:\Users\Admin\AppData\Local\Temp\is-8F0MD.tmp\DOpusInstall.tmp

"C:\Users\Admin\AppData\Local\Temp\is-8F0MD.tmp\DOpusInstall.tmp" /SL5="$C002E,39119681,803328,C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp

Files

memory/4368-0-0x0000000000400000-0x00000000004D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-8F0MD.tmp\DOpusInstall.tmp

MD5 b589c1b34a069180a959b8e91b9c04d1
SHA1 8875ce4398d7517cd07a88acf52f694ab44952fa
SHA256 74b960394e32a1d52a3ba45111b0beb06395637e471832ef6e284736407376b3
SHA512 acd0da0ffd40d2f06fdc9c183d18e4c19a31197ec3fceb0fd5c1d1bfdd265b15cf2e35496911be8f548d80d801ce0dce39390d050fbab94cb8e9d776f513198c

memory/2868-5-0x0000000000960000-0x0000000000961000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-3MT3C.tmp\innohelp.dll

MD5 269e20c08a480cf20685a645b1ee9a09
SHA1 c8cb5d7fc506bd982bac244734e31e54d4adeb31
SHA256 80f8b49d1fbcc2db21dc5c1fc9a62c712de8f83691c245369280b32b6cf1f4d2
SHA512 b3e77a66960b1b86335d3a5a27657dcf998376336138a19ecc343b91d090c9cf52b3af07700fd4882d1ba64d766bd55b8b5f4fc1ecd7e17fddbeafe2db1bb3a3

memory/4368-11-0x0000000000400000-0x00000000004D2000-memory.dmp

memory/2868-12-0x0000000000400000-0x000000000068D000-memory.dmp

memory/2868-15-0x0000000000960000-0x0000000000961000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2024-02-23 13:23

Reported

2024-02-23 13:29

Platform

win11-20240221-en

Max time kernel

292s

Max time network

111s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe

"C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"

C:\Users\Admin\AppData\Local\Temp\is-M1CRD.tmp\DOpusInstall.tmp

"C:\Users\Admin\AppData\Local\Temp\is-M1CRD.tmp\DOpusInstall.tmp" /SL5="$7022E,39119681,803328,C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"

Network

Country Destination Domain Proto
US 52.111.229.43:443 tcp

Files

memory/4460-0-0x0000000000400000-0x00000000004D2000-memory.dmp

memory/4460-2-0x0000000000400000-0x00000000004D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-M1CRD.tmp\DOpusInstall.tmp

MD5 b589c1b34a069180a959b8e91b9c04d1
SHA1 8875ce4398d7517cd07a88acf52f694ab44952fa
SHA256 74b960394e32a1d52a3ba45111b0beb06395637e471832ef6e284736407376b3
SHA512 acd0da0ffd40d2f06fdc9c183d18e4c19a31197ec3fceb0fd5c1d1bfdd265b15cf2e35496911be8f548d80d801ce0dce39390d050fbab94cb8e9d776f513198c

memory/2672-6-0x0000000000960000-0x0000000000961000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-9SH4P.tmp\innohelp.dll

MD5 269e20c08a480cf20685a645b1ee9a09
SHA1 c8cb5d7fc506bd982bac244734e31e54d4adeb31
SHA256 80f8b49d1fbcc2db21dc5c1fc9a62c712de8f83691c245369280b32b6cf1f4d2
SHA512 b3e77a66960b1b86335d3a5a27657dcf998376336138a19ecc343b91d090c9cf52b3af07700fd4882d1ba64d766bd55b8b5f4fc1ecd7e17fddbeafe2db1bb3a3

memory/4460-12-0x0000000000400000-0x00000000004D2000-memory.dmp

memory/2672-13-0x0000000000400000-0x000000000068D000-memory.dmp

memory/2672-16-0x0000000000960000-0x0000000000961000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 13:23

Reported

2024-02-23 13:29

Platform

win10-20240221-en

Max time kernel

291s

Max time network

264s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp

Files

memory/1864-0-0x00007FFD61C30000-0x00007FFD61C70000-memory.dmp

memory/1864-3-0x0000027BBC5E0000-0x0000027BBC5E1000-memory.dmp

memory/1864-8-0x00007FFD61C30000-0x00007FFD61C70000-memory.dmp

memory/1864-10-0x0000027BBC5E0000-0x0000027BBC5E1000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-23 13:23

Reported

2024-02-23 13:29

Platform

win11-20240221-en

Max time kernel

108s

Max time network

112s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp

Files

memory/3172-0-0x00007FFC0A840000-0x00007FFC0A880000-memory.dmp

memory/3172-1-0x00000281264A0000-0x00000281264A1000-memory.dmp

memory/3172-2-0x00007FFC0A840000-0x00007FFC0A880000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-02-23 13:23

Reported

2024-02-23 13:29

Platform

win10-20240214-en

Max time kernel

253s

Max time network

257s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Download Latest Cracks and Apps from CracksHash.com.url"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Download Latest Cracks and Apps from CracksHash.com.url"

Network

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-02-23 13:23

Reported

2024-02-23 13:30

Platform

win10-20240221-en

Max time kernel

312s

Max time network

320s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Software\Microsoft\Windows\CurrentVersion\Run\Directory Opus Desktop Dblclk = "\"C:\\Program Files\\GPSoftware\\Directory Opus\\dopusrt.exe\" /dblclk" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\A: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\E: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\M: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\O: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\P: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\T: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\G: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\H: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\Q: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\W: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\X: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\I: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\K: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\S: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\V: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\Z: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\B: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\J: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\L: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\N: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\R: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened (read-only) \??\U: C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Geo\Nation C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\inf32\{8931DE95-19CA-41EE-BC6E-F556DB152A4D} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{081E9FE7-E73C-4F78-948B-8771276A29A2} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{008A6EAE-0C74-4159-9339-4DF98B4DCCCD} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{F850F077-19E6-41B8-A944-927633A79E15} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{F2E2B721-742C-4923-A8C3-98A7CB752D57} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{7F90E538-84CF-4475-8B74-2435A52B14D7} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{008A6EAE-0C74-4159-9339-4DF98B4DCCCD} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{7339F7F9-8707-4F0E-B661-2D11E36E9C38} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{855AF0F1-EE09-4E02-87C9-A2A95A966F37} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{7EAF5F8B-6851-4281-8039-6F0802F46833} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{D276CADD-4105-41BD-8128-DB2D995809E6} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{339FA1D5-707F-4CE4-8291-B2AF27C34A74} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{37AADEB9-CCA0-4003-AE68-17CC5C3181CE} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{7F8E381F-0B2A-420D-A69C-F85A14323BAC} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{53D84A7F-66BA-4801-9DB0-4BD8E85830BD} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{0387E7CC-1CB5-4C91-8ED6-49B5F6372B8A} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{A1EDD3A6-A2A7-42BF-B0C4-1F2004775E9C} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{DEDAB166-2DC4-47BC-95C9-B0A092FCCD15} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{897672BC-BC38-462B-A2C3-5AE6CC3DE77D} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{7339F7F9-8707-4F0E-B661-2D11E36E9C38} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{ECC4FD39-C1CD-4140-85FF-8BF670D8177E} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{4FC73CDC-2181-4B0E-B00B-C0834AF769C4} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{C27FC34F-A633-42C1-B77A-3D85ECF6BDB6} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{339FA1D5-707F-4CE4-8291-B2AF27C34A74} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\argtmp39.dll C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{E9822023-7745-4992-AD4F-A5792A725E44} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{E9822023-7745-4992-AD4F-A5792A725E44} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{7F8E381F-0B2A-420D-A69C-F85A14323BAC} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{DEDAB166-2DC4-47BC-95C9-B0A092FCCD15} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{7F90E538-84CF-4475-8B74-2435A52B14D7} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{53D84A7F-66BA-4801-9DB0-4BD8E85830BD} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{92225C38-923E-400A-A807-27EB46E9D78D} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{F850F077-19E6-41B8-A944-927633A79E15} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{D276CADD-4105-41BD-8128-DB2D995809E6} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{0B499001-F225-4C61-9664-11CE528CD7E1} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{7EAF5F8B-6851-4281-8039-6F0802F46833} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{897672BC-BC38-462B-A2C3-5AE6CC3DE77D} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{0B499001-F225-4C61-9664-11CE528CD7E1} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{081E9FE7-E73C-4F78-948B-8771276A29A2} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{E8804616-84DB-4715-9D45-939A4EFB3F8F} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{92225C38-923E-400A-A807-27EB46E9D78D} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{855AF0F1-EE09-4E02-87C9-A2A95A966F37} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{37AADEB9-CCA0-4003-AE68-17CC5C3181CE} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{E8E1CA93-A9BF-477E-B8E2-820723C39AC0} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{E8E1CA93-A9BF-477E-B8E2-820723C39AC0} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{C27FC34F-A633-42C1-B77A-3D85ECF6BDB6} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{ECC4FD39-C1CD-4140-85FF-8BF670D8177E} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{34C53E7F-3CE8-4353-BFC2-C2F27254FC82} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{E8804616-84DB-4715-9D45-939A4EFB3F8F} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\argtmp39.dll C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{8931DE95-19CA-41EE-BC6E-F556DB152A4D} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{F2E2B721-742C-4923-A8C3-98A7CB752D57} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{A1EDD3A6-A2A7-42BF-B0C4-1F2004775E9C} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{34C53E7F-3CE8-4353-BFC2-C2F27254FC82} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\System32\inf32\{0387E7CC-1CB5-4C91-8ED6-49B5F6372B8A} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\System32\inf32\{4FC73CDC-2181-4B0E-B00B-C0834AF769C4} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-K5IO2.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-1CV35.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-H1GE1.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-BLRAI.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-UBSKI.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\unins000.msg C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-POCDV.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\is-1VV21.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\is-9BK0V.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\is-VON4I.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-VG25V.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-6JP5A.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\VFSPlugins\is-HFUHQ.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\is-8QOAT.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-MN6TI.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\is-PN31D.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-T35D4.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-VPP42.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-G0A26.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\VFSPlugins\is-VQKOR.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\is-382P1.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-GFN8C.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-I0QMF.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-5TBVD.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-II2LK.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-J96JV.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-ETHNJ.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-60FAK.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-GBQA2.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-EIJJM.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\is-R6SIC.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-E0CCD.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\is-V62TQ.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-1482T.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-SJIJP.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-PEN4P.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-BD2AE.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-KNNBH.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-QPQHF.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\is-8RAHP.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\is-H0OJT.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-8HN9I.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Policies\is-OIB76.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-5P8F5.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-P64BN.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\VFSPlugins\is-R8A28.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-K8EEC.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Images\is-KH7QD.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-DVKRR.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-I9C49.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-OGNJB.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-48DBC.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-360UF.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-072S6.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Images\is-T62OJ.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-NN3CM.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\VFSPlugins\is-T36CA.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Images\is-M38US.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\is-JCHT0.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-4CEBN.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Viewers\is-C2V65.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\VFSPlugins\is-HUVNO.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\x86\Viewers\is-9FIJQ.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
File created C:\Program Files\GPSoftware\Directory Opus\Language\is-AMO3H.tmp C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\xpcc37.log C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\Windows\xpcc37.log C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DEDAB166-2DC4-47BC-95C9-B0A092FCCD15}\InprocServer32\Data = 66b1dadec42dbc4795c9b0a092fccd15404636315f25513f534e342358235c402739404125482f1a000000000000000088a988ee000000000000000000000000655de6d40abb975ba33b1a4f7555f06e C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27FC34F-A633-42C1-B77A-3D85ECF6BDB6}\InprocServer32\Data = 4fc37fc233a6c142b77a3d85ecf6bdb64e5451523e25485b5a5e5b234827245a5e39205a4e2f481a0000000000000000e2d489e6000000000000000000000000752c465c645d2a7e7f67ee8789e32a84 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F326FD86-20F3-4476-83C8-BCD2C7D9B5D6}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BBD5F00E-26A6-4fb2-BAE1-31543C0BEA47}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F85D7E1E-9662-4b38-B1AE-3CF1E9581A3C}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D2FCA36D-93CD-46f2-8324-6308F6E31B53}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9822023-7745-4992-AD4F-A5792A725E44}\InprocServer32\ThreadingModel = "apartment" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F850F077-19E6-41B8-A944-927633A79E15}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7F8E381F-0B2A-420D-A69C-F85A14323BAC}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3CF9ECE0-1A9F-11d2-8C73-00C06C2005DE}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9FE4040-3C93-11d4-8006-00201860E88A}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2}\InprocServer32\ThreadingModel = "apartment" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{081E9FE7-E73C-4F78-948B-8771276A29A2}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA}\InprocServer32\Data = 4f36a24cee7a7e4aa8a7655611b397ba3554413335254b5c474a54234826465742395920445a521a0000000000000000debda8760000000000000000000000009056e96b3c0b39e37883759599d81092 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{7339F7F9-8707-4F0E-B661-2D11E36E9C38}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{92225C38-923E-400A-A807-27EB46E9D78D}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DEDAB166-2DC4-47BC-95C9-B0A092FCCD15}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{7F90E538-84CF-4475-8B74-2435A52B14D7}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D276CADD-4105-41BD-8128-DB2D995809E6}\InprocServer32\ThreadingModel = "apartment" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{081E9FE7-E73C-4F78-948B-8771276A29A2}\InprocServer32\Data = e79f1e083ce7784f948b8771276a29a24e4f525654253c4e48345d23554243264739445b55595f1a0000000000000000603735660000000000000000000000007b7d8633d982549266bb4a2ca57b0f74 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{F850F077-19E6-41B8-A944-927633A79E15}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{53D84A7F-66BA-4801-9DB0-4BD8E85830BD}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D276CADD-4105-41BD-8128-DB2D995809E6}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD455886-C07F-4DB5-B414-18B1FEFA6117}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD455886-C07F-4DB5-B414-18B1FEFA6117}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB654B0D-CB3A-4BFA-A8CC-812C5E48D5E0}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BBD5F00E-26A6-4fb2-BAE1-31543C0BEA47}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{0B499001-F225-4C61-9664-11CE528CD7E1}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA}\InprocServer32\ThreadingModel = "apartment" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{92225C38-923E-400A-A807-27EB46E9D78D}\InprocServer32\Data = 385c22923e920a40a80727eb46e9d78d45544f4c51255d4e3d3a392356535650203942515b5c4f1a0000000000000000cb4510770000000000000000000000000b965996b10b8f6f4f634b91bf40dcdf C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D276CADD-4105-41BD-8128-DB2D995809E6}\InprocServer32\Data = ddca76d20541bd418128db2d995809e64f30535734255d4e523446234845444a58395d474020211a0000000000000000894cb0b8000000000000000000000000c68f3d51372dd96e2e04b6b95d8be33e C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3595AEA4-FA1C-498A-8EEA-5F2366D16705}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopushlp.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3CF9ECE0-1A9F-11d2-8C73-00C06C2005DE}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BBD5F00E-26A6-4fb2-BAE1-31543C0BEA47}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0387E7CC-1CB5-4C91-8ED6-49B5F6372B8A}\InprocServer32\ThreadingModel = "apartment" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{37AADEB9-CCA0-4003-AE68-17CC5C3181CE}\InprocServer32\ThreadingModel = "apartment" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7339F7F9-8707-4F0E-B661-2D11E36E9C38}\InprocServer32\Data = f9f7397307870e4fb6612d11e36e9c38373c42303f253f3c43553e233a41595857392c2520212d1a0000000000000000847fceb100000000000000000000000093daddda39cd89dac4361b71f3a04b8b C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D2FCA36D-93CD-46f2-8324-6308F6E31B53}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ECC4FD39-C1CD-4140-85FF-8BF670D8177E}\InprocServer32\ThreadingModel = "apartment" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{855AF0F1-EE09-4E02-87C9-A2A95A966F37}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{008A6EAE-0C74-4159-9339-4DF98B4DCCCD}\InprocServer32\ThreadingModel = "apartment" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{8931DE95-19CA-41EE-BC6E-F556DB152A4D}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{7F8E381F-0B2A-420D-A69C-F85A14323BAC}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{897672BC-BC38-462B-A2C3-5AE6CC3DE77D}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{0387E7CC-1CB5-4C91-8ED6-49B5F6372B8A}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3595AEA4-FA1C-498A-8EEA-5F2366D16705}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1EDD3A6-A2A7-42BF-B0C4-1F2004775E9C}\InprocServer32\Data = a6d3eda1a7a2bf42b0c41f2004775e9c5a51404131253e46525a3a235b2623455839434f465c521a00000000000000006ffefe71000000000000000000000000e37a1653396623ee208abf87329305a9 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{339FA1D5-707F-4CE4-8291-B2AF27C34A74}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F326FD86-20F3-4476-83C8-BCD2C7D9B5D6}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9822023-7745-4992-AD4F-A5792A725E44}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{E8E1CA93-A9BF-477E-B8E2-820723C39AC0}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{339FA1D5-707F-4CE4-8291-B2AF27C34A74}\InprocServer32\Data = d5a19f337f70e44c8291b2af27c34a7400000000000000000000000000000000000000000000000000000000000000009cb5966d7e7dda01f893291a1c000c00c47845b46be35133013e9cb1ec8d349d C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{855AF0F1-EE09-4E02-87C9-A2A95A966F37}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{53D84A7F-66BA-4801-9DB0-4BD8E85830BD}\InprocServer32\Data = 7f4ad853ba6601489db04bd8e85830bd4630433335255b39454f5f23382154515f395d2f5c4e551a000000000000000000032feb0000000000000000000000004c1c554a522859a59e67f39ac3568d60 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514}\InprocServer32\Data = fd746102e09ad94c9f3b4c148aeb851446575c315e253f444a56352345455c445f394f204e404c1a0000000000000000e2ce83ff0000000000000000000000009061e7daf21e86ac8a8d76f5d5c09f82 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{75C235EA-9D69-430B-92DD-C04B5BFA48A4}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopushlp.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B9DD4945-1BED-4cb7-994C-F40B72B7725A}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F85D7E1E-9662-4b38-B1AE-3CF1E9581A3C}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8931DE95-19CA-41EE-BC6E-F556DB152A4D}\InprocServer32\ThreadingModel = "apartment" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{92225C38-923E-400A-A807-27EB46E9D78D}\InprocServer32\ThreadingModel = "apartment" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Enumerates physical storage devices

