Technical Information
Modifies file system
Creates the following files
- <Current directory>\d.cab
- <Current directory>\$dpx$.tmp\7fb5f455d3d64e478f83578829074711.tmp
- <Current directory>\$dpx$.tmp\47411e370a307340ad322bbbb8c8b2d1.tmp
- <Current directory>\$dpx$.tmp\1fb1663cf52e3646b44eeda746fd0f60.tmp
- <Current directory>\$dpx$.tmp\84d14448e8ffcc4c8f0fc9a633b3f976.tmp
- <Current directory>\$dpx$.tmp\13a7c555d8950346bee528e6e53674a9.tmp
- <Current directory>\$dpx$.tmp\7cc72533ab4aa440b6a5a7c4bfab7e92.tmp
- <Current directory>\$dpx$.tmp\3fd5a75f2bf3dc47a148c1884bb64f68.tmp
- <Current directory>\$dpx$.tmp\018ca1e146cceb49bcd9c1ec3f3e5f81.tmp
- <Current directory>\$dpx$.tmp\e3fe46b83dc4524b857b71982b47b1b5.tmp
- <Current directory>\$dpx$.tmp\f16c9ee15378324294d49d104bac9e6e.tmp
- <Current directory>\$dpx$.tmp\b9e60c485bbd0a40b0fce8b76468f024.tmp
- <Current directory>\$dpx$.tmp\5bb52cdd2771e54b9bed4634e0469bbf.tmp
- <Current directory>\$dpx$.tmp\e635d58fbbe290438184dfcd7a337876.tmp
- <Current directory>\$dpx$.tmp\59a23d1859c6024f899f0f11581e5b61.tmp
- <Current directory>\$dpx$.tmp\aa2c1e78d836424798b99c93069948b3.tmp
- <Current directory>\$dpx$.tmp\192373a12666144b8f343cbbe7cbd0c2.tmp
- <Current directory>\$dpx$.tmp\04a2e219b321d548b83f390ecd7c609e.tmp
- <Current directory>\$dpx$.tmp\8bb95bdde4943244ab4506e59b9af1e5.tmp
- <Current directory>\$dpx$.tmp\95f34af49273b54db13f4a50b023ff18.tmp
- <Current directory>\$dpx$.tmp\eb4fdcdd2a74be4598a1705eb866baae.tmp
- <Current directory>\$dpx$.tmp\4c5ce9e1a7c39a48a34c8dd4d7247d86.tmp
- <Current directory>\$dpx$.tmp\54600f270e943c4a9e2699ccffdd231b.tmp
- <Current directory>\$dpx$.tmp\f385477a6f066e48b76dcd13bc730b65.tmp
- <Current directory>\$dpx$.tmp\73679854c0b70e4f84c1b1931788bb91.tmp
- <Current directory>\$dpx$.tmp\466a1dfa3deaeb4a957b5c28647e34bc.tmp
- <Current directory>\$dpx$.tmp\193b2c1e79600e40abdb328b3a1361fb.tmp
- <Current directory>\$dpx$.tmp\5ddc7d53b89af945ac6e66036071890a.tmp
- <Current directory>\$dpx$.tmp\0c8cbbfbbe5b434c99717df8b24d738d.tmp
- <Current directory>\$dpx$.tmp\bf35c9f732243a43a10ac6ea72c0e9a1.tmp
- <Current directory>\$dpx$.tmp\02ec61a1032737449672c2a85e7f93b5.tmp
- <Current directory>\$dpx$.tmp\01fa85a4018eaf488af8e5688ce4fbb3.tmp
- <Current directory>\$dpx$.tmp\891e0eabeabeea45b65dc63cd087c5fa.tmp
- <Current directory>\$dpx$.tmp\89fef2d771f7e341b37143ff792e57af.tmp
- <Current directory>\$dpx$.tmp\a148a18a89072341afa52ae39af39cf1.tmp
- <Current directory>\$dpx$.tmp\24f938723c99264c8ed69d0f8b3195ee.tmp
- <Current directory>\$dpx$.tmp\dbcd3dafa4356542b2144374d636bac0.tmp
- <Current directory>\$dpx$.tmp\4d441e7a5056d449942268fc0a34efc7.tmp
- <Current directory>\$dpx$.tmp\a34ccb3725336a41b1c659f202537ce9.tmp
- <Current directory>\$dpx$.tmp\3df90a88768f2e41bd9a5c2050b81b08.tmp
- <Current directory>\$dpx$.tmp\fb20a5c039414649abf81db9f78e0f12.tmp
- <Current directory>\$dpx$.tmp\29abb13f83a8af43a5da4991f98025f6.tmp
- <Current directory>\$dpx$.tmp\b52385957ab8754895512ae1d07d38bf.tmp
- <Current directory>\$dpx$.tmp\cce75fb3cee9c84b9cfbab0f4a64fb9e.tmp
- <Current directory>\$dpx$.tmp\e36e381358654741b5d2c6768f1de344.tmp
Sets the 'hidden' attribute to the following files
- <Current directory>\api-ms-win-core-console-l1-1-0.dll
- <Current directory>\api-ms-win-crt-conio-l1-1-0.dll
- <Current directory>\api-ms-win-crt-convert-l1-1-0.dll
- <Current directory>\api-ms-win-crt-environment-l1-1-0.dll
- <Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
- <Current directory>\api-ms-win-crt-heap-l1-1-0.dll
- <Current directory>\api-ms-win-crt-locale-l1-1-0.dll
- <Current directory>\api-ms-win-crt-math-l1-1-0.dll
- <Current directory>\api-ms-win-core-timezone-l1-1-0.dll
- <Current directory>\api-ms-win-core-util-l1-1-0.dll
- <Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
