Technical Information
Modifies file system
Creates the following files
- <Current directory>\d.cab
- <Current directory>\$dpx$.tmp\2f7990fba6158b4db57f0b20c45311ff.tmp
- <Current directory>\$dpx$.tmp\cfc65e2d1109da40a96bdd19e02c10f2.tmp
- <Current directory>\$dpx$.tmp\a1d088f89188a142814858af52c7795c.tmp
- <Current directory>\$dpx$.tmp\a5c4b9f2e396d949a9df33e85023f22e.tmp
- <Current directory>\$dpx$.tmp\73b68f2e551af04da5dd0940af7b8c0c.tmp
- <Current directory>\$dpx$.tmp\a22325501c84b94f8897a26eab54143b.tmp
- <Current directory>\$dpx$.tmp\4a68c20f03f5034696f376a36e77e3de.tmp
- <Current directory>\$dpx$.tmp\91f31b5b15d39f4e8fe7dec2f4e8ebf1.tmp
- <Current directory>\$dpx$.tmp\404ae9d56e67794aa15e1ea38bd61ca9.tmp
- <Current directory>\$dpx$.tmp\7c556f7de778684eb7c440cc641bf216.tmp
- <Current directory>\$dpx$.tmp\cac266efca69c94cbc4d2f807ff0a0a0.tmp
- <Current directory>\$dpx$.tmp\02a306f30bfa40409944e5137bdcdc37.tmp
- <Current directory>\$dpx$.tmp\bfa07fdc9e531147ac97e0a032918b5f.tmp
- <Current directory>\$dpx$.tmp\e70583590e400f46aa604bb9d900a5bd.tmp
- <Current directory>\$dpx$.tmp\085491844554cc4a892389c9044aeb2b.tmp
- <Current directory>\$dpx$.tmp\2f74bc43b9295d47b345910f905e19a9.tmp
- <Current directory>\$dpx$.tmp\24eaad0b581bd74daae59e9951c92f4e.tmp
- <Current directory>\$dpx$.tmp\ca3089bbdee8c84fa273b0d46f9e4077.tmp
- <Current directory>\$dpx$.tmp\4d32224abdcafe4eaf3894494bca4071.tmp
- <Current directory>\$dpx$.tmp\4cb92261c7a80345b9cf10dc793e2639.tmp
- <Current directory>\$dpx$.tmp\e93162ff712d0249976b5af4495fff37.tmp
- <Current directory>\$dpx$.tmp\714e0a3937d6a24e84564572873eb984.tmp
- <Current directory>\$dpx$.tmp\7f47a0881e184443aee504994a179a33.tmp
- <Current directory>\$dpx$.tmp\edd6e968e144784da5c9d4f58df2050f.tmp
- <Current directory>\$dpx$.tmp\86f2d72ca23ccd4a9ceed5ddc5296749.tmp
- <Current directory>\$dpx$.tmp\c2999adc761a9e4f87536e21585876d6.tmp
- <Current directory>\$dpx$.tmp\80048491b2788047bcace6df13e4eee5.tmp
- <Current directory>\$dpx$.tmp\a7b510797b0267458dfc2abba2fccfe0.tmp
- <Current directory>\$dpx$.tmp\c5d017c72e0b30499ea36b1baed9f369.tmp
- <Current directory>\$dpx$.tmp\c25c4db2c30bbb42b78abead7646d4be.tmp
- <Current directory>\$dpx$.tmp\6103192025367144a6b69b2093eb6020.tmp
- <Current directory>\$dpx$.tmp\9977222414d8854aa61e773ff4e7d10d.tmp
- <Current directory>\$dpx$.tmp\6072001aed8ade4996c48c2e67c473ea.tmp
- <Current directory>\$dpx$.tmp\59295385262f6c46b5df8ce94a63d557.tmp
- <Current directory>\$dpx$.tmp\7ccf2b65ef3ebc439f9e7ca50d408da6.tmp
- <Current directory>\$dpx$.tmp\d15f9e735925324696e5bff5f31ea9f1.tmp
- <Current directory>\$dpx$.tmp\7d56ea73cb9a6f4f838ea07b363d1ea6.tmp
- <Current directory>\$dpx$.tmp\c9ba3405c6370e41a0311c7857755b71.tmp
- <Current directory>\$dpx$.tmp\70fda4a6ac6fcd44876c7890689abb79.tmp
- <Current directory>\$dpx$.tmp\fb9971275779984c8fdb07d39e004900.tmp
- <Current directory>\$dpx$.tmp\04b67ce3e234ee4c952f8a1051ba7dfb.tmp
- <Current directory>\$dpx$.tmp\a20b70cf11a9cb44ae85ef56ce02d98b.tmp
- <Current directory>\$dpx$.tmp\ac8c308acc27ec4e9be89cdbaaf6e6fd.tmp
- <Current directory>\$dpx$.tmp\944395d6eb046b4f83b2b912169f8022.tmp
Sets the 'hidden' attribute to the following files
- <Current directory>\api-ms-win-core-console-l1-1-0.dll
- <Current directory>\api-ms-win-crt-conio-l1-1-0.dll
- <Current directory>\api-ms-win-crt-convert-l1-1-0.dll
- <Current directory>\api-ms-win-crt-environment-l1-1-0.dll
- <Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
- <Current directory>\api-ms-win-crt-heap-l1-1-0.dll
- <Current directory>\api-ms-win-crt-locale-l1-1-0.dll
- <Current directory>\api-ms-win-crt-math-l1-1-0.dll
- <Current directory>\api-ms-win-core-timezone-l1-1-0.dll
- <Current directory>\api-ms-win-core-util-l1-1-0.dll
- <Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