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{37AADEB9-CCA0-4003-AE68-17CC5C3181CE} = b9deaa37a0cc0340ae6817cc5c3181ce485d403041253e584f40392357415047413950555c494b1a00000000000000003d241e51000000000000000000000000b0a91f31fe7ddeaa9df1d4ebf10a4b89 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{7EAF5F8B-6851-4281-8039-6F0802F46833} = 8b5faf7e5168814280396f0802f46833455c535f46253a405f3f3a23485c4950213953235f5c2f1a0000000000000000eaef6e97000000000000000000000000ee03f59461faa15b199f9aa881523dfe C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{A1EDD3A6-A2A7-42BF-B0C4-1F2004775E9C} = a6d3eda1a7a2bf42b0c41f2004775e9c5a51404131253e46525a3a235b2623455839434f465c521a00000000000000006ffefe71000000000000000000000000e37a1653396623ee208abf87329305a9 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{34C53E7F-3CE8-4353-BFC2-C2F27254FC82} = 7f3ec534e83c5343bfc2c2f27254fc82444a4b485f254b5a323f5723555b4b4a543927525453401a0000000000000000c3e8e52e0000000000000000000000005246db741e0b3fc9411a24e7117da709 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{53D84A7F-66BA-4801-9DB0-4BD8E85830BD} = 7f4ad853ba6601489db04bd8e85830bd4630433335255b39454f5f23382154515f395d2f5c4e551a000000000000000000032feb0000000000000000000000004c1c554a522859a59e67f39ac3568d60 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{C27FC34F-A633-42C1-B77A-3D85ECF6BDB6} = 4fc37fc233a6c142b77a3d85ecf6bdb64e5451523e25485b5a5e5b234827245a5e39205a4e2f481a0000000000000000e2d489e6000000000000000000000000752c465c645d2a7e7f67ee8789e32a84 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{081E9FE7-E73C-4F78-948B-8771276A29A2} = e79f1e083ce7784f948b8771276a29a24e4f525654253c4e48345d23554243264739445b55595f1a0000000000000000603735660000000000000000000000007b7d8633d982549266bb4a2ca57b0f74 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{ECC4FD39-C1CD-4140-85FF-8BF670D8177E} = 39fdc4eccdc1404185ff8bf670d8177e403d304c56253f523d5e3b23594845584a395d50225f431a0000000000000000f19687e70000000000000000000000006677e21083b38278be1170af495ab2ae C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{DEDAB166-2DC4-47BC-95C9-B0A092FCCD15} = 66b1dadec42dbc4795c9b0a092fccd15404636315f25513f534e342358235c402739404125482f1a000000000000000088a988ee000000000000000000000000655de6d40abb975ba33b1a4f7555f06e C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{7F90E538-84CF-4475-8B74-2435A52B14D7} = 38e5907fcf8475448b742435a52b14d73145513050255e39463a592348245b465639474451544a1a00000000000000003353592c0000000000000000000000006bdac39dd836532a6629d0d389187290 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{897672BC-BC38-462B-A2C3-5AE6CC3DE77D} = bc72768938bc2b46a2c35ae6cc3de77d474a5c433f255e58455659235545274a2a3926225c56571a00000000000000003e6eb5aa000000000000000000000000f40a1a432407a44c26944b45ffc7abd5 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2} = aebd2dc0ba941f478bb57cccd9477bf240534b53562558424d445f2341485b265f39522e414b581a0000000000000000936d6f290000000000000000000000000ff6afd500b18d201b6ada2d685c5705 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{E9822023-7745-4992-AD4F-A5792A725E44} = 232082e945779249ad4fa5792a725e44373d525e4c25304f5f544b234256494452395b58242f401a00000000000000008bf49315000000000000000000000000724b88670262879dbaf300775c538399 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{F850F077-19E6-41B8-A944-927633A79E15} = 77f050f8e619b841a944927633a79e15444c50434325473f4d3835234525472a443952524d495f1a0000000000000000c1952e3f000000000000000000000000d3501637c5f05beb42f44672e65f75aa C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{4FC73CDC-2181-4B0E-B00B-C0834AF769C4} = dc3cc74f81210e4bb00bc0834af769c43545314332254c3e4f4b4b23364454275e392c442321581a00000000000000004212d30b000000000000000000000000dc1060aa24ca091f17e687502a51e1f1 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA} = 4f36a24cee7a7e4aa8a7655611b397ba3554413335254b5c474a54234826465742395920445a521a0000000000000000debda8760000000000000000000000009056e96b3c0b39e37883759599d81092 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{F2E2B721-742C-4923-A8C3-98A7CB752D57} = 21b7e2f22c742349a8c398a7cb752d57464f53483f253a3c5c4f5823485d292a47394d5724542e1a00000000000000000c4320cd00000000000000000000000011912411d91a1eff3c445149e5528c73 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{E8804616-84DB-4715-9D45-939A4EFB3F8F} = 164680e8db8415479d45939a4efb3f8f45303d4344254a425d5d40234822405f4339545d46494b1a00000000000000008e8c258d000000000000000000000000117415839834895852770fb5926c77fc C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{7F8E381F-0B2A-420D-A69C-F85A14323BAC} = 1f388e7f2a0b0d42a69cf85a14323bac4f36424a3125515d3d593a233652295f2b39215b564c481a00000000000000002cd2fa69000000000000000000000000b01b76e50ce9ceff9c32dfadd39ad6d6 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{855AF0F1-EE09-4E02-87C9-A2A95A966F37} = f1f05a8509ee024e87c9a2a95a966f3753533c5633255b5233594623574045475f3956425f524e1a0000000000000000f674853a0000000000000000000000001a6919f4dcf48f778db98c71725d4f5d C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{0387E7CC-1CB5-4C91-8ED6-49B5F6372B8A} = cce78703b51c914c8ed649b5f6372b8a5145314d412543483e5d4623455e2256473957252e49571a00000000000000002e4fe73e0000000000000000000000008ff7cac6538a909c4f7320b4fc596b27 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{D276CADD-4105-41BD-8128-DB2D995809E6} = ddca76d20541bd418128db2d995809e64f30535734255d4e523446234845444a58395d474020211a0000000000000000894cb0b8000000000000000000000000c68f3d51372dd96e2e04b6b95d8be33e C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514} = fd746102e09ad94c9f3b4c148aeb851446575c315e253f444a56352345455c445f394f204e404c1a0000000000000000e2ce83ff0000000000000000000000009061e7daf21e86ac8a8d76f5d5c09f82 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{0B499001-F225-4C61-9664-11CE528CD7E1} = 0190490b25f2614c966411ce528cd7e150305f3f4f254f48404135235644474127394d552120211a0000000000000000abc2e7ec0000000000000000000000003f533497b54506718cfc4b322a2d61b2 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{8931DE95-19CA-41EE-BC6E-F556DB152A4D} = 95de3189ca19ee41bc6ef556db152a4d44554b4244255f3d415843234a415a2456392141512d4e1a0000000000000000aad2c4b60000000000000000000000001cd63f7122e908a83c119c112f02e08b C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8} = 4138427acf41aa47bfc3721ed2faf1d84e53473451255b3c415c47234352434a5139512350594a1a00000000000000007f1c10f00000000000000000000000006489e4c10be50b3aabcd2f9564e0ef5e C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{E8E1CA93-A9BF-477E-B8E2-820723C39AC0} = 93cae1e8bfa97e47b8e2820723c39ac04e454b504b255d42485c4823495a464a52392d24222e4e1a0000000000000000a9660358000000000000000000000000f901b932fb9c84599cf87a2f18cf4a9c C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{7339F7F9-8707-4F0E-B661-2D11E36E9C38} = f9f7397307870e4fb6612d11e36e9c38373c42303f253f3c43553e233a41595857392c2520212d1a0000000000000000847fceb100000000000000000000000093daddda39cd89dac4361b71f3a04b8b C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{92225C38-923E-400A-A807-27EB46E9D78D} = 385c22923e920a40a80727eb46e9d78d45544f4c51255d4e3d3a392356535650203942515b5c4f1a0000000000000000cb4510770000000000000000000000000b965996b10b8f6f4f634b91bf40dcdf C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{339FA1D5-707F-4CE4-8291-B2AF27C34A74} = d5a19f337f70e44c8291b2af27c34a7400000000000000000000000000000000000000000000000000000000000000009cb5966d7e7dda01f893291a1c000c00c47845b46be35133013e9cb1ec8d349d C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Control Panel\International\Time\{008A6EAE-0C74-4159-9339-4DF98B4DCCCD} = ae6e8a00740c594193394df98b4dcccd503c4750452541333d5646233d4154425039525744485e1a0000000000000000ba1d1ba5000000000000000000000000f9ac4727a23fc5245be45d7bc34cb0dd C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{EE0F1650-117B-4075-A78C-EA86C85710B3} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{EE0F1650-117B-4075-A78C-EA86C85710B3}\AppName = "dopus.exe" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{EE0F1650-117B-4075-A78C-EA86C85710B3}\AppPath = "C:\\Program Files\\GPSoftware\\Directory Opus" C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{EE0F1650-117B-4075-A78C-EA86C85710B3}\Policy = "3" C:\Windows\system32\regsvr32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\dopushlp.DOpusFileOperation\CLSID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OpusButtonFile\shell C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE761688-C137-4b04-8FAB-3C9CDF0886F0}\ = "Directory Opus Shell Execute Hook" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\dopushlp.DOpusCopyFileExCallback.1\ = "DOpusCopyFileExCallback Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OpusListerTheme\shellex\IconHandler\ = "{BBD5F00E-26A6-4fb2-BAE1-31543C0BEA47}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OpusFilterFile\shellex\IconHandler\ = "{BBD5F00E-26A6-4fb2-BAE1-31543C0BEA47}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{8931DE95-19CA-41EE-BC6E-F556DB152A4D} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Folder\shell\openindopus\command\ = "\"C:\\Program Files\\GPSoftware\\Directory Opus\\dopusrt.exe\" /nodde /idlist,%I,%L" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Directory\shellex\DragDropHandlers C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F73F1A9D-C599-465B-A679-287A604077C8}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\dopushlp.DOpusFileOperation\CLSID\ = "{75C235EA-9D69-430B-92DD-C04B5BFA48A4}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{77530F60-6CBA-4C62-AA0C-4AD16F60C352}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DB654B0D-CB3A-4BFA-A8CC-812C5E48D5E0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.dlt\shellex\{00021500-0000-0000-C000-000000000046}\ = "{2DF394BA-1955-4a52-900E-303836135F67}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA} C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{897672BC-BC38-462B-A2C3-5AE6CC3DE77D}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{339FA1D5-707F-4CE4-8291-B2AF27C34A74}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DB654B0D-CB3A-4BFA-A8CC-812C5E48D5E0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9FE4040-3C93-11d4-8006-00201860E88A}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BBD5F00E-26A6-4fb2-BAE1-31543C0BEA47}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8931DE95-19CA-41EE-BC6E-F556DB152A4D}\InprocServer32\ThreadingModel = "apartment" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2}\InprocServer32\ThreadingModel = "apartment" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9822023-7745-4992-AD4F-A5792A725E44}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\OpusZip\shellex\DropHandler C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F73F1A9D-C599-465B-A679-287A604077C8}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{77530F60-6CBA-4C62-AA0C-4AD16F60C352}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.dcf\ = "OpusCommandFile" C:\Windows\system32\regsvr32.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514}\InprocServer32\Data = fd746102e09ad94c9f3b4c148aeb851446575c315e253f444a56352345455c445f394f204e404c1a0000000000000000e2ce83ff0000000000000000000000009061e7daf21e86ac8a8d76f5d5c09f82 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3A297740-2C30-4A50-88B8-6F10EF07C4AC}\DllSurrogate C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{59CA7BDD-15EA-4B41-8ABC-F1967657B7BC}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\dopushlp.DOpusZip.1 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A99A29D-5574-4936-9209-08A60DA2DFB9}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF9A2E82-D19E-4932-BC5E-4523B6C273DD} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DB654B0D-CB3A-4BFA-A8CC-812C5E48D5E0}\ProxyStubClsid32\ = "{DB654B0D-CB3A-4BFA-A8CC-812C5E48D5E0}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\OpusFilterFile C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\opushelp\ = "URL:OpusHelp Protocol Handler" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\ftp\shell\dopus_openinexplorer\OnlyInBrowserWindow C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\coll\DefaultIcon\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopus.exe,-187" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A99A29D-5574-4936-9209-08A60DA2DFB9}\ProxyStubClsid32\ = "{DB654B0D-CB3A-4BFA-A8CC-812C5E48D5E0}" C:\Windows\system32\regsvr32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\OL8MFtyPmMuKke\HxX6hZiguKlq7L/x0W0GsA = 1f15fa8598a0b8a96aecbff1d16d06b015dc0b4e46dfdcc7a74e5409654280c71cacabc577c65b28bb7f8d73eb4397fd2c300fdae7e1193c6d5549c719030487c91cc221d458de965af781bc9c73a05e C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Folder\shell\dopus_openinexplorer\OnlyInBrowserWindow C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OpusZip\shell C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F73F1A9D-C599-465B-A679-287A604077C8}\VersionIndependentProgID\ = "dopushlp.DOpusZip" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E0B504A2-E75C-4E8E-9644-36DC46FC6728}\ = "IDOpusCopyFileExCallback" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE761688-C137-4b04-8FAB-3C9CDF0886F0}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\OL8MFtyPmMuKke\bGeIF0By46dYuRJ+8tkSWA = 6c6788174072e3a758b9127ef2d912584f8d4b0f77fae281f5146e2a3e64a3824495e88a319a0932bb7f8d73eb4397fddf7b67c6999cc33d95c660dd05030887ee1e91c686ddac4b7b43a28a426d916a C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\ftp\shell\dopus_openinexplorer\MultiSelectModel = "Document" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{75C235EA-9D69-430B-92DD-C04B5BFA48A4}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27FC34F-A633-42C1-B77A-3D85ECF6BDB6}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\ftp\shell C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\dopushlp.DOpusFileHandle\CLSID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\dopushlp.DOpusZip\ = "DOpusZip Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2DF394BA-1955-4a52-900E-303836135F67}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7EAF5F8B-6851-4281-8039-6F0802F46833}\InprocServer32\ = "C:\\Program Files\\GPSoftware\\Directory Opus\\dopuslib.dll" C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OpusZip C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{2DF394BA-1955-4a52-900E-303836135F67} C:\Windows\system32\regsvr32.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2}\InprocServer32\Data = aebd2dc0ba941f478bb57cccd9477bf240534b53562558424d445f2341485b265f39522e414b581a0000000000000000936d6f290000000000000000000000000ff6afd500b18d201b6ada2d685c5705 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\OL8MFtyPmMuKke\+P5VXvBDraxl69LPB+Cp9A = f8fe555ef043adac65ebd2cf07e0a9f401de0c3b26dfb9bdb44829097d36e0c815acb9a961c34328bb7f8d73eb4397fd3cd2e15be7e1193c6d5549c7190304874eef30b3e6dbf642d1b011aeca004aa9 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514}\InprocServer32 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3595AEA4-FA1C-498A-8EEA-5F2366D16705}\VersionIndependentProgID\ = "dopushlp.DOpusFileHandle" C:\Windows\system32\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Program Files\GPSoftware\Directory Opus:stockcert12 C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\SetAppUserModelId-x64.exe N/A
File created C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File created C:\ProgramData\sdpsenv.dat:naughtypirates C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
File opened for modification C:\ProgramData\sdpsenv.dat:naughtypirates C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3268 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp
PID 3268 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp
PID 3268 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp
PID 4364 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\_isetup\_setup64.tmp
PID 4364 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\_isetup\_setup64.tmp
PID 4364 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Windows\system32\regsvr32.exe
PID 4364 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Windows\system32\regsvr32.exe
PID 4364 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Windows\system32\regsvr32.exe
PID 4364 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Windows\system32\regsvr32.exe
PID 4364 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 4364 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 4364 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 4364 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\SetAppUserModelId-x64.exe
PID 4364 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\SetAppUserModelId-x64.exe
PID 4364 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
PID 4364 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
PID 4364 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Program Files\GPSoftware\Directory Opus\dopus.exe
PID 4364 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp C:\Program Files\GPSoftware\Directory Opus\dopus.exe
PID 1520 wrote to memory of 3936 N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
PID 1520 wrote to memory of 3936 N/A C:\Program Files\GPSoftware\Directory Opus\dopus.exe C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe

"C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"

C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp

"C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp" /SL5="$6020C,39119681,803328,C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Setup\DOpusInstall.exe"

C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\_isetup\_setup64.tmp

helper 105 0x3B4

C:\Windows\system32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\GPSoftware\Directory Opus\dopushlp.dll"

C:\Windows\system32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll"

C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\SetAppUserModelId-x64.exe

"C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\SetAppUserModelId-x64.exe" /cert2:1245660:1377274 12400 "C:\Program Files\GPSoftware\Directory Opus"

C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe

"C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /fixappname

C:\Program Files\GPSoftware\Directory Opus\dopus.exe

"C:\Program Files\GPSoftware\Directory Opus\dopus.exe" /ignoresetup autolister=layout

C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe

"C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk

C:\Program Files\GPSoftware\Directory Opus\dopus.exe

"C:\Program Files\GPSoftware\Directory Opus\dopus.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 vfr0.gpsoft.com.au udp
US 8.8.8.8:53 vfr0.gpsoft.com.au udp
US 8.8.8.8:53 blog.dopus.com udp
US 8.8.8.8:53 www.gpsoft.com.au udp

Files

memory/3268-0-0x0000000000400000-0x00000000004D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-MTB0L.tmp\DOpusInstall.tmp

MD5 b589c1b34a069180a959b8e91b9c04d1
SHA1 8875ce4398d7517cd07a88acf52f694ab44952fa
SHA256 74b960394e32a1d52a3ba45111b0beb06395637e471832ef6e284736407376b3
SHA512 acd0da0ffd40d2f06fdc9c183d18e4c19a31197ec3fceb0fd5c1d1bfdd265b15cf2e35496911be8f548d80d801ce0dce39390d050fbab94cb8e9d776f513198c

memory/4364-5-0x0000000002710000-0x0000000002711000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\innohelp.dll

MD5 269e20c08a480cf20685a645b1ee9a09
SHA1 c8cb5d7fc506bd982bac244734e31e54d4adeb31
SHA256 80f8b49d1fbcc2db21dc5c1fc9a62c712de8f83691c245369280b32b6cf1f4d2
SHA512 b3e77a66960b1b86335d3a5a27657dcf998376336138a19ecc343b91d090c9cf52b3af07700fd4882d1ba64d766bd55b8b5f4fc1ecd7e17fddbeafe2db1bb3a3

memory/3268-11-0x0000000000400000-0x00000000004D2000-memory.dmp

memory/4364-12-0x0000000000400000-0x000000000068D000-memory.dmp

memory/4364-14-0x0000000000400000-0x000000000068D000-memory.dmp

memory/4364-15-0x0000000002710000-0x0000000002711000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\_isetup\_setup64.tmp

MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
SHA512 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

memory/4364-206-0x0000000000400000-0x000000000068D000-memory.dmp

C:\Program Files\GPSoftware\Directory Opus\dopushlp.dll

MD5 c67bb70e79fa8eaf74d69a5446be9c68
SHA1 86fa4fe42ee945c4d70c15c8d5ca2cb72ec21f8d
SHA256 e0e8ba480ccfd84b2ba050977a463fa29e73f83e0beb1b9a65798bb46a382f6a
SHA512 eb33c16035ef7d804180a4484f3ebbd5bbc17fecbd32af5b2e81ff7851e9c109fcd649fc26e370ec1fe428d9563b04512f7183a38d369a158d790a7f514f1e2d

C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll

MD5 bab136d128f22bd604d683f552c2cc6a
SHA1 c16caffa8b3ca19eca4f1a5406caa5fcee67ab5c
SHA256 13164dc59446bcffc01804ce236846918be8f00809d6c1c0ab12a8f675e70d13
SHA512 29e13f1015e44d77531f40d633e1e5c52de60c5b46c8c82b0e8d0859b4c245e5ef4f43886f5ffd0326bde06094ecc87b570c17cf826d1df1f464e4dae202bc56

\Program Files\GPSoftware\Directory Opus\dopuslib32.dll

MD5 a461abde6b7cf87b4f8f016faedb30f3
SHA1 b9f7209aa8b40a0f21fa12006fdd7aaff0b0b533
SHA256 c67c810c3cdb4c22156ca58c01f50ed0dbeb6ab19ce7e05bc69ec21b6f961c26
SHA512 e98cf5ffc74829b8920c16dc7a09fab618c14b4da0e99b436aa87ef99a756e41beacf059dd0dae41a7c0155df31d092750dfb238ad2f87eb04f8e433902c9683

C:\Users\Admin\AppData\Local\Temp\is-D8GVO.tmp\SetAppUserModelId-x64.exe

MD5 1f193f1b45fbb3dfe5159baf37e5c42f
SHA1 fa86bf28f29c18701f136710cb4b92865dcf281b
SHA256 d0090ce09daddf3848d35ad0c5e1e11344ddfe35d8c7daa78d31b07967d7adc6
SHA512 1dd3329af6faf055e958242860f63942938c38b19509be5e32ddf7a60f8b42328d2a577ec3e4e76397f3714d2712ce83e5a1e3b280e5cd14c534449c2f7143d5

C:\Program Files\GPSoftware\Directory Opus\stockcert.txt

MD5 ba6ae2623c9f437dfffd4a0c8385b085
SHA1 70ec32695a49e78ba2e4940582ceccd5ab0bf949
SHA256 9d8a262fca2c58135b6be75378d3e4848ee9ad5d1b23381a826715067b661cc4
SHA512 89515c5bd90b1792c504b85112a08ff2b65d8f35ab40b482f7d6721ddbb520689d20ed00e570de9e32ff899abddb3e4ba5de5d943901971c1374506130b26f6b

C:\Program Files\GPSoftware\Directory Opus

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe

MD5 4eb15737020dc0400a996ed7bb3a6cd9
SHA1 199aeb94d696f0fb41bd761a454ee3fc167b3c51
SHA256 33e86b2febaa8022e0de897f889b178c0b3bcd3b4987c8e292274e33f6a4861e
SHA512 ec401a6ec80490fbffae11fff2ab6cb73349053fb5198cbfff02aa2202105737ab4712e9981e32ecd7a1a1349937ba02950371a4db1a9dc504f89a366b4a8e1b

memory/4364-263-0x0000000000400000-0x000000000068D000-memory.dmp

C:\Program Files\GPSoftware\Directory Opus\dopus.exe

MD5 ed344b2dac5ac02344a84db13e0dea01
SHA1 54404af6553e6117b6f7c9fcdf22557d798d6631
SHA256 0a93ff74e3462384eec02a71664bbf2a7ebcfba6711115fc6e3dd23137f66ad6
SHA512 564d1c5625c8de0ce1716513423ed055501786d651772c5ff95248d0c6b13daa17c57828cb8aaca8fcb758a0a229c4a37053f56bd85e67756b2a5e67a242e984

C:\Program Files\GPSoftware\Directory Opus\dopus.exe

MD5 ed58a56592eaf36c20d78e23423d427a
SHA1 d3ef486b9820feb8bc5a57f92d21cb326190cff6
SHA256 f3e055f4693a8b3bf732499c210423233db6aacb5429f3adcf2486d71fc61c70
SHA512 76fca5f56a30e56524827e4125d26b95dc201b6645a826e350d52d3afcf4a61dba8a11608e65e1dc3f807dfe60afb4bf68e92a97dc70237ab7727731289ffb98

memory/1520-267-0x00007FFB377E0000-0x00007FFB377E1000-memory.dmp

memory/1520-268-0x00007FFB377F0000-0x00007FFB377F1000-memory.dmp

C:\Program Files\GPSoftware\Directory Opus\Language\english.dll

MD5 b13cf787b095794876c7d03206fdcb7b
SHA1 a56668453ebd9de9fa526d0dc2fa83f79f9332e6
SHA256 a1897834f50d556c6d394736c3a6aaab50aff45ce1fdc59aec63eb53c22ab538
SHA512 f9b17ddb4e0302afe7f544909a11528ffb7255be4eaf373fd9b9588dbfa7a74add584505b668e10f4b9234650039fd2d6b221fd52cb868c7654b4284286c1299

C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\dopus.dat

MD5 4157c90c53f6330c2720843c78dafb78
SHA1 cb3a0bb71ad67b32a1c5ceacf57516ab637d8ffb
SHA256 22bb631237d88a6bb421c3c24bec6f37d36cad7984aa80306375c888e47cee37
SHA512 dcc933ca8ebe3e8531dc98d9c6a4da3bb0e4d24eb14250afd936d47f1302aeff423664ab54cc9f111e972b5a6e2fac2572221eaa53a808f10a9c53bacf2a85df

C:\Users\Admin\AppData\Local\Temp\dop202402231325330884.tmp

MD5 6f1e79ec9296d3b4704cd41a1a7d5bd9
SHA1 303554a590d51a28a8a081d23758491d78675dcd
SHA256 a868acbc17263ab09cdbe6d290a9e790cc90e98b73f2227e64121eee3a45f989
SHA512 d65cd90dbcdad9eac5f752597d9f397106106fb14f2464eb80c2d0230a42cc02e9ff9c54644031ca124a269ab612f761216339cfc48b567b6d5db23d5052180b

C:\Windows\System32\inf32\{C02DBDAE-94BA-471F-8BB5-7CCCD9477BF2}

MD5 2ea29a8ba61af10e8e082810bc221b62
SHA1 1fccecead69049a5efb84133832a42412e2726f9
SHA256 ae74e9a9cb22e38864bfd64ed68b31362f9dcfd8a61e7b718dc77acee2c99d39
SHA512 c75c7a34edbc443bf1f3a0881801c4bf4757509d752b47bf0873f95def69f94f67d18e9b1a04528a9483aeef21114896648f4625bd81524c883e8855870aea0e

C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates

MD5 ebe2a7fee3d60c9c54620db4ba16fbd7
SHA1 22d11a1836171ec767951a7b6d132282c33d4957
SHA256 f7264d19e65846a4ab34a4c1854c711210edc41d26b67c2cea3cd558fb6d242a
SHA512 a9483a20b917c1dc16b8da6968c4c022c65fb63bb9ad195f064161d360b117d5c6936e601e0d73845d71c8077fb5baaf1a1c2792f231356ac362e9a8e49b6c39

C:\Windows\System32\inf32\{855AF0F1-EE09-4E02-87C9-A2A95A966F37}

MD5 9cd09ef26730d05f46b61a2daf358315
SHA1 e40bebe095153d58d9caf1b56411b9654c5a1e24
SHA256 e5cfa275d0d0ab4bc37cbe1a3b8e79c5bf4a2aeaa5a590b46e45eca4b72daac4
SHA512 c63687cbe5f597301c8dfb679ec5bbc99395ebb327e17496f5c43411e3f0cc4782c33e1b5d04d1f4e5aa2a5f22ebc0af443907ccc40a30439bcc8e1cae12b6e8

C:\Windows\System32\inf32\{A1EDD3A6-A2A7-42BF-B0C4-1F2004775E9C}

MD5 093f106be68b9c41576f850869811896
SHA1 3235e1533cc9f2ee785f60daeffdb73863ec9cc4
SHA256 1728407d07eb01725316fbb8049b0e1023487da0bdc7cbb38534fc8d34dd94ea
SHA512 a9d8c58fda0a231e7962081e1a469253e5844a72d0bedd23066cdf6e71186a97e4fa62ad092793b5470372cfad02eb776f948dee7321cea018d96da3ac63d9d9

C:\Windows\System32\inf32\{008A6EAE-0C74-4159-9339-4DF98B4DCCCD}

MD5 9d2c33fbf55114c9ea40cb1eea7e1e41
SHA1 071ae7fa0a3b381c8965abb29c2ef36ff7e2ccdc
SHA256 bda43b67a80c62d6ce6a79ce01bd0d6b02f9082a0ef336dbfa40173c202d05d5
SHA512 a13f3b5c72c1be98cc1d214f137be13491d2dfbe07bcda1f8684e4200c702f1dd02b9eb7e01357f8433b840076ab9e0cedd1bb09491edf81420b587520658764

C:\Users\Admin\AppData\Local\Temp\dop202402231325340037.tmp

MD5 3734c8632efd2a13b0ee678ff537d13d
SHA1 7d8f2c53acede2caeaddf335b6347a4eba302af4
SHA256 6dd4c72247977df57c51f70c2f396114af4be90f190475711a7b12c00be568d1
SHA512 3988a2d9cde034fe957b52bea61d9438cb4c2983738417f571766f5692d4365bd79bd65c3303017e0b303de1091c5f49466e6af4c9be3ce19e9c655e711e1a5f

C:\Windows\System32\inf32\{081E9FE7-E73C-4F78-948B-8771276A29A2}

MD5 b940d45853e39d6be840117e5482dfca
SHA1 c34b7db99419ec73eee7abf3c8522eceb58d8cc9
SHA256 e28d9daf1c52cac10543af43e1a492d52b3c419bbbac4035e45c1c92f1bb2928
SHA512 e6c8fbb4750dd9d5edf2c899f47ea6ae9dbeeea1ced7fcd3438dad574ec8b602d6b3394b9a1ba7986998e45c7c8906afa2ce35fbcd325481343734892507e4ea

C:\Users\Admin\AppData\Local\Temp\dop202402231325330990.tmp

MD5 118f8a78e6f5ca7705feca7632587e07
SHA1 cb79ce7810ba64c32ffdd7d2a25d777d3601439b
SHA256 5fc16bb7396c039bec3fb2ea4114ba14df7b6fb88e744eec1e42b2dbfe3ccaf2
SHA512 8a3781fa48c0efe1d2be9c537947aa9ce32144821cdbf47778a99b45d9013573486f3a390131701764cf06fa53a74568191d85501bd79e1c7630997d3460222f

C:\Windows\System32\inf32\{F2E2B721-742C-4923-A8C3-98A7CB752D57}

MD5 890882257faf798fae65a799f68f68c8
SHA1 86c0972b926bbff472a1d9a0eee75b386ea8c07e
SHA256 333a5052ad5eef37cc1b3bf2478ea24642693801a82d6fc605a317cd76d6d632
SHA512 8d902970ec9ef3b9101219e8727c8c9180c2a3f08d2062ede71b29737c0f8ee58b8609bc2a0fd0f57c8d0ed1a5701d1367cd8a337db2c4feff0b93dc04b6740b

C:\Users\Admin\AppData\Local\Temp\dop202402231325330978.tmp

MD5 bd7ccd21114324822706dbd6ca5f4563
SHA1 30f1314388b913576b95cedb7cb8b0d6bedd1092
SHA256 2fcd1b8959f03bd0d4dd542fee140431fa442c77b3255f9ac752f4c77cdbede0
SHA512 12af76ac2bed51d11c93e92c319151f25be5b31b2e4d30bc93ff9055cd7d9dc151d86b5fca8af66087abdae671bdbe55b1e58e1ac06d76b3d499f1c23e1b1d74

C:\Windows\System32\inf32\{ECC4FD39-C1CD-4140-85FF-8BF670D8177E}

MD5 1d7bc9336571ff380ee9940f0cdc44fd
SHA1 81b7bbc2629053c59928ff2bcabea3ef396daf6d
SHA256 9b17d2fd9a3fd6f5d9588e729aceee93ab46601ede0ca2b2d9fc35ec8eb8d968
SHA512 61893470cc7784f9b7384415d82377139f2b11262291116ee4bde64d80c6a47b5d1d65ddf802e5eed28febad82ff68a247bdad8a3110d799e34d52abcd209ff7

memory/4364-388-0x0000000000400000-0x000000000068D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\dop202402231325330959.tmp

