Technical Information
Modifies file system
Creates the following files
- <Current directory>\d.cab
- <Current directory>\$dpx$.tmp\0a276ed5efb76d408aba75c7724ad4e7.tmp
- <Current directory>\$dpx$.tmp\c6e2087596c5b24cb85ca8bbba94429f.tmp
- <Current directory>\$dpx$.tmp\2a11875d3d023b4da5646e4a78b9063a.tmp
- <Current directory>\$dpx$.tmp\ef16b5e54b6be64bba4ab66eccfb6da9.tmp
- <Current directory>\$dpx$.tmp\73bd520c4f8a8d4ea372a35307a887a6.tmp
- <Current directory>\$dpx$.tmp\9154d528fc44ef46afad8867694e5dd4.tmp
- <Current directory>\$dpx$.tmp\4297c1e70dcc3247b474b5bd4c3fc269.tmp
- <Current directory>\$dpx$.tmp\bd35575fa6a0c142b5bafc6fbaf5a0a5.tmp
- <Current directory>\$dpx$.tmp\5ec53118388da742a5f9308e880bbfbd.tmp
- <Current directory>\$dpx$.tmp\2499243b1be9534888c83b9a8861a451.tmp
- <Current directory>\$dpx$.tmp\b853973bd9b11a4ebbe4cb16ae2b46c5.tmp
- <Current directory>\$dpx$.tmp\4b49fb69e1020540b6b8149a74acc728.tmp
- <Current directory>\$dpx$.tmp\b4b00cc0864acd4f8d38f58e978bf68a.tmp
- <Current directory>\$dpx$.tmp\090416bfcba8a04c8f7f4da4948b6cb5.tmp
- <Current directory>\$dpx$.tmp\8d28349b45be5743834fd0ec3a6fc8cc.tmp
- <Current directory>\$dpx$.tmp\77f701dc9eee43458981e6625895d177.tmp
- <Current directory>\$dpx$.tmp\9b17a162f6c43d4eb123a29e50930de5.tmp
- <Current directory>\$dpx$.tmp\f0e86d58dbefa245899a338881aa2bee.tmp
- <Current directory>\$dpx$.tmp\fc38ab734911de4c911c150ecdcfb87f.tmp
- <Current directory>\$dpx$.tmp\2ee44a1ce4699647849c87e82854d180.tmp
- <Current directory>\$dpx$.tmp\2b83d24dd60c0345bce785582e4aaab0.tmp
- <Current directory>\$dpx$.tmp\aabe66fa1b1b5b44a22ad4ca93c61efc.tmp
- <Current directory>\$dpx$.tmp\4cdfb6babde36d468ed2c205b9fdd3f9.tmp
- <Current directory>\$dpx$.tmp\d2a59abc50862645a860c5761604ef80.tmp
- <Current directory>\$dpx$.tmp\d68b30ec8280924697dfa016b08fb4c6.tmp
- <Current directory>\$dpx$.tmp\6e00f499b24c2843aee7fae7012f2da8.tmp
- <Current directory>\$dpx$.tmp\1f6db6acf369f54ea563b0cbfd41a990.tmp
- <Current directory>\$dpx$.tmp\bd5630eb2e9dc440b56c9d1307a8cd07.tmp
- <Current directory>\$dpx$.tmp\401b17e6afca4d44be8c99117319cd31.tmp
- <Current directory>\$dpx$.tmp\d8d6a150876d214a8f974d82061e9970.tmp
- <Current directory>\$dpx$.tmp\cc1628f7bc9614419c48380cde9fec71.tmp
- <Current directory>\$dpx$.tmp\3fc5f3d234545e44acad4f6e4bc26543.tmp
- <Current directory>\$dpx$.tmp\cefa7136c7bd1748b0ad10a5a31393c9.tmp
- <Current directory>\$dpx$.tmp\9e86c606311b724cabac7c92b95e8c59.tmp
- <Current directory>\$dpx$.tmp\6862773b9e73624daa54d707e6ee33f7.tmp
- <Current directory>\$dpx$.tmp\afcf9ef5feca5d469f7eac430751729f.tmp
- <Current directory>\$dpx$.tmp\33ca144fd5102a4496a331eee88b7a93.tmp
- <Current directory>\$dpx$.tmp\389c923dbaef7548b66f235b37f4871b.tmp
- <Current directory>\$dpx$.tmp\72fecb13df2c8e4a80e03139419c1015.tmp
- <Current directory>\$dpx$.tmp\ea15a122c5cceb45a0b092514febcf76.tmp
- <Current directory>\$dpx$.tmp\9a2571d540a5c543b4422d9e189ed374.tmp
- <Current directory>\$dpx$.tmp\adf7ee521b992942a9458e6d028bf3d6.tmp
- <Current directory>\$dpx$.tmp\da840d9dc5543c41bd60fbe53fa18b26.tmp
- <Current directory>\$dpx$.tmp\14510aba91c7bd44a35af3713b223cbf.tmp
Sets the 'hidden' attribute to the following files
- <Current directory>\api-ms-win-core-console-l1-1-0.dll
- <Current directory>\api-ms-win-crt-conio-l1-1-0.dll
- <Current directory>\api-ms-win-crt-convert-l1-1-0.dll
- <Current directory>\api-ms-win-crt-environment-l1-1-0.dll
- <Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
- <Current directory>\api-ms-win-crt-heap-l1-1-0.dll
- <Current directory>\api-ms-win-crt-locale-l1-1-0.dll
- <Current directory>\api-ms-win-crt-math-l1-1-0.dll
- <Current directory>\api-ms-win-core-timezone-l1-1-0.dll
- <Current directory>\api-ms-win-core-util-l1-1-0.dll
- <Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
