Technical Information
Modifies file system
Creates the following files
- <Current directory>\d.cab
- <Current directory>\$dpx$.tmp\76b022e1a3504142a3aa61f32f604ee1.tmp
- <Current directory>\$dpx$.tmp\e8c04cddae1dbf43b822ea97c40df66a.tmp
- <Current directory>\$dpx$.tmp\6a8c77e8876b404aaafa2dcc8a211519.tmp
- <Current directory>\$dpx$.tmp\dabdf1e4d8a7f84dbebec5aa1da0464e.tmp
- <Current directory>\$dpx$.tmp\f95eac46954ee942bad27f914b9aa9c8.tmp
- <Current directory>\$dpx$.tmp\e4321f637bafa448bc86ed1cc8807bba.tmp
- <Current directory>\$dpx$.tmp\5dc7386cc7f8634ab7cd25a1eb7d6b08.tmp
- <Current directory>\$dpx$.tmp\11a9135d7cd9284d88ea17fdade894a2.tmp
- <Current directory>\$dpx$.tmp\d021851d6c001141a551ee039cd01025.tmp
- <Current directory>\$dpx$.tmp\5236641f3ce9614c89b3a7dc0b7d17d0.tmp
- <Current directory>\$dpx$.tmp\9c9948d1b521414b9d7339f12d3a180d.tmp
- <Current directory>\$dpx$.tmp\2ca86ae84bb9374983b7ad62c833eb58.tmp
- <Current directory>\$dpx$.tmp\6ff627fa378ffd45b185030fab7824de.tmp
- <Current directory>\$dpx$.tmp\14aeb9ad03868448bd89443352d46f43.tmp
- <Current directory>\$dpx$.tmp\09633e09268f0f458404b86e42d9f4a2.tmp
- <Current directory>\$dpx$.tmp\efbefed808fc8645866e1058a0466686.tmp
- <Current directory>\$dpx$.tmp\2275c35343503e48aa52382125691063.tmp
- <Current directory>\$dpx$.tmp\a8557d32e378644c8d30d0c16b2a339f.tmp
- <Current directory>\$dpx$.tmp\5276190da3840042bd10efa4e2827cfe.tmp
- <Current directory>\$dpx$.tmp\8a6c272847a38b4c93648d41a134ca27.tmp
- <Current directory>\$dpx$.tmp\67306a02f2a0c94e91eb12dece62335d.tmp
- <Current directory>\$dpx$.tmp\4597c0541e56104bbece28b07e2710b3.tmp
- <Current directory>\$dpx$.tmp\f3050fca21b572489122bbe30ae54342.tmp
- <Current directory>\$dpx$.tmp\68dffc4e378b5e4ab40857b5a34e2c84.tmp
- <Current directory>\$dpx$.tmp\e8c07a6d9fd4cd48921127baee4df924.tmp
- <Current directory>\$dpx$.tmp\547a9242bb62344ea46b0c55e18b4244.tmp
- <Current directory>\$dpx$.tmp\16ca83e41121334795ff4917d6d51dd6.tmp
- <Current directory>\$dpx$.tmp\28fb49d787cb814b960f6e99e0d33e4c.tmp
- <Current directory>\$dpx$.tmp\b5ea3ecc9e596b43977b9e2b1dca406b.tmp
- <Current directory>\$dpx$.tmp\bd34f24a8381b6488560f35cd5097a69.tmp
- <Current directory>\$dpx$.tmp\b7aa14d639f9174e9212719bb44825a4.tmp
- <Current directory>\$dpx$.tmp\c5726117f0efb1498436e804e6b78c11.tmp
- <Current directory>\$dpx$.tmp\20d6fed59c3d5040b08c07a381f1f917.tmp
- <Current directory>\$dpx$.tmp\94e317a6827b4d4584d197b710ee4a32.tmp
- <Current directory>\$dpx$.tmp\a13552646e53384a838b3e5375f44029.tmp
- <Current directory>\$dpx$.tmp\bbf1f83d78794441916809d2894dc81d.tmp
- <Current directory>\$dpx$.tmp\f65634841e4903418c4c24eb4f68a721.tmp
- <Current directory>\$dpx$.tmp\3fb7cc654e26734d840daf56b4dca218.tmp
- <Current directory>\$dpx$.tmp\96888f5d32479f40bcca68858f5bbfc4.tmp
- <Current directory>\$dpx$.tmp\3a2c334fc3f25e4c9eae5d579b805f97.tmp
- <Current directory>\$dpx$.tmp\b460176506745744b82fb535152f1741.tmp
- <Current directory>\$dpx$.tmp\ea3bd00d7d254a48adb5976a80fbf0a5.tmp
- <Current directory>\$dpx$.tmp\1375dfd76d5f6d45a51ce970c2f827ee.tmp
- <Current directory>\$dpx$.tmp\e2aa0b5a7906584093e2b28403cf46e9.tmp
Sets the 'hidden' attribute to the following files
- <Current directory>\api-ms-win-core-console-l1-1-0.dll
- <Current directory>\api-ms-win-crt-conio-l1-1-0.dll
- <Current directory>\api-ms-win-crt-convert-l1-1-0.dll
- <Current directory>\api-ms-win-crt-environment-l1-1-0.dll
- <Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
- <Current directory>\api-ms-win-crt-heap-l1-1-0.dll
- <Current directory>\api-ms-win-crt-locale-l1-1-0.dll
- <Current directory>\api-ms-win-crt-math-l1-1-0.dll
- <Current directory>\api-ms-win-core-timezone-l1-1-0.dll
- <Current directory>\api-ms-win-core-util-l1-1-0.dll
- <Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