MD5 69929977df32a2e218167e2cc6f3d5cf
SHA1 99b1c5cf8d6e21c23639940c6d8fe7a376a4e33c
SHA256 b67228d62cf209c5593f5cb633c9444739617eb04d9c53c4df11b1ca92176357
SHA512 efe041acd8168c5f309e8094ad3f4760deb46173b2175bb300383cddbdedf037e2e74b175bb6285e1fc444752ccc9c545d22208097b20159b6ef4cccd6e761de

C:\Users\Admin\AppData\Local\Temp\dop202402231325330897.tmp

MD5 6bbc51e2a4737ac912b29836ce436c28
SHA1 f5595ebaea75bdf9b47f6dd3c099debec5919e62
SHA256 bd32712ab10eca6d989eab78b645ec4618f553749f809fc8762250cd3e3255e2
SHA512 b103498bc5592bc0c4182a33ee10f96de4a505c8448fbe67383238dfcc187f847476995ce343987059ce9bc0329a0dce2fe7ad6191761cc03a64012d5aacd2c5

C:\Users\Admin\AppData\Local\Temp\dop202402231325340444.tmp

MD5 7a9370fa52fd2fe46b3940faac784d90
SHA1 0c705473c3fbf619f35fdda7afb97b7fd8c24057
SHA256 f58f7fa70dceb475c4eba105d738b65084febf3eaf55c132a2eadc03921236cf
SHA512 7e6fa0352917139c73ea3ba6ec8f738caa2f3627c0db34c9514daf02cd16fdd4c3f504dec069ddc3ad3da777a68dacdb810eab3fee36cbc69cbb2068cf45216d

C:\Users\Admin\AppData\Local\Temp\dop202402231325340475.tmp

MD5 f10da6890fb8b95e8efc09e46829a53f
SHA1 abdb4fda12b70762ee5ef71d6ade959023ff8425
SHA256 55a93e7e315959da9dae7a2fe3eb8784083d0295e7bf8f4838242c43eaa98bb5
SHA512 6e69c40217a3e3df52f2f9afcd9d2646467237a26ff437a88a3e34c0639adb17658fc2609b2e13f3a5f955cdeba05de574d8c493a55a7a118069f4947cca2b0f

C:\Windows\System32\inf32\{37AADEB9-CCA0-4003-AE68-17CC5C3181CE}

MD5 de4dea3d54084c6911aa8dfcf38cc661
SHA1 ffb86ec1932baa5765f230f6a3c1eb146535a8c6
SHA256 9267b7ae7ac29ddf0b4569d7c8134521ab4553e9aa6e0542626297e7dfb39a61
SHA512 fdbc3945cab08cd8acffc7aaaa2bf407f08c148fe27668277158b9317c185ad1566b8f7a9a481c5ea135b8ed2060cb6fb574f082c0432b5b2ad721eb96739c30

C:\Windows\System32\inf32\{F850F077-19E6-41B8-A944-927633A79E15}

MD5 4458a340eb65a568add646d4bc9fa053
SHA1 68825a4831745571bfc83f6358132f1f2e9b3731
SHA256 b8038fbe3577fd871145387cabea24db8b0d4f2e0cea651572ace58b974bfb53
SHA512 dc37ef8b84979e25969646ee4237e5d29923d327174db4e8bf9eed6233a7e4d0d9c9bc2d37df448d85eb415aaba232b7111976141313262eb634e95a89e105a1

memory/3268-775-0x0000000000400000-0x00000000004D2000-memory.dmp

C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates

MD5 20182ce31f231cb46c99c92a27d5fd9d
SHA1 1e29be257a01913d5404ed909d7308f91fdc4aaa
SHA256 240c58f49cc293fbe0b49cd93b174b60cee766d7488400007f091a468ba90d3b
SHA512 37bbfb70233fa9c9d1a0693cefd98854fe97681b133a1aa5729a921f6b347672e70d4267fd446a29f2a700f55f851c80894da1c416dda8f069b37b35a0c38077

C:\Windows\System32\inf32\{7A423841-41CF-47AA-BFC3-721ED2FAF1D8}

MD5 6b06e3b476fff74160a23e9caacfa71b
SHA1 de031bc617b3a3d4eeabc0cf5792089a83bfaeb9
SHA256 d6822449c6d4fc1c1744f8d7eaa35d0ac1e7a0cb70c378f1c072265932909922
SHA512 7411fd61a283c147fe7a51eea6b3c5030374fe182d249a8e77be1fdcb88cff309f1ae1b8dc0796a65a63fe831556dfe9e1313a15a078ea613ece12c12b83d45b

C:\Windows\System32\inf32\{7F90E538-84CF-4475-8B74-2435A52B14D7}

MD5 29f0275a6a92092dc8a52ecc84dad20d
SHA1 a52dc9f4d5248e854216b0fa66b1fbc6f4d7c538
SHA256 62a88647f79514cf59ec41b53b4734205d70f76407ef67395ed51e94009540b9
SHA512 7e5cf63714fca06432af722c6ba3406a05e5caf02d15e65f99d2e53fb65f130616019a8f1c4ae0cb8a97f49a6027493ae6c4b517cf3dce75f2bb5e0aea5f3d95

C:\Windows\System32\inf32\{7F8E381F-0B2A-420D-A69C-F85A14323BAC}

MD5 9ff94deac8d312f1304da3b3a7a0b59b
SHA1 cc4ff9373bf8d7abe564f2d291df67892c118147
SHA256 1730d3646f2ec08af69f845391028861da06e102008760c6567471564bbb8d0b
SHA512 6a6ff24df6cfcfd8f6c91db927cf1f5505714489d2a8ed36bbad131c7d573bd5879b20e68487b9af599fa8532dc516ed19e9fda829adb0ce5307bb28ded6575f

C:\Users\Admin\AppData\Local\Temp\dop202402231325340756.tmp

MD5 5ff08620fb8ac87f4e15998456455b20
SHA1 c054ee9480c5b41c1372e319e66bcf2079d7c0b1
SHA256 b460613eecd76361e211b76273db0ed0f205312c45a9bb771f7f58ec2ca55c42
SHA512 5ea5def2d0ec174882027b6813fec8fcce5d58a6fa49f6d439188d8489cd4e73de4ddd7bb22d27831e83bd2abb99875e17acde1f384d52218f2258b5a120eb88

C:\Windows\System32\inf32\{DEDAB166-2DC4-47BC-95C9-B0A092FCCD15}

MD5 a1f3bd1fbad0fe1b488cfc10188edd92
SHA1 6c5a5274c18a8afc66e70491f4ddf8645bb8511a
SHA256 cead9baf28974c7cf26b5933d47180631db0ca4713bec96b0f9dc3ce4848734b
SHA512 165f56cc6a14beeb6d931277beb7770e6d92ec2545fdc743da6bc99be678840d21e966c059d9ddf2b8c42df24e2db948b07bc453587a67f9386e43ba4eae356e

C:\Users\Admin\AppData\Local\Temp\dop202402231325340647.tmp

MD5 f80f993b2557f4bab79c7dcbfc2cbb38
SHA1 1d05aebd9fda0facb92aa5016da75a77a70763dd
SHA256 464ccc2e869276189f524ad4fc1bb4e7f7cdb7e181189c077e0b4a24a2ad4a34
SHA512 7ad20706b48e33b577257ec85134d7baaa0e3ea8cda900c1ebd74f9f20ae3afd2c67b55d64364f2bff69dc87aa5d2bd6e08195efb60e8d1d340965425e8a65e7

C:\Windows\System32\inf32\{34C53E7F-3CE8-4353-BFC2-C2F27254FC82}

MD5 d5f9ec1d04273f38325fb8ba456cc8a1
SHA1 7a3d6d883572d4f50f2739f99a45a8144dbd2dd0
SHA256 b61d14bc9151c13d9c5ca787a2e1dc4fd06f0405cbef978c46bc1d965f88e284
SHA512 283233a6440bae38baed96c86603ef2ee08b20cf4476dfe067556de8a6a4e144829818d9b85dfeba91d8e0438234bd59e9057b65a08f5e21ed040b2921b99818

C:\Users\Admin\AppData\Local\Temp\dop202402231325340615.tmp

MD5 3ddf8edf2bbdffddcff63fb8b99abcb4
SHA1 ef68bf81ba6fdc1b40d30dbec473e50a23c373f0
SHA256 7fc22594b1de4e387311b14a74f2833923d0d910c18d93b0da4419957cc7c698
SHA512 2ce9d45f916a8300b7b6cb61c4d790f4f2fc87f7f2d4fa660aacf314935b90e56f1d021aefd53237e38d44b271f9b83d3d32049ae7dddb5d18d5a721986ceb3c

C:\Windows\System32\inf32\{7EAF5F8B-6851-4281-8039-6F0802F46833}

MD5 adc159757619ceb53cd569a7732e95cc
SHA1 f09e68794451341898ba5d297ec63851c2f25f6e
SHA256 aa343264bc9201f2d43640005660fc58b811a3453daa04438470c923e234089c
SHA512 45286bc0515361e0f687f3038942fee8e29b4e517f026b4b129bcc19fda33159ad7d11a5713c30d6949804b933886232f9f13f062580a45c542479817918771c

C:\Users\Admin\AppData\Local\Temp\dop202402231325340600.tmp

MD5 1c93f2021fba9bbcd902b4952413c279
SHA1 cf224d3023bbebdc41c11a8bbf6289880d4692ec
SHA256 a1d93f941790270f222995bf2afc1e11382163046f63c5f2c3907fbffb33e9d8
SHA512 921d75990a0e35d989255cf9256d19afc4e3524264ff8857587b7e55c197fb2784fd2f64e061e8b65daa186b58a085fe5f163d8e81978ffd30fdd25577041546

C:\Windows\System32\inf32\{E9822023-7745-4992-AD4F-A5792A725E44}

MD5 7a00c5eff8175b9460a502fcf2532b01
SHA1 ba35d2e622cde3e45f8a6cf5c0d3969dac732b8d
SHA256 ab2d0367ec9dadc3533f5df9eff8ac4c288c0dd6ce53ac0b256de229f605d7ee
SHA512 f59d96e3b1ae0ba11896106e703fc7d3ee769831573ea34d729581513252918696035db0b9485e5d82c63d50b39c041c9fe7663a968c50f435dcbae92cc92e4e

C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates

MD5 568af8c061963e990b589d903af5a7b8
SHA1 c9f86503b6527c247ee486bef5d8afdfd49d0d0c
SHA256 99afe8187efecbc18a8a0a0d578c1d2fc3f151dcd80550a272ec5778af71d6ce
SHA512 843ffc999ce9c976f2ce98a3a1f105afe49154d225f50b5fd79693f83b540941296f9256fa002eb0bbb03604430e65bf337d8b5756efc60adaa85ce9c60d4454

C:\Windows\System32\inf32\{E8804616-84DB-4715-9D45-939A4EFB3F8F}

MD5 e0a38c6370b329fedd40393f90896562
SHA1 32501a453c9c8aecb1a00aa5a14356b80b5b1e06
SHA256 e7b9c8aef589ad3829137aae277587bbc1feac0fa0850b71917bd74f56b59d5f
SHA512 06102f870cfe5da648acb59610e922330d7634e450f108507c714725adf2d013f33052e8c86a7a30027ebdc3dc6057f69f35752ea4a06223bee2b8161ef4956b

C:\Users\Admin\AppData\Local\Temp\dop202402231325350225.tmp

MD5 b8e971ce6cffccfcdef5cf9f3a86699c
SHA1 0008a7422976b49bd070ad9d3743489961e70546
SHA256 e25b7d75683526b2905c723839f9add49bfb43f374ffaa8bd6881001012dc3f9
SHA512 e8e1897ca85f12e3bf108a90f95772ed80690f29667db03aa60c557152a509a9f4285a1f6ac2db75f8d021f3027899f7ec8dc57df4ba3be76521f7c520c1b9ed

C:\Windows\System32\inf32\{53D84A7F-66BA-4801-9DB0-4BD8E85830BD}

MD5 07884b0793697314bf84137dc80abf5e
SHA1 b06d9ae9683a81e3f25ae06ce29513a24d8913f3
SHA256 15f277a353631f019dfb95989a184d4a8faff130c55c48c14a55687731c317e7
SHA512 3d7e2854d310aa1757dfc5584503757b288e7228f61a464a874235291ca80b2a41fea8657718c1f3af172de19c4b4715959cd0a8ecbf76e4e278ab1f0e98fb48