- <Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
- <Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
- <Current directory>\api-ms-win-crt-string-l1-1-0.dll
- <Current directory>\api-ms-win-crt-time-l1-1-0.dll
- <Current directory>\api-ms-win-crt-utility-l1-1-0.dll
- <Current directory>\msvcp140.dll
- <Current directory>\opencl.dll
- <Current directory>\api-ms-win-crt-private-l1-1-0.dll
- <Current directory>\api-ms-win-crt-process-l1-1-0.dll
- <Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
- <Current directory>\api-ms-win-core-synch-l1-2-0.dll
- <Current directory>\api-ms-win-core-synch-l1-1-0.dll
- <Current directory>\api-ms-win-core-debug-l1-1-0.dll
- <Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
- <Current directory>\api-ms-win-core-file-l1-1-0.dll
- <Current directory>\api-ms-win-core-file-l1-2-0.dll
- <Current directory>\api-ms-win-core-file-l2-1-0.dll
- <Current directory>\api-ms-win-core-handle-l1-1-0.dll
- <Current directory>\api-ms-win-core-heap-l1-1-0.dll
- <Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
- <Current directory>\api-ms-win-core-datetime-l1-1-0.dll
- <Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
- <Current directory>\api-ms-win-core-memory-l1-1-0.dll
- <Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
- <Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
- <Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
- <Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
- <Current directory>\api-ms-win-core-profile-l1-1-0.dll
- <Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
- <Current directory>\api-ms-win-core-string-l1-1-0.dll
- <Current directory>\api-ms-win-core-localization-l1-2-0.dll
- <Current directory>\ucrtbase.dll
- <Current directory>\vcruntime140.dll
Deletes the following files
- <Current directory>\d.cab
Moves the following files
- from <Current directory>\$dpx$.tmp\d2a59abc50862645a860c5761604ef80.tmp to <Current directory>\api-ms-win-core-console-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\2a11875d3d023b4da5646e4a78b9063a.tmp to <Current directory>\api-ms-win-crt-conio-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\ef16b5e54b6be64bba4ab66eccfb6da9.tmp to <Current directory>\api-ms-win-crt-convert-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\73bd520c4f8a8d4ea372a35307a887a6.tmp to <Current directory>\api-ms-win-crt-environment-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\9154d528fc44ef46afad8867694e5dd4.tmp to <Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\4297c1e70dcc3247b474b5bd4c3fc269.tmp to <Current directory>\api-ms-win-crt-heap-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\bd35575fa6a0c142b5bafc6fbaf5a0a5.tmp to <Current directory>\api-ms-win-crt-locale-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\5ec53118388da742a5f9308e880bbfbd.tmp to <Current directory>\api-ms-win-crt-math-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\0a276ed5efb76d408aba75c7724ad4e7.tmp to <Current directory>\api-ms-win-core-timezone-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\c6e2087596c5b24cb85ca8bbba94429f.tmp to <Current directory>\api-ms-win-core-util-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\2499243b1be9534888c83b9a8861a451.tmp to <Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\b4b00cc0864acd4f8d38f58e978bf68a.tmp to <Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\090416bfcba8a04c8f7f4da4948b6cb5.tmp to <Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\8d28349b45be5743834fd0ec3a6fc8cc.tmp to <Current directory>\api-ms-win-crt-string-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\77f701dc9eee43458981e6625895d177.tmp to <Current directory>\api-ms-win-crt-time-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\9b17a162f6c43d4eb123a29e50930de5.tmp to <Current directory>\api-ms-win-crt-utility-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\f0e86d58dbefa245899a338881aa2bee.tmp to <Current directory>\msvcp140.dll
