Technical Information
To ensure autorun and distribution
Modifies the following registry keys
- [<HKCU>\Software\Classes\mIRCURL\shell\open\command] '' = '"%ProgramFiles(x86)%\mIRC\mirc.exe" %1'
Modifies file system
Creates the following files
- %TEMP%\7zipsfx.000\changelog.txt
- %TEMP%\7zipsfx.000\plugins\audio\qtaudio_windows.dll
- %TEMP%\7zipsfx.000\plugins\audio\qtaudio_wasapi.dll
- %TEMP%\7zipsfx.000\qt5xmlpatterns.dll
- %TEMP%\7zipsfx.000\qt5winextras.dll
- %TEMP%\7zipsfx.000\qt5widgets.dll
- %TEMP%\7zipsfx.000\qt5texttospeech.dll
- %TEMP%\7zipsfx.000\qt5svg.dll
- %TEMP%\7zipsfx.000\qt5sql.dll
- %TEMP%\7zipsfx.000\qt5scripttools.dll
- %TEMP%\7zipsfx.000\qt5script.dll
- %TEMP%\7zipsfx.000\qt5printsupport.dll
- %TEMP%\7zipsfx.000\qt5opengl.dll
- %TEMP%\7zipsfx.000\qt5network.dll
- %TEMP%\7zipsfx.000\qt5multimediawidgets.dll
- %TEMP%\7zipsfx.000\qt5multimedia.dll
- %TEMP%\7zipsfx.000\qt5gui.dll
- %TEMP%\7zipsfx.000\qt5core.dll
- %TEMP%\7zipsfx.000\plugins\iconengines\qsvgicon.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qsvg.dll
- %TEMP%\7zipsfx.000\plugins\texttospeech\qtexttospeech_sapi.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qtga.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qtiff.dll
- %TEMP%\7zipsfx.000\plugins\mediaservice\qtmedia_audioengine.dll
- %TEMP%\7zipsfx.000\plugins\mediaservice\wmfengine.dll
- %TEMP%\7zipsfx.000\plugins\printsupport\windowsprintersupport.dll
- %TEMP%\7zipsfx.000\vcruntime140.dll
- %TEMP%\7zipsfx.000\tools.dll
- %TEMP%\7zipsfx.000\ssleay32.dll
- %TEMP%\7zipsfx.000\plugins\styles\qwindowsvistastyle.dll
- %TEMP%\7zipsfx.000\platforms\qwindows.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qwebp.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qwbmp.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_xml.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_xmlpatterns.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_widgets.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_uitools.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_sql.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_printsupport.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_opengl.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_network.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_gui.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_core.dll
- %TEMP%\7zipsfx.000\plugins\playlistformats\qtmultimedia_m3u.dll
- %TEMP%\7zipsfx.000\runner.exe
- %TEMP%\7zipsfx.000\plugins\sqldrivers\qsqlpsql.dll
- %TEMP%\7zipsfx.000\plugins\sqldrivers\qsqlodbc.dll
- %TEMP%\7zipsfx.000\plugins\sqldrivers\qsqlmysql.dll
- %TEMP%\7zipsfx.000\actiona.exe
- %TEMP%\7zipsfx.000\actexec.exe
- %TEMP%\7zipsfx.000\locale\tools_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\qtxmlpatterns_fr.qm
- %TEMP%\7zipsfx.000\locale\qtscript_fr.qm
- %TEMP%\7zipsfx.000\locale\qtmultimedia_fr.qm
- %TEMP%\7zipsfx.000\locale\qtlocation_fr.qm
- %TEMP%\7zipsfx.000\locale\qtbase_fr.qm
- %TEMP%\7zipsfx.000\locale\gui_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\executer_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actiontools_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actionpackwindows_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actionpacksystem_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actionpackinternal_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actionpackdevice_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actionpackdata_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actexecuter_fr_fr.qm
- %TEMP%\7zipsfx.000\readme.txt
- %TEMP%\7zipsfx.000\license.txt
- %TEMP%\7zipsfx.000\actions\actionpackdata.dll
- %TEMP%\7zipsfx.000\actions\actionpackdevice.dll
- %TEMP%\7zipsfx.000\actions\actionpackinternal.dll
- %TEMP%\7zipsfx.000\actions\actionpacksystem.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qjpeg.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qico.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qicns.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qgif.dll
- %TEMP%\7zipsfx.000\plugins\bearer\qgenericbearer.dll