- <Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
- <Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
- <Current directory>\api-ms-win-crt-string-l1-1-0.dll
- <Current directory>\api-ms-win-crt-time-l1-1-0.dll
- <Current directory>\api-ms-win-crt-utility-l1-1-0.dll
- <Current directory>\msvcp140.dll
- <Current directory>\opencl.dll
- <Current directory>\api-ms-win-crt-private-l1-1-0.dll
- <Current directory>\api-ms-win-crt-process-l1-1-0.dll
- <Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
- <Current directory>\api-ms-win-core-synch-l1-2-0.dll
- <Current directory>\api-ms-win-core-synch-l1-1-0.dll
- <Current directory>\api-ms-win-core-debug-l1-1-0.dll
- <Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
- <Current directory>\api-ms-win-core-file-l1-1-0.dll
- <Current directory>\api-ms-win-core-file-l1-2-0.dll
- <Current directory>\api-ms-win-core-file-l2-1-0.dll
- <Current directory>\api-ms-win-core-handle-l1-1-0.dll
- <Current directory>\api-ms-win-core-heap-l1-1-0.dll
- <Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
- <Current directory>\api-ms-win-core-datetime-l1-1-0.dll
- <Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
- <Current directory>\api-ms-win-core-memory-l1-1-0.dll
- <Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
- <Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
- <Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
- <Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
- <Current directory>\api-ms-win-core-profile-l1-1-0.dll
- <Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
- <Current directory>\api-ms-win-core-string-l1-1-0.dll
- <Current directory>\api-ms-win-core-localization-l1-2-0.dll
- <Current directory>\ucrtbase.dll
- <Current directory>\vcruntime140.dll
Deletes the following files
- <Current directory>\d.cab
Moves the following files
- from <Current directory>\$dpx$.tmp\68dffc4e378b5e4ab40857b5a34e2c84.tmp to <Current directory>\api-ms-win-core-console-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\6a8c77e8876b404aaafa2dcc8a211519.tmp to <Current directory>\api-ms-win-crt-conio-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\dabdf1e4d8a7f84dbebec5aa1da0464e.tmp to <Current directory>\api-ms-win-crt-convert-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\f95eac46954ee942bad27f914b9aa9c8.tmp to <Current directory>\api-ms-win-crt-environment-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\e4321f637bafa448bc86ed1cc8807bba.tmp to <Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\5dc7386cc7f8634ab7cd25a1eb7d6b08.tmp to <Current directory>\api-ms-win-crt-heap-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\11a9135d7cd9284d88ea17fdade894a2.tmp to <Current directory>\api-ms-win-crt-locale-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\d021851d6c001141a551ee039cd01025.tmp to <Current directory>\api-ms-win-crt-math-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\76b022e1a3504142a3aa61f32f604ee1.tmp to <Current directory>\api-ms-win-core-timezone-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\e8c04cddae1dbf43b822ea97c40df66a.tmp to <Current directory>\api-ms-win-core-util-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\5236641f3ce9614c89b3a7dc0b7d17d0.tmp to <Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\6ff627fa378ffd45b185030fab7824de.tmp to <Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\14aeb9ad03868448bd89443352d46f43.tmp to <Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\09633e09268f0f458404b86e42d9f4a2.tmp to <Current directory>\api-ms-win-crt-string-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\efbefed808fc8645866e1058a0466686.tmp to <Current directory>\api-ms-win-crt-time-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\2275c35343503e48aa52382125691063.tmp to <Current directory>\api-ms-win-crt-utility-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\a8557d32e378644c8d30d0c16b2a339f.tmp to <Current directory>\msvcp140.dll