- <Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
- <Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
- <Current directory>\api-ms-win-crt-string-l1-1-0.dll
- <Current directory>\api-ms-win-crt-time-l1-1-0.dll
- <Current directory>\api-ms-win-crt-utility-l1-1-0.dll
- <Current directory>\msvcp140.dll
- <Current directory>\opencl.dll
- <Current directory>\api-ms-win-crt-private-l1-1-0.dll
- <Current directory>\api-ms-win-crt-process-l1-1-0.dll
- <Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
- <Current directory>\api-ms-win-core-synch-l1-2-0.dll
- <Current directory>\api-ms-win-core-synch-l1-1-0.dll
- <Current directory>\api-ms-win-core-debug-l1-1-0.dll
- <Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
- <Current directory>\api-ms-win-core-file-l1-1-0.dll
- <Current directory>\api-ms-win-core-file-l1-2-0.dll
- <Current directory>\api-ms-win-core-file-l2-1-0.dll
- <Current directory>\api-ms-win-core-handle-l1-1-0.dll
- <Current directory>\api-ms-win-core-heap-l1-1-0.dll
- <Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
- <Current directory>\api-ms-win-core-datetime-l1-1-0.dll
- <Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
- <Current directory>\api-ms-win-core-memory-l1-1-0.dll
- <Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
- <Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
- <Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
- <Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
- <Current directory>\api-ms-win-core-profile-l1-1-0.dll
- <Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
- <Current directory>\api-ms-win-core-string-l1-1-0.dll
- <Current directory>\api-ms-win-core-localization-l1-2-0.dll
- <Current directory>\ucrtbase.dll
- <Current directory>\vcruntime140.dll
Deletes the following files
- <Current directory>\d.cab
Moves the following files
- from <Current directory>\$dpx$.tmp\edd6e968e144784da5c9d4f58df2050f.tmp to <Current directory>\api-ms-win-core-console-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\a1d088f89188a142814858af52c7795c.tmp to <Current directory>\api-ms-win-crt-conio-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\a5c4b9f2e396d949a9df33e85023f22e.tmp to <Current directory>\api-ms-win-crt-convert-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\73b68f2e551af04da5dd0940af7b8c0c.tmp to <Current directory>\api-ms-win-crt-environment-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\a22325501c84b94f8897a26eab54143b.tmp to <Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\4a68c20f03f5034696f376a36e77e3de.tmp to <Current directory>\api-ms-win-crt-heap-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\91f31b5b15d39f4e8fe7dec2f4e8ebf1.tmp to <Current directory>\api-ms-win-crt-locale-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\404ae9d56e67794aa15e1ea38bd61ca9.tmp to <Current directory>\api-ms-win-crt-math-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\2f7990fba6158b4db57f0b20c45311ff.tmp to <Current directory>\api-ms-win-core-timezone-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\cfc65e2d1109da40a96bdd19e02c10f2.tmp to <Current directory>\api-ms-win-core-util-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\7c556f7de778684eb7c440cc641bf216.tmp to <Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\bfa07fdc9e531147ac97e0a032918b5f.tmp to <Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\e70583590e400f46aa604bb9d900a5bd.tmp to <Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\085491844554cc4a892389c9044aeb2b.tmp to <Current directory>\api-ms-win-crt-string-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\2f74bc43b9295d47b345910f905e19a9.tmp to <Current directory>\api-ms-win-crt-time-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\24eaad0b581bd74daae59e9951c92f4e.tmp to <Current directory>\api-ms-win-crt-utility-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\ca3089bbdee8c84fa273b0d46f9e4077.tmp to <Current directory>\msvcp140.dll