- <Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
- <Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
- <Current directory>\api-ms-win-crt-string-l1-1-0.dll
- <Current directory>\api-ms-win-crt-time-l1-1-0.dll
- <Current directory>\api-ms-win-crt-utility-l1-1-0.dll
- <Current directory>\msvcp140.dll
- <Current directory>\opencl.dll
- <Current directory>\api-ms-win-crt-private-l1-1-0.dll
- <Current directory>\api-ms-win-crt-process-l1-1-0.dll
- <Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
- <Current directory>\api-ms-win-core-synch-l1-2-0.dll
- <Current directory>\api-ms-win-core-synch-l1-1-0.dll
- <Current directory>\api-ms-win-core-debug-l1-1-0.dll
- <Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
- <Current directory>\api-ms-win-core-file-l1-1-0.dll
- <Current directory>\api-ms-win-core-file-l1-2-0.dll
- <Current directory>\api-ms-win-core-file-l2-1-0.dll
- <Current directory>\api-ms-win-core-handle-l1-1-0.dll
- <Current directory>\api-ms-win-core-heap-l1-1-0.dll
- <Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
- <Current directory>\api-ms-win-core-datetime-l1-1-0.dll
- <Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
- <Current directory>\api-ms-win-core-memory-l1-1-0.dll
- <Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
- <Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
- <Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
- <Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
- <Current directory>\api-ms-win-core-profile-l1-1-0.dll
- <Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
- <Current directory>\api-ms-win-core-string-l1-1-0.dll
- <Current directory>\api-ms-win-core-localization-l1-2-0.dll
- <Current directory>\ucrtbase.dll
- <Current directory>\vcruntime140.dll
Deletes the following files
- <Current directory>\d.cab
Moves the following files
- from <Current directory>\$dpx$.tmp\73679854c0b70e4f84c1b1931788bb91.tmp to <Current directory>\api-ms-win-core-console-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\1fb1663cf52e3646b44eeda746fd0f60.tmp to <Current directory>\api-ms-win-crt-conio-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\84d14448e8ffcc4c8f0fc9a633b3f976.tmp to <Current directory>\api-ms-win-crt-convert-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\13a7c555d8950346bee528e6e53674a9.tmp to <Current directory>\api-ms-win-crt-environment-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\7cc72533ab4aa440b6a5a7c4bfab7e92.tmp to <Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\3fd5a75f2bf3dc47a148c1884bb64f68.tmp to <Current directory>\api-ms-win-crt-heap-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\018ca1e146cceb49bcd9c1ec3f3e5f81.tmp to <Current directory>\api-ms-win-crt-locale-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\e3fe46b83dc4524b857b71982b47b1b5.tmp to <Current directory>\api-ms-win-crt-math-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\7fb5f455d3d64e478f83578829074711.tmp to <Current directory>\api-ms-win-core-timezone-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\47411e370a307340ad322bbbb8c8b2d1.tmp to <Current directory>\api-ms-win-core-util-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\f16c9ee15378324294d49d104bac9e6e.tmp to <Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\e635d58fbbe290438184dfcd7a337876.tmp to <Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\59a23d1859c6024f899f0f11581e5b61.tmp to <Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\aa2c1e78d836424798b99c93069948b3.tmp to <Current directory>\api-ms-win-crt-string-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\192373a12666144b8f343cbbe7cbd0c2.tmp to <Current directory>\api-ms-win-crt-time-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\04a2e219b321d548b83f390ecd7c609e.tmp to <Current directory>\api-ms-win-crt-utility-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\8bb95bdde4943244ab4506e59b9af1e5.tmp to <Current directory>\msvcp140.dll