C:\Users\Admin\AppData\Local\Temp\dop202402231325350178.tmp

MD5 fa02ce049d5170a52d2bee08ab99cabf
SHA1 0d609669c71ca25c11ce54f465439a479e2c3ca2
SHA256 45fd077062229395170d622e025d4ddef691bf69b4b2c1fcedc42e2395c82f55
SHA512 3f0a5bb9f155740387347cfe97f57ccaff6c542f97c126d23b0812517dad0588591a5f5dcd9113e4e1d66d288b513c7db23024c775aa653931fcc995ad2e0b29

C:\Windows\System32\inf32\{E8E1CA93-A9BF-477E-B8E2-820723C39AC0}

MD5 8b38e8521d8decd83d4ee07d869dc19d
SHA1 4eea63bd1918fe5fe7134afe293e48b887a0b993
SHA256 57626233062d14e7deaee5dce0be76e0814b3608adb0dc4d91cabf36994a9bea
SHA512 5b64f6c60d7fb32b5576a63c37d608c149ed5eb62a97e7fa03c997ec6ac5c1cf71a8897feb7f03a0cc112692f8138eb87a0524eb2fc177a41cdbdb835e980d77

C:\Users\Admin\AppData\Local\Temp\dop202402231325350584.tmp

MD5 835e641e0160dcd73285aba2dde085bf
SHA1 e024fe5956e870b002eccd6f7c6b85e3382a79c3
SHA256 3537026eaf6444a4a1028d527a9ddb23329df8a248f21496bf957c696e00e186
SHA512 27c6022190bb2df2a2559be6781e97c8126dab698a057252cbaacfd8ed864381515753d108abb30856ee1a2a747aa9d5be6cbedd9bff926927c95590837fcc61

C:\Windows\System32\inf32\{0387E7CC-1CB5-4C91-8ED6-49B5F6372B8A}

MD5 51d2da58720b12160f56b4cac4d1b9d2
SHA1 8e021557c976c0ce2c2a41fa0813909f1e92ac56
SHA256 f7054923cfb7e299bfc94259257fd1fff7d1c3c3012f9432969ef9f25a1f618a
SHA512 391057c1f65ef8330a4f0626d614a417914545830cadcc0c6b020e0ed915cd66b0e78d5788798dee92c62546dc16de7b988fd39552d9004b5016c683e5c9b918

C:\Users\Admin\AppData\Local\Temp\dop202402231325350490.tmp

MD5 15a5bd1675fd2d07e096ea3bd7e5312c
SHA1 b9f396cfad32de0edcaddb037694e6b9b2cd1e22
SHA256 41a7b8ac585f04686677c5e19160d36dab882e41ffaf8a26c1f3bb31c17e6532
SHA512 685f2b8b2cff9a62fb9fcf1ab201229c428e4e55d2c3097446e80758d04bb8ffccd27a8d3eeb2ad35ebef9e9d1f8f6aca14397261b3fb910e35e7916fb6f4880

C:\Windows\System32\inf32\{D276CADD-4105-41BD-8128-DB2D995809E6}

MD5 b5cc87795ffcd599548fe78c4a4d8486
SHA1 5e916780cd14890b5d3a1b82f569b3c8422c51c0
SHA256 1331840af75723855d4285f68b683e3c078ef09f04624cb3731b3d5003d53fca
SHA512 f90ec05baf031e3ceaa00c3d4850f2a7be2cc52da9e18823606e3984920d9f00152624c1a388cca2d20b78a6972b6903c8060edec3b377cf2d6829c97e749721

C:\Windows\System32\inf32\{897672BC-BC38-462B-A2C3-5AE6CC3DE77D}

MD5 b9ba6cb5649e5509d9b5af8dfa885291
SHA1 6ea3cb00e599e527d597388817a9acd0733b4ed0
SHA256 938c83b60485efdaaedc863c97b5347c923bca42bc5814ef2aaf4af4f590c8e5
SHA512 e93a6823d1fbaf6ac0052979003b873fea7f9c720fee784a868eb7931e0fde1bce8ec30b3521c827965d435377923a887afc5dea5129ab2309c4cf43434542d0

C:\Users\Admin\AppData\Local\Temp\dop202402231325360209.tmp

MD5 da064c78707077ab37c24d7fef025850
SHA1 5287ce0eabb103c21d10c6bd94925b3f18cc0b1f
SHA256 11e2d4e0a877782cffc4f3debf3b1cc8930adc31bc2cdc88489e68a2e41ef157
SHA512 ccf32a7481f8f40305ad3cec81adfdeb31ffc50f707a3cadfe0a8886540537fa0e1ca1756a17d9a2d3e07549644b193ed18aca2580b76a99ab3c8204a87c6dbd

C:\Windows\System32\inf32\{C27FC34F-A633-42C1-B77A-3D85ECF6BDB6}

MD5 b4a9f2b936d04baa4d3d2b6f6d92693b
SHA1 5fe649df5bedb0b0cec56ea9da8cc7d24d848d70
SHA256 5be6350a051bdc014629ccf69c954e3efc0d694bb06a7e9c2fb3b59d85ec886f
SHA512 6cb66d82f80e22485d2d6c684e2419b17b9410657eef7529517fe9be2fdf1bc16b14f06aa8c1fb89aae9d15c484c391fbdbd5fe5ed063386cd81d5daf0d88a20

C:\Windows\System32\inf32\{4FC73CDC-2181-4B0E-B00B-C0834AF769C4}

MD5 ed10b7ec7de38aed7d492af7d5385b23
SHA1 cffd7bc3894e3b37f52df8a56b5f0fc7d81fae58
SHA256 7058f6fc0ff61e66b5f237adbba5b3a31a838ad2eefe810cc9bcf8c929a4bb36
SHA512 720799673d9cfd8ad063b5ef190c9edd95fb53434699d738d8d0415ba87d4e9eefcd00dd39b04421b438424f720426739ab0a62b4190bac2d6ca915527997236

C:\Users\Admin\AppData\Local\Temp\dop202402231325360178.tmp

MD5 de118d394641533fed28a5f6830a794e
SHA1 aed269616b6d9aa81605ebd5e0292db33fcb9a34
SHA256 e8ab27aae1b9838150d7b2e4fe711f876d86f626b777f06f95ab625b3db57828
SHA512 960a0460cc1d9cf5352b4fb498595f2664e60b2bb9603519e116da3344d895baba023cf2e93f82ba7f758b272e8595a69705d0571b8a93ae4092acbd2b48533a

C:\Windows\System32\inf32\{026174FD-9AE0-4CD9-9F3B-4C148AEB8514}

MD5 a2a90f8b523f02cb0c3482ea0feb3eab
SHA1 c4103dcccdddee5dc39467211dca28c96a6a47a7
SHA256 00e78aa7399bdb653e233de09be96d00c523a70ef070e4c57880a261fde13adf
SHA512 05f1f5b3df3a182da172b7cbb6602bbaaff5722e1f8d7d9a763efec2253d8c549435e4a1c63a3e71cc35299b59afd22ab7f62866cd0bd0b29241471285f2606f

C:\Users\Admin\AppData\Local\Temp\dop202402231325360334.tmp

MD5 d4f38277f1cc6151afbedc8a72fd9318
SHA1 b22a11510affc19bcf7326275b63e67179e94c0d
SHA256 4b6abcbd087cf38ad188561a51f6c32053b596ab27bbd5beb7e65be33b153cab
SHA512 7d4bec33cd2004a63b2b76549d5127fd407713be23ff0c9e7adf31888fcfdaaf723ab7e27bac3d3f14e44002548ba59d0fe3a279e3a4a972a426bd69f22c430c

C:\Windows\System32\inf32\{0B499001-F225-4C61-9664-11CE528CD7E1}

MD5 0ff3909f7b8b757bbbf075ad75cf3a98
SHA1 a20b46581432abe950921d015f8e94018336a934
SHA256 34abca0f41857ef292d69b7a3317a066f9a3bb60220359541351026cfea918dc
SHA512 a0c1fd6122c5a971177f5499bf4c147fb482ffa2ff8f90088cd92bb5ed9aa26a66dab2f9e19b01618ddf7e1a0f8b61dee78cbe1f1d332eaec5bcb82780ddf8e0

C:\Users\Admin\AppData\Local\Temp\dop202402231325360444.tmp

MD5 5189d4fbaf54d78b49bdbe446ece1f5a
SHA1 e3dd0399c2352a6691744a26c6104afd6b3aadfd
SHA256 38c6a62abee164a485b1c372de800e1b73cbcc1db32331274a9a7524076ded0d
SHA512 8f795faa28b22329e92c2d958e7f455fea5db7494155cfb071d8b8669ce7c47ba2ecd615b210bf295686ffc550335e0626f814260e9b303cfc8691481d943bc1

C:\Users\Admin\AppData\Local\Temp\dop202402231325360397.tmp

MD5 a048ce87309463d55ff4dd4d8541c122
SHA1 a00dc58738755e02a5d003507115486ea30b737a
SHA256 1faa7188d9e5ef3218d7b8f3bf31558add92f2bfe299093525040cd47416b19d
SHA512 db05bc86740237377832b45b9171e3183718d58f092705d1702421f2bb4bd3640be5a396cdf59356736c94316352d3a0e9b4e0fe140a02f342d43bb059ac083b

C:\Windows\System32\inf32\{7339F7F9-8707-4F0E-B661-2D11E36E9C38}

MD5 0c5eb74943a2292b2d111147951ed4e1
SHA1 b0dfdfcd1197a1081365bcbcefb71a042bd960a8
SHA256 5e5cced44b6c51ed066f5ada1dfe557c12eeb3f7e4c53241ce8c6aa17b095b49
SHA512 fb54ebe6412eb182d04152104b36b1dc00a9cc024d1f13efe87a9a3ab74ef1a9b0bff3e247c2342670b6a77772b4707da60cb346069d68f70398bcb1e27130a7

C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates

MD5 a24657652f6d5da464a45bafb35edb36
SHA1 4c49dad53094b1949e7e1e86bceb2aa36de08240
SHA256 8f7312ec1d28b95a89a361812fb5272ba63b2ade0789d1d66bd50c47627449d5
SHA512 6fb4bdadf4dfa3fed06e10089376ed28a4d7b0c84f39481190f77b19f9cedcd825ddb2d78cb4ee81f0917d046b226cf923d36ebca4270b1fe53d7a3d883c144f

C:\Windows\System32\inf32\{92225C38-923E-400A-A807-27EB46E9D78D}

MD5 0e3ffecb1ab5568257df1b17e2320d46
SHA1 dc36b1bc1b572281159ac2e69464659ee5c86e49
SHA256 ad0cc3885f32efdb20f22431edd3f363db6ba609db5ddb6b607bd283a0a66aec
SHA512 6b309efbf3a743670a69f2a46dcef147c1c7db2ed432090d54d507696b86061831ee68cd7e6a0cf1173b36cd1bd745bdc3a684843ddcd72bcea2b9a630af71b9

C:\Windows\System32\inf32\{4CA2364F-7AEE-4A7E-A8A7-655611B397BA}

MD5 00548ab37b52524f44a039cac0ff9487
SHA1 7f776d4fc41eeb9f074f064e9a1abdf9374346aa
SHA256 0fc1392df250ae92a27c65b113eb9df2422e3f0e6e8e673fc36b57ad6e2f71ab
SHA512 19395746ef8a12cc899b610a9a7114a917ab031ebc4e654df154207825c7a670bcf150ac70d442fd97d5636bc5062682d97460cf01ba33a45cfd0034c7b6cb6f

C:\Users\Admin\AppData\Local\Temp\dop202402231325360791.tmp

MD5 902eeeb5c6fe8ac9fe603881d840a9ab
SHA1 258193f94919acbafac4131dd3cc1c4ea448eb8e
SHA256 807ff116faae2bcf3488dc13b485b6327eb2cafa4ac46da7985ff17281654ed3
SHA512 541e3568c5fd7e6c845d978706eb723f4b64a0a1915d02c93614ff3c3a36facfbb3b357243b005ae2a99f0abf8de104a298fb69a481c4f93c91261d84d64aa17

C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\userdata.omd.tmp

MD5 4a395f5b32d0754e7087e2ba87ec32e8
SHA1 8be9ba7753020597b5dcecf820b87afb918093b5
SHA256 ed14644c2b202f38463c4ae58d33c1aa477b9ed3d197975b27b61efb3d672bf3
SHA512 f8d61ff153a4d7ca2098413ae080d6884d0321fa76744146e250a100fe1f1c104fa9472ae694361cb514942f82b0ea7eca0627c677f66f1a2cfa197b27afbe24