- from <Current directory>\$dpx$.tmp\5276190da3840042bd10efa4e2827cfe.tmp to <Current directory>\opencl.dll
- from <Current directory>\$dpx$.tmp\9c9948d1b521414b9d7339f12d3a180d.tmp to <Current directory>\api-ms-win-crt-private-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\2ca86ae84bb9374983b7ad62c833eb58.tmp to <Current directory>\api-ms-win-crt-process-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\8a6c272847a38b4c93648d41a134ca27.tmp to <Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\4597c0541e56104bbece28b07e2710b3.tmp to <Current directory>\api-ms-win-core-synch-l1-2-0.dll
- from <Current directory>\$dpx$.tmp\1375dfd76d5f6d45a51ce970c2f827ee.tmp to <Current directory>\api-ms-win-core-synch-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\547a9242bb62344ea46b0c55e18b4244.tmp to <Current directory>\api-ms-win-core-debug-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\16ca83e41121334795ff4917d6d51dd6.tmp to <Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\28fb49d787cb814b960f6e99e0d33e4c.tmp to <Current directory>\api-ms-win-core-file-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\b5ea3ecc9e596b43977b9e2b1dca406b.tmp to <Current directory>\api-ms-win-core-file-l1-2-0.dll
- from <Current directory>\$dpx$.tmp\bd34f24a8381b6488560f35cd5097a69.tmp to <Current directory>\api-ms-win-core-file-l2-1-0.dll
- from <Current directory>\$dpx$.tmp\b7aa14d639f9174e9212719bb44825a4.tmp to <Current directory>\api-ms-win-core-handle-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\c5726117f0efb1498436e804e6b78c11.tmp to <Current directory>\api-ms-win-core-heap-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\20d6fed59c3d5040b08c07a381f1f917.tmp to <Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\e8c07a6d9fd4cd48921127baee4df924.tmp to <Current directory>\api-ms-win-core-datetime-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\94e317a6827b4d4584d197b710ee4a32.tmp to <Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\bbf1f83d78794441916809d2894dc81d.tmp to <Current directory>\api-ms-win-core-memory-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\f65634841e4903418c4c24eb4f68a721.tmp to <Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\3fb7cc654e26734d840daf56b4dca218.tmp to <Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\96888f5d32479f40bcca68858f5bbfc4.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\3a2c334fc3f25e4c9eae5d579b805f97.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
- from <Current directory>\$dpx$.tmp\b460176506745744b82fb535152f1741.tmp to <Current directory>\api-ms-win-core-profile-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\ea3bd00d7d254a48adb5976a80fbf0a5.tmp to <Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\f3050fca21b572489122bbe30ae54342.tmp to <Current directory>\api-ms-win-core-string-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\a13552646e53384a838b3e5375f44029.tmp to <Current directory>\api-ms-win-core-localization-l1-2-0.dll
- from <Current directory>\$dpx$.tmp\67306a02f2a0c94e91eb12dece62335d.tmp to <Current directory>\ucrtbase.dll
- from <Current directory>\$dpx$.tmp\e2aa0b5a7906584093e2b28403cf46e9.tmp to <Current directory>\vcruntime140.dll
Network activity
UDP
- DNS ASK lp##.beahh.com
- DNS ASK lp##.abbny.com
- DNS ASK lp##.haqo.net
Miscellaneous
Creates and executes the following
- '<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a' (with hidden window)
Executes the following
- '<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a
- '<SYSTEM32>\expand.exe' d.cab -f:* .