- from <Current directory>\$dpx$.tmp\fc38ab734911de4c911c150ecdcfb87f.tmp to <Current directory>\opencl.dll
- from <Current directory>\$dpx$.tmp\b853973bd9b11a4ebbe4cb16ae2b46c5.tmp to <Current directory>\api-ms-win-crt-private-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\4b49fb69e1020540b6b8149a74acc728.tmp to <Current directory>\api-ms-win-crt-process-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\2ee44a1ce4699647849c87e82854d180.tmp to <Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\aabe66fa1b1b5b44a22ad4ca93c61efc.tmp to <Current directory>\api-ms-win-core-synch-l1-2-0.dll
- from <Current directory>\$dpx$.tmp\da840d9dc5543c41bd60fbe53fa18b26.tmp to <Current directory>\api-ms-win-core-synch-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\6e00f499b24c2843aee7fae7012f2da8.tmp to <Current directory>\api-ms-win-core-debug-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\1f6db6acf369f54ea563b0cbfd41a990.tmp to <Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\bd5630eb2e9dc440b56c9d1307a8cd07.tmp to <Current directory>\api-ms-win-core-file-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\401b17e6afca4d44be8c99117319cd31.tmp to <Current directory>\api-ms-win-core-file-l1-2-0.dll
- from <Current directory>\$dpx$.tmp\d8d6a150876d214a8f974d82061e9970.tmp to <Current directory>\api-ms-win-core-file-l2-1-0.dll
- from <Current directory>\$dpx$.tmp\cc1628f7bc9614419c48380cde9fec71.tmp to <Current directory>\api-ms-win-core-handle-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\3fc5f3d234545e44acad4f6e4bc26543.tmp to <Current directory>\api-ms-win-core-heap-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\cefa7136c7bd1748b0ad10a5a31393c9.tmp to <Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\d68b30ec8280924697dfa016b08fb4c6.tmp to <Current directory>\api-ms-win-core-datetime-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\9e86c606311b724cabac7c92b95e8c59.tmp to <Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\afcf9ef5feca5d469f7eac430751729f.tmp to <Current directory>\api-ms-win-core-memory-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\33ca144fd5102a4496a331eee88b7a93.tmp to <Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\389c923dbaef7548b66f235b37f4871b.tmp to <Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\72fecb13df2c8e4a80e03139419c1015.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\ea15a122c5cceb45a0b092514febcf76.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
- from <Current directory>\$dpx$.tmp\9a2571d540a5c543b4422d9e189ed374.tmp to <Current directory>\api-ms-win-core-profile-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\adf7ee521b992942a9458e6d028bf3d6.tmp to <Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\4cdfb6babde36d468ed2c205b9fdd3f9.tmp to <Current directory>\api-ms-win-core-string-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\6862773b9e73624daa54d707e6ee33f7.tmp to <Current directory>\api-ms-win-core-localization-l1-2-0.dll
- from <Current directory>\$dpx$.tmp\2b83d24dd60c0345bce785582e4aaab0.tmp to <Current directory>\ucrtbase.dll
- from <Current directory>\$dpx$.tmp\14510aba91c7bd44a35af3713b223cbf.tmp to <Current directory>\vcruntime140.dll
Network activity
TCP
- 'lp##.abbny.com':443
- 'lp##.haqo.net':443
UDP
- DNS ASK lp##.beahh.com
- DNS ASK lp##.abbny.com
- DNS ASK lp##.haqo.net
Miscellaneous
Creates and executes the following
- '<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a' (with hidden window)
Executes the following
- '<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a
- '<SYSTEM32>\expand.exe' d.cab -f:* .