C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\userdata.omd

MD5 919b8f65c3ef1726dd87dfa54123d958
SHA1 47ed8a15c7388ce24dc2d89c9f9131513b7eea45
SHA256 0cf15319f9339ea60adf46c71295bbe79ac905e05cfccfb28d2bb819ae5211c6
SHA512 66feb66d7c9b98face6bdab4fc1ffc0f3cfbedd81ec13487afd2fcd85cf19675c84ccbaee3596bbb0690553e6cb259a64287aeec286fd81e2f81bfb510fc545f

C:\ProgramData\GPSoftware\Directory Opus\Buttons\OpenOffice.dop

MD5 b6818847c7e573d96f73a648b1f38570
SHA1 7e55be38fca51196b5f7e1bd4ec1ce409d65326d
SHA256 21ca70e470967a4b5f6cbe3d1bffa087653a532bcd57a00c187ea745309b1b09
SHA512 5793fe4a9bdf777a7621a3d027d0cc0cded432114935e35107579ba6b0750b5947584f190db9f377615bb3706ff009a4cdf35c500c58d66d704030538105f07f

C:\ProgramData\GPSoftware\Directory Opus\Buttons\Office365.dop

MD5 9e59f69f9f5faabed753d8c94a40d63a
SHA1 191b32d6b45c21ca0ef412bc0523a9859c2df791
SHA256 9f6dba06f65cf1316f77e367107fa7c27b94154f8e0bb3cd4b06169169162704
SHA512 9e2b205f8bbbe0a5aafeec5f0935155ebe0ccd58222733bf00341709b27188d6e01799f4692be11776d48e4dfca5907c8b888de3e3b138921f4008a58afc9ae2

C:\ProgramData\GPSoftware\Directory Opus\Buttons\Office.dop

MD5 c552fa579d191c172843bae17e732230
SHA1 869d474d385d676995941350b8870fbc6f9ba56e
SHA256 c86149f85284c094c2388ba5b281dd19874c2cc131f9d6b3f19ecabdc356f7ff
SHA512 a94079da09bc22e3b217190f6c1d63c6b26a88ce26e83b3e0d05ff6b077afd3fd8d03645933258df55b4c7e7355b4248da71d2d0eb65f80228b2a5a9333d3f62

C:\ProgramData\GPSoftware\Directory Opus\Buttons\Drives.dop

MD5 63914bdda20a1317b5ad9e880ea39aac
SHA1 a488c43ca73c695760cd12db717f9e3eb7db74ad
SHA256 3723b0053e362a269841b5be3cc4c80b48330ca01f8bf365adc14f7be825e988
SHA512 665bce7952b9e14f7e08b1e20ad46296f7a95857d8afd506500f8799af497318c22b460ec652b1bf187e2a69bdf5987e8762e08b658fbf44f3f66902b2cb28c0

C:\ProgramData\GPSoftware\Directory Opus\Buttons\Applications.dop

MD5 d27f04da167278c81c5762868b75c094
SHA1 464a24503572f7b3a7f0afc41c8907b8adbe1fe8
SHA256 285752a34696e5db71b4f4d7f865b7f88f26d9139b8e7a4c3cf128c09dd0209c
SHA512 61ac374afba30ab1823084673fc1fae4a290db1c00f6209bb330dedb28188716b5dd6e25c0f7e1351689777a0e48b7438291ca6b89e095061a3be8abc8796574

C:\Program Files\GPSoftware\Directory Opus\Language\czech.dll

MD5 9c6cf1abbf0401707486e785617910b9
SHA1 8efa023f887e76399206149fa1b11fe22cf15065
SHA256 4b47b1eaa4a78b4e1b9f22f2c4f1f960dc599b3d9841bd79fb0107198b56dbc6
SHA512 1297576918ae0aeaeffb07b5df2f2da958fba2ce846dfd243862cd340e0271d1a145f550e62acb0f372a730325df1f56c51b8b71d01b6cadd7a92bd726f0bd52

C:\Program Files\GPSoftware\Directory Opus\Language\cht.dll

MD5 00c12798381315126563fef549295266
SHA1 151e6b98f7da9554c0942f65e75b0988489a8f99
SHA256 ece6eed8d61d36d4ec94148da9f3a14b12c82371e3df03c6fe5b9db6d08d398a
SHA512 58e108e1579cb78a456cd368813f5ac7c8498b7440f969c1bb7a965c33b14397b3af48dfad9568f878bd6bc728a4f79b7d387d935b3d8873d27c5f50a9961b0b

C:\Program Files\GPSoftware\Directory Opus\Language\chs.dll

MD5 3cb4068b15fa35dac0899461aa02f55c
SHA1 b54b339570daf46006634c52080aa3c651ae6a10
SHA256 c819c5387a223b3b76f795370e0c402c2fc4e978df702981a66c61bd635a05ac
SHA512 70c6bdeb460624de0d0ae76d5777c116a2ed025730b070563a6a00f31c44532f6969813559b4a288d47b793a61e88cfd175437d9fda0e51f8f8257eac03ca79c

C:\Program Files\GPSoftware\Directory Opus\Language\dutch.dll

MD5 6f4a7e8c84d488c35e670553d66446bf
SHA1 ab22d35dcd57878557ee7fe4e765ed4352c0f760
SHA256 4bb850b66dc060a3c45898d2a88d821dc175c108dd0789f0cc331ad8e5edeff0
SHA512 6e9ed09fdd6743ac8a5aaa33e2b26364a4ef8a7c364b35d463626c9f25eccfe23017d04a80f08731242e505f7b14a07792a9b974214e71309e090e31c5aed652

C:\Program Files\GPSoftware\Directory Opus\Language\ell.dll

MD5 bc7a54859cf7464fdc7c66f8c983a49f
SHA1 778e5ac306292d19c7f8ed1a35dfceaf616881c8
SHA256 b9fa56662ebccdc635ff5d1fc994a0f37ee4538a49900df0766c95d2fd88d7da
SHA512 c69362f08075d8cfb26ed47290b57bc62a3af134086a7976a6a5a75acfcd76a0efd0c78595ec7184e5e20693211ee7c7e0a25222ef9c47fa1abaf832b46426c9

C:\Program Files\GPSoftware\Directory Opus\Language\espanol.dll

MD5 2bbb86f4f49c53bb8dc84e6081bc4a46
SHA1 b482cd25386b190e36084bf5d7cf99519bc2a302
SHA256 2337ad92d2cde0afa5b6a443c7ce17df06c2d6648543fc7b1f3b3dc3806e21dc
SHA512 8957b261ef098212f19a195b755abe598463b07cca197d67d031296f1282fdbb1873103a83a6c146c557d9b7443d263d3358f41e662078949a022583bbdf0c53

C:\Program Files\GPSoftware\Directory Opus\Language\kor.dll

MD5 e25648d42ab74233fcca2c0703852c60
SHA1 b7f7bbe211c34ae72b461fce86d98b6dfa6c7af6
SHA256 cda3fe8d1e71317701278d23375a32087e4751f1148f606aa3eace33ba7766b1
SHA512 7c331da59f0fd5c97ca1373ecc835c4615f4e5d37b2eeb7dfbf31741873e8ec803499572e09ae92f3be0725d8b69b422363c4fc003b3d89a112648a621b2a1b5

C:\Program Files\GPSoftware\Directory Opus\Language\magyar.dll

MD5 5a0f37038c1098986a16141f7f010f54
SHA1 8d2d260aed6bd60587a667cec718390af3ad695e
SHA256 5298af8ea507fab69c6d80ea5e8e52462ef64385c0242d96420561de6c4f42b8
SHA512 052db0ace26e741fde0c90b446a067b5feae241b69c3df07b932daf594675732fd3d6c578102f83611b30ebfa2e42cbdff232b982aba0e276017ee55ca331f20

C:\Program Files\GPSoftware\Directory Opus\Language\polski.dll

MD5 18a341829ee8733387ec963ec49a58c3
SHA1 18101e1c2bf26eff27fec5b8bd9323b24bac32e1
SHA256 3b5bc67c7343dd9fa2c3f22e7610d0ddd0f261167fe40eee48ab3f3261aa7825
SHA512 0e9367b239ed88323d464b1b5213367b1384025f391e8819a264416b22fa7454f16faa4e39b6af5ff8417b420ebc2fd46592457d7f89a62dca8d48517d0c429e

C:\Program Files\GPSoftware\Directory Opus\Language\trk.dll

MD5 64f5be23f58b4725e201e8e33aada9e0
SHA1 a4354265aa0314570de6f7e4dc20c99d5dedc7ad
SHA256 93fd72681cbc21f14d3d63f2a6bf4420a9a87c17f783dc3c04f1c776f2af437d
SHA512 c210b026d5b5c4c57919bbe3d5d9d4f1e794d23a4739bcd020a654bddee1c4b7d6c67956976d0e139e4ff6121edb4213fc0f76fa85ddb1baab8a92a1cd5f935c

C:\Program Files\GPSoftware\Directory Opus\Language\svenska.dll

MD5 0fd162a235c40b1d0b7b0be2e0409c8c
SHA1 1637894d13fc10dabad7102e5c34d0a699645ae6
SHA256 69f6dccfa36b0e4fee40a56290a54cb3f41d97142e782153f7c552a999dda494
SHA512 78acbbcef9d5004aebbc5d3e6a5a3456ca561e070fc367bd0c47efa61f923f85041c94a14750b5db3d13b9e0a9f7784c87f2635d982971cab2bdb0ff7a7d3135

C:\Program Files\GPSoftware\Directory Opus\Language\rus.dll

MD5 82be5b75f18dd0a376279259b4b8c422
SHA1 ee412d33969659f38d26397fa937f69411aaff9c
SHA256 dbab830f85f0d7235204c4fc7a4cb6765a12b50018cbf8f1827aeb79685ed2b8
SHA512 6f370ca0419964212d5e0a58e73bba396e98a0a4189adc632f0428f3070dd012b3732888a33bbc33f78e520a97326cd1c7813201cf65af5253f20e9bb270c940

C:\Program Files\GPSoftware\Directory Opus\Language\ptg.dll

MD5 0492df10cb340694b5ce85e6965f3adc
SHA1 7bd90aaa117538b1dc600a6e432d6549712c1c64
SHA256 95a0ad799f29016d5892d1c3186dcca51b07180d2aaa47405a4cc2d00bb5c54c
SHA512 9d1fac9690293c9136ad75557c3c4b340837ec9b7b6df23d93358693d0373bea82f46576c4e6964d2f3f4cabd8c7c8d132d3a6e6853915ae47954a60079d1ab3

C:\Program Files\GPSoftware\Directory Opus\Language\pt-br.dll

MD5 92473ac0e301a01bb0f5fe9f994c56df
SHA1 343d560332f1b2cfc92acee1fee500b9545b82de
SHA256 1f8adda6ba20b99d6d203e10d2f88a8392c08f5f1e52bb1e1dca0ef9ccb12d9c
SHA512 c4ae0377c2c317b4fe0ea4cf738553b73ad290a5c7797cac48823ae1deb30ac9943918d92645152ad15789f1c2f84785412ff40ac587d8c4261513b9f77b03e0

C:\Program Files\GPSoftware\Directory Opus\Language\nor.dll

MD5 ad6881453ec3b6f111b2a8e1476aeb98
SHA1 15f344a2962f94b0b2ee4d092af0554086295f0a
SHA256 b2c3fe5d917e77d60394c69cb221dcde55457e6858a47b7c170cb680454399ea
SHA512 5d0b74a6176ef554ef54415e0c72df06c81554926e18d6d0c139d3581933b6fa72ca69173018054672c4b4ab12211f9dc0c155659cc005b9f0e24ddc7f24452e

C:\Program Files\GPSoftware\Directory Opus\Language\jpn.dll

MD5 eb07cefdab354aad2751606e478f293f
SHA1 d8a6fb85a7f4502fa375b13b9c403d71d0efd898
SHA256 e41c1267f88f74073263dce0e6396b7765d4d328434c33b81c5a7705d92a1420
SHA512 243fddd1b0738f7e997feabe1fb7547dd6c8611373d3531c40fe097717fc7ff6c0ff9c4f53d83cb547a92678ae242ee9bffd2468fdbbc960bec27cfad2c6d176

C:\Program Files\GPSoftware\Directory Opus\Language\italiano.dll

MD5 041190e9e4358b6a03de6f85b25bb9f4
SHA1 6f48ff7edd1c00b7ca7e764d4a33d80e07a1a5ae
SHA256 a412c24f229fcba3b390df2bffbd66777a04f0d72197f0fbf29512a8897f322a
SHA512 a8ca67a6813125cc157599c5db8f11b94470bab8a9c35c29f15f996c55df48bd89dca682bac19759137d436988a159c739193b22108eb0e2128dd19169a62178