- from <Current directory>\$dpx$.tmp\4d32224abdcafe4eaf3894494bca4071.tmp to <Current directory>\opencl.dll
- from <Current directory>\$dpx$.tmp\cac266efca69c94cbc4d2f807ff0a0a0.tmp to <Current directory>\api-ms-win-crt-private-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\02a306f30bfa40409944e5137bdcdc37.tmp to <Current directory>\api-ms-win-crt-process-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\4cb92261c7a80345b9cf10dc793e2639.tmp to <Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\714e0a3937d6a24e84564572873eb984.tmp to <Current directory>\api-ms-win-core-synch-l1-2-0.dll
- from <Current directory>\$dpx$.tmp\ac8c308acc27ec4e9be89cdbaaf6e6fd.tmp to <Current directory>\api-ms-win-core-synch-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\c2999adc761a9e4f87536e21585876d6.tmp to <Current directory>\api-ms-win-core-debug-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\80048491b2788047bcace6df13e4eee5.tmp to <Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\a7b510797b0267458dfc2abba2fccfe0.tmp to <Current directory>\api-ms-win-core-file-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\c5d017c72e0b30499ea36b1baed9f369.tmp to <Current directory>\api-ms-win-core-file-l1-2-0.dll
- from <Current directory>\$dpx$.tmp\c25c4db2c30bbb42b78abead7646d4be.tmp to <Current directory>\api-ms-win-core-file-l2-1-0.dll
- from <Current directory>\$dpx$.tmp\6103192025367144a6b69b2093eb6020.tmp to <Current directory>\api-ms-win-core-handle-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\9977222414d8854aa61e773ff4e7d10d.tmp to <Current directory>\api-ms-win-core-heap-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\6072001aed8ade4996c48c2e67c473ea.tmp to <Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\86f2d72ca23ccd4a9ceed5ddc5296749.tmp to <Current directory>\api-ms-win-core-datetime-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\59295385262f6c46b5df8ce94a63d557.tmp to <Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\d15f9e735925324696e5bff5f31ea9f1.tmp to <Current directory>\api-ms-win-core-memory-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\7d56ea73cb9a6f4f838ea07b363d1ea6.tmp to <Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\c9ba3405c6370e41a0311c7857755b71.tmp to <Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\70fda4a6ac6fcd44876c7890689abb79.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\fb9971275779984c8fdb07d39e004900.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
- from <Current directory>\$dpx$.tmp\04b67ce3e234ee4c952f8a1051ba7dfb.tmp to <Current directory>\api-ms-win-core-profile-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\a20b70cf11a9cb44ae85ef56ce02d98b.tmp to <Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\7f47a0881e184443aee504994a179a33.tmp to <Current directory>\api-ms-win-core-string-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\7ccf2b65ef3ebc439f9e7ca50d408da6.tmp to <Current directory>\api-ms-win-core-localization-l1-2-0.dll
- from <Current directory>\$dpx$.tmp\e93162ff712d0249976b5af4495fff37.tmp to <Current directory>\ucrtbase.dll
- from <Current directory>\$dpx$.tmp\944395d6eb046b4f83b2b912169f8022.tmp to <Current directory>\vcruntime140.dll
Network activity
UDP
- DNS ASK lp##.beahh.com
- DNS ASK lp##.abbny.com
- DNS ASK lp##.haqo.net
Miscellaneous
Creates and executes the following
- '<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a' (with hidden window)
Executes the following
- '<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a
- '<SYSTEM32>\expand.exe' d.cab -f:* .