- from <Current directory>\$dpx$.tmp\95f34af49273b54db13f4a50b023ff18.tmp to <Current directory>\opencl.dll
- from <Current directory>\$dpx$.tmp\b9e60c485bbd0a40b0fce8b76468f024.tmp to <Current directory>\api-ms-win-crt-private-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\5bb52cdd2771e54b9bed4634e0469bbf.tmp to <Current directory>\api-ms-win-crt-process-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\eb4fdcdd2a74be4598a1705eb866baae.tmp to <Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\54600f270e943c4a9e2699ccffdd231b.tmp to <Current directory>\api-ms-win-core-synch-l1-2-0.dll
- from <Current directory>\$dpx$.tmp\cce75fb3cee9c84b9cfbab0f4a64fb9e.tmp to <Current directory>\api-ms-win-core-synch-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\193b2c1e79600e40abdb328b3a1361fb.tmp to <Current directory>\api-ms-win-core-debug-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\5ddc7d53b89af945ac6e66036071890a.tmp to <Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\0c8cbbfbbe5b434c99717df8b24d738d.tmp to <Current directory>\api-ms-win-core-file-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\bf35c9f732243a43a10ac6ea72c0e9a1.tmp to <Current directory>\api-ms-win-core-file-l1-2-0.dll
- from <Current directory>\$dpx$.tmp\02ec61a1032737449672c2a85e7f93b5.tmp to <Current directory>\api-ms-win-core-file-l2-1-0.dll
- from <Current directory>\$dpx$.tmp\01fa85a4018eaf488af8e5688ce4fbb3.tmp to <Current directory>\api-ms-win-core-handle-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\891e0eabeabeea45b65dc63cd087c5fa.tmp to <Current directory>\api-ms-win-core-heap-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\89fef2d771f7e341b37143ff792e57af.tmp to <Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\466a1dfa3deaeb4a957b5c28647e34bc.tmp to <Current directory>\api-ms-win-core-datetime-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\a148a18a89072341afa52ae39af39cf1.tmp to <Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\dbcd3dafa4356542b2144374d636bac0.tmp to <Current directory>\api-ms-win-core-memory-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\4d441e7a5056d449942268fc0a34efc7.tmp to <Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\a34ccb3725336a41b1c659f202537ce9.tmp to <Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\3df90a88768f2e41bd9a5c2050b81b08.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\fb20a5c039414649abf81db9f78e0f12.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
- from <Current directory>\$dpx$.tmp\29abb13f83a8af43a5da4991f98025f6.tmp to <Current directory>\api-ms-win-core-profile-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\b52385957ab8754895512ae1d07d38bf.tmp to <Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\f385477a6f066e48b76dcd13bc730b65.tmp to <Current directory>\api-ms-win-core-string-l1-1-0.dll
- from <Current directory>\$dpx$.tmp\24f938723c99264c8ed69d0f8b3195ee.tmp to <Current directory>\api-ms-win-core-localization-l1-2-0.dll
- from <Current directory>\$dpx$.tmp\4c5ce9e1a7c39a48a34c8dd4d7247d86.tmp to <Current directory>\ucrtbase.dll
- from <Current directory>\$dpx$.tmp\e36e381358654741b5d2c6768f1de344.tmp to <Current directory>\vcruntime140.dll
Network activity
TCP
- 'lp##.abbny.com':443
UDP
- DNS ASK lp##.beahh.com
- DNS ASK lp##.abbny.com
- DNS ASK lp##.haqo.net
Miscellaneous
Creates and executes the following
- '<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a' (with hidden window)
Executes the following
- '<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a
- '<SYSTEM32>\expand.exe' d.cab -f:* .