C:\Program Files\GPSoftware\Directory Opus\Language\francais.dll

MD5 ae8bb9a7e0ab1bc14ed7060761e1afe4
SHA1 ef36694d2728206fcdbfc418a8a3d8577f0a58d4
SHA256 07446900fc9e1013c2b9db16608213c838440000982960645492050091fe1bf3
SHA512 86fd6f6d9cc6187e600e6446cbd075f69e014c52706ef8df576181a45498bc12b031d453b166429f20483861d314667a5fdd32b31a1f99fc7ecc72e724ca8668

C:\Program Files\GPSoftware\Directory Opus\Language\esm.dll

MD5 1f859e969ce52dc9413f60d070fa9d1a
SHA1 09da34591816ed67af1f75bc971c32047c7cfa89
SHA256 79659f904fe437eb9482b1edcf920e6b774525c84ce353f6d19887ca078b163f
SHA512 8dc6d3cf787abc7f86d6ce0d85fcce249a732c1dee7c3aafc8965bc433aa56387105a13d7e65c7b768622b0ead2aec5b50b793074a48c752561ee5be0ca92e96

C:\Program Files\GPSoftware\Directory Opus\Language\deutsch.dll

MD5 649c8a375006b855e8eea3b483ccba0a
SHA1 81d0fe7efeb446be37febb27cfddbb6b85f752fe
SHA256 44a9508a3d78e83de6acf816e7d0bb442f6ddce7f43fec02c7ee31e19b3a10f9
SHA512 7f10f2b535bab1dd8aac172ea0a242f06a4e0710dc0c7a0999b73ecbc08df9c3e4ba56ec690c5eb437dc39581c268ac67689fefce3b4c1a1858f980555248958

C:\Program Files\GPSoftware\Directory Opus\Language\dansk.dll

MD5 0c87c5ca2c72be8448810b890cc34361
SHA1 8b94e74ca518d7e973997e38a95545867eafc16c
SHA256 1ec253c700f1f5cc085103d3d3ea77b76f5ed9aef1cd05eae213f8b7a66a5ee5
SHA512 620ccf23f9192817605242f14b4cd6ff6dc6dc17df80b53c49586230a76837c7c2b8ad88076baaaa72bc75f6f116a32286b0b16f10930607141028b805934cf0

C:\ProgramData\GPSoftware\Directory Opus\Icons\DOpus9.dis

MD5 0b3e319f62a0a3e7bc85f228c44b8bc7
SHA1 acafb44114e947d6d5098a58536adc87a847603b
SHA256 14b9c26913cb8d6e17e4f8c6f675678a7ef95fc9b3513cbbbf4425412161a6a6
SHA512 d8bf067b9cd3780de621f98050e233ebdaa46dff5165b4fb32e24d033d15948f9ab313080297872e25c79900a4343e1112a3d42813b93f7efbe26a3a2333cea3

C:\ProgramData\GPSoftware\Directory Opus\Global Data\globaldata.omd

MD5 2e71210c66a0205a59ded5b2d95dd234
SHA1 602bfe8679a6247d8e517a2df33f5e077c6c7713
SHA256 257f15b71435ec8ae4993afa3992162017d8fb8d36314b7d16d6d97fe66fd1f5
SHA512 22ea589086dd90a13ebc715adc8dd1abe09392a9413e242899784a5083f996453429d3ee7ec958a65d5b64a19fd7fa55a0364ce22a4d14a79d5f98b25e9fdd0c

C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\ConfigFiles\toolbars.oxc.tmp

MD5 5d88e5b676ee6fc7300d26df3afa1caa
SHA1 b20b6086e4290f81f5b9806a16b0e0e326461bf0
SHA256 233289aaa83cc3176691cc8f0ed09cbfcb993ea6c868f4456e478d258bfbc08d
SHA512 5339f1015479053279218bc7770dedcb1a0f0875bb12aa4d5589abd8911addb59ae7d0b105b7b792b3342b4fab94795f9e3ff39dda38e34a2c9621f00b1d8ba3

C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\ConfigFiles\toolbars.oxc

MD5 63af086c67141e5b4e278fac8b141d8f
SHA1 6f73b37c687ec1a6c1ddec4ea9630dba69025ce2
SHA256 0718a23576d6717b23f6fba219b7592c1999c8da8b316c6cee535ab90a747dea
SHA512 d02037de904d117227c8ac2fc4d0aab144c834fef13dac5b4680ea8f4bffaa304ff40394f1fad08dcbc4f100d9aa7072de45f67a9b2f491ee1a73c4432f05114

\Program Files\GPSoftware\Directory Opus\Viewers\wma.dll

MD5 acde06a9f9d64ca2cbf963068c4d267c
SHA1 4809ce4160d1661c8db9125f290f2712cc1ab089
SHA256 2713b4c6ce4f49a769e005fff7cea749982930a71d59eededea766e624e81a5d
SHA512 4e0d0862f638f81150e722cdd2385f7497505cbb67407b5675845e8e478f9031dccd26dc185e0f8086bd8ac737539a4190c249610b2d7ebc53cad523ec23b8a5

\Program Files\GPSoftware\Directory Opus\Viewers\movie.dll

MD5 80ea35d47c325bbe5906e9830432ab90
SHA1 4fb2d3c449e4d3c25445c97d859cc0f5a9b42245
SHA256 8b5e95f546e23821239bf2be809987e725bb28d4f773a9f23f0519fe6f777867
SHA512 6a98ced85785d517b06b907612481888a56f899fba86a7130e078d7d151793b1a7b3ff66898502d4ac815e36955b5ea87131b735e10d455e3a3447ffc3e11d1f

\Program Files\GPSoftware\Directory Opus\Viewers\multiview.dll

MD5 217549d065ffaf42d67af4f39d18ea81
SHA1 9013c9aab6df6ca026ad2cfb67a7110fb3b65e68
SHA256 8356fa6fe53273d67defa2c790b3d29c5bd6fa691d9d81ec134290eb5bc89cd9
SHA512 24ff2d94047a1d6937e2761f1f34e41caed04f0b8f8cef446f4596df01891437043de94788e14784a2e5cc7a840741c011b405d0cc832c81df4c929096c61ff3

C:\Program Files\GPSoftware\Directory Opus\Viewers\opuswic.dll

MD5 206504a16ed83733fc542079bfb01529
SHA1 eebf5c32fb0bf001716a33580d4833af814d0a03
SHA256 9ea8c9074f97728184562909d1e778251e1c997b9ee966d3dcf41e5e731648d7
SHA512 0ad5fc1707675eb443ed95b012b16e9f4bd0bedd5f63a5bb7bc239696d3e4a13de6dd336c04cfeef0b92fd4806f3fb200cf2e905de2ac71a34d6b62fe519512d

\Program Files\GPSoftware\Directory Opus\Viewers\j2k.dll

MD5 2a044888d9fc36a25c6e47d92ee804d9
SHA1 db3036c2c17bbfd684484a62e76255096ebabf9a
SHA256 ab32f4781ef9fd5b26c5f0bcfcdd95826d719ff4c5e7d1a4bc15322d36c0cdbd
SHA512 079f624a650b223a4388d144af4730900dc025d4cc313a78a0b0b6e44cbadb8f850da320cee7f9e4f0ebe57da39b34a302444269e222767111bb1c3c1fd5b023

\Program Files\GPSoftware\Directory Opus\Viewers\gifanim.dll

MD5 f5ef1481d94cdd18aafd517386796806
SHA1 e7c25efc1bbe2ccdd99515d3028ca47a30d91bcd
SHA256 65fb6a831c4382fd3cf5292fc9164993d2f4c5ad2930e70eeef22987084eeb4f
SHA512 09d1a7f78619126460da85f6126ee23aada037ee9f9b4a8e56ecab86463cdfdf8e98466696f954a70349fcdb826d65acf2b0bae4d3e29f8b1cde2787b9668758

\Program Files\GPSoftware\Directory Opus\Viewers\docs.dll

MD5 52ef5de9b53f72c792bfb97d9cad3d06
SHA1 fc637a8a90ad7f29a4f36b2866c07c625a707843
SHA256 5367bb3bb18fb345b7906357b42ac5dec0b7e651c33c0b8c9d953cfa768c6097
SHA512 da8c975a42b3d7b59789bee2b96c051ae77956d169cd8b49a16b44b871b8cf89ac08b68a693292e1e0696061da7b72ceb4792a6f86807ea176d020ef6f12608f

\Program Files\GPSoftware\Directory Opus\Viewers\dcrawrap.dll

MD5 48547131cab3d340410eeb8bcc790754
SHA1 179948cdf302eee5410a1ecd10dbe64d8d2e0085
SHA256 a46cdab1156188e853ee6f5d2fe27491cfffc7c0635f7f43e9d4dc99112eee1c
SHA512 47cfba89d9f63f84c5ad5232cc108158e0feaaa32a04c4ab016b79a938de46d694a364258527e856c9c783c4500412441f8cfa7dcb356ae6c02298ec9d2605e0

\Program Files\GPSoftware\Directory Opus\Viewers\audiotags.dll

MD5 75691032e4b8ca7ddeda91de2d1d0576
SHA1 36619f913631e26ac60d9d949498e5fa73f330d3
SHA256 688bb8f0ad3869d26ecbb775a74de598cc81223cbeb789e5ec4ca0b057ac6864
SHA512 0c2cb92ead45a166e93c40c04a61e9d0523983c6219bb3e956651debbf0c95f597a17835bf49b59bbd0b6bb35ec4fb27c296aa198fdf2f326acffaf651625d4d

C:\Program Files\GPSoftware\Directory Opus\Viewers\dcrawrap.dll

MD5 f5a33c3e19dcb90ba19ef99047493392
SHA1 ddff18426e89069dc0a17f3087a4aed57dfdc2dd
SHA256 a60b12a9648d39cc243ec52beff2410f2565c51c02e7f0e5237a2764fdd93400
SHA512 b6254e009cc53cd8034a7565867ac71100bb96afafe0c8e47dc9f6aa2caa59a8e370ce8ccc9baebd73020aaff5c46cb8fe3943f59383e0378516c00d4fec80e6

memory/1520-1788-0x00007FFB35AD0000-0x00007FFB35AD1000-memory.dmp

C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\userdata.omd.tmp

MD5 4415e2cbb7187e301d47b324f78f7fb7
SHA1 06c1d7fb59566fba2e442db5e79161eb1031fc8f
SHA256 e41d3e5f8ac8e2a2a1ce55246cdd073e148b7668de35517225be49adc9288638
SHA512 864d9522026f5acc82daaff1f597f7baba8f7a103804825b5b766da6b71f3c779165c98f57f6d4d2ba596417f5d095c332d60ce43d95e571220e94eee2c240b2

C:\Users\Admin\AppData\Roaming\GPSoftware\Directory Opus\Formats\default.off

MD5 ead5bfe3e6f98bceaefefedd4d9e4645
SHA1 d83bbf46803a6b72c862d8aca7fba99a2e00d5c9
SHA256 e8d09814a61ed4dbce653055df236500d1abdb721144d4c1faff97447a61a863
SHA512 d21b804e14d1bcd85dd8331b4cccf92a667301a34a7f315e9708584583abd9338ccbdcc476ad64e7557c9776981fe3c97ee161bd872ede8fe513bfa371613687

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

MD5 4b77644baefb25d84d68da6f77cea216
SHA1 356b3b55c41bc9b5881f333beef11bc928cbfe63
SHA256 512a9d74b3c075f3a58682d069cc60b7353f34dc34f79fadcd5d0d8f104542ee
SHA512 2381d4f186a70bc67779e2835afc00d49726023384dc137e89799647c6cdbd83d800b841562052c6944cee5db2ed8ecf2a2ebfee3b80b1f3548100a69fcfc5e5

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 13:23

Reported

2024-02-23 13:29

Platform

win10v2004-20240221-en

Max time kernel

274s

Max time network

276s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 g.bing.com udp

Files

memory/884-0-0x00007FF89BBD0000-0x00007FF89BC10000-memory.dmp

memory/884-1-0x00000181BF9C0000-0x00000181BF9C1000-memory.dmp

memory/884-2-0x00007FF89BBD0000-0x00007FF89BC10000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-02-23 13:23

Reported

2024-02-23 13:29

Platform

win10v2004-20240221-en

Max time kernel

131s

Max time network

95s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Download Latest Cracks and Apps from CracksHash.com.url"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}\Download Latest Cracks and Apps from CracksHash.com.url"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp

Files

N/A