- %TEMP%\7zipsfx.000\opencv_imgproc341.dll
- %TEMP%\7zipsfx.000\opencv_core341.dll
- %TEMP%\7zipsfx.000\msvcr90.dll
- %TEMP%\7zipsfx.000\msvcr120.dll
- %TEMP%\7zipsfx.000\libpq.dll
- %TEMP%\7zipsfx.000\msvcp140.dll
- %TEMP%\7zipsfx.000\libmysql.dll
- %TEMP%\7zipsfx.000\libintl-8.dll
- %TEMP%\7zipsfx.000\libiconv-2.dll
- %TEMP%\7zipsfx.000\libeay32.dll
- %TEMP%\7zipsfx.000\executer.dll
- %TEMP%\7zipsfx.000\plugins\mediaservice\dsengine.dll
- %TEMP%\7zipsfx.000\concrt140.dll
- %TEMP%\7zipsfx.000\actiontools.dll
- %TEMP%\7zipsfx.000\actions\actionpackwindows.dll
- %TEMP%\7zipsfx.000\plugins\sqldrivers\qsqlite.dll
- %TEMP%\7zipsfx.000\script.ascr
Deletes the following files
- %TEMP%\7zipsfx.000\actexec.exe
- %TEMP%\7zipsfx.000\plugins\sqldrivers\qsqlite.dll
- %TEMP%\7zipsfx.000\plugins\printsupport\windowsprintersupport.dll
- %TEMP%\7zipsfx.000\plugins\playlistformats\qtmultimedia_m3u.dll
- %TEMP%\7zipsfx.000\plugins\mediaservice\wmfengine.dll
- %TEMP%\7zipsfx.000\plugins\mediaservice\qtmedia_audioengine.dll
- %TEMP%\7zipsfx.000\plugins\mediaservice\dsengine.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qwebp.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qwbmp.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qtiff.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qtga.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qsvg.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qjpeg.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qico.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qicns.dll
- %TEMP%\7zipsfx.000\plugins\imageformats\qgif.dll
- %TEMP%\7zipsfx.000\plugins\iconengines\qsvgicon.dll
- %TEMP%\7zipsfx.000\plugins\bearer\qgenericbearer.dll
- %TEMP%\7zipsfx.000\plugins\audio\qtaudio_windows.dll
- %TEMP%\7zipsfx.000\plugins\audio\qtaudio_wasapi.dll
- %TEMP%\7zipsfx.000\plugins\sqldrivers\qsqlmysql.dll
- %TEMP%\7zipsfx.000\plugins\sqldrivers\qsqlodbc.dll
- %TEMP%\7zipsfx.000\plugins\sqldrivers\qsqlpsql.dll
- %TEMP%\7zipsfx.000\plugins\styles\qwindowsvistastyle.dll
- %TEMP%\7zipsfx.000\ssleay32.dll
- %TEMP%\7zipsfx.000\script.ascr
- %TEMP%\7zipsfx.000\runner.exe
- %TEMP%\7zipsfx.000\readme.txt
- %TEMP%\7zipsfx.000\qt5xmlpatterns.dll
- %TEMP%\7zipsfx.000\qt5winextras.dll
- %TEMP%\7zipsfx.000\qt5widgets.dll
- %TEMP%\7zipsfx.000\qt5texttospeech.dll
- %TEMP%\7zipsfx.000\qt5svg.dll
- %TEMP%\7zipsfx.000\qt5scripttools.dll
- %TEMP%\7zipsfx.000\qt5sql.dll
- %TEMP%\7zipsfx.000\qt5script.dll
- %TEMP%\7zipsfx.000\qt5printsupport.dll
- %TEMP%\7zipsfx.000\qt5opengl.dll
- %TEMP%\7zipsfx.000\qt5network.dll
- %TEMP%\7zipsfx.000\qt5multimediawidgets.dll
- %TEMP%\7zipsfx.000\qt5multimedia.dll
- %TEMP%\7zipsfx.000\qt5gui.dll
- %TEMP%\7zipsfx.000\qt5core.dll
- %TEMP%\7zipsfx.000\plugins\texttospeech\qtexttospeech_sapi.dll
- %TEMP%\7zipsfx.000\tools.dll
- %TEMP%\7zipsfx.000\platforms\qwindows.dll
- %TEMP%\7zipsfx.000\opencv_imgproc341.dll
- %TEMP%\7zipsfx.000\opencv_core341.dll
- %TEMP%\7zipsfx.000\concrt140.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_xmlpatterns.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_xml.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_widgets.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_uitools.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_sql.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_printsupport.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_opengl.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_network.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_gui.dll
- %TEMP%\7zipsfx.000\code\script\qtscript_core.dll
- %TEMP%\7zipsfx.000\changelog.txt
- %TEMP%\7zipsfx.000\actiontools.dll
- %TEMP%\7zipsfx.000\actions\actionpackwindows.dll
- %TEMP%\7zipsfx.000\actions\actionpacksystem.dll
- %TEMP%\7zipsfx.000\actions\actionpackinternal.dll
- %TEMP%\7zipsfx.000\actions\actionpackdevice.dll
- %TEMP%\7zipsfx.000\actions\actionpackdata.dll
- %TEMP%\7zipsfx.000\actiona.exe
- %TEMP%\7zipsfx.000\executer.dll
- %TEMP%\7zipsfx.000\libeay32.dll
- %TEMP%\7zipsfx.000\libiconv-2.dll
- %TEMP%\7zipsfx.000\libintl-8.dll
- %TEMP%\7zipsfx.000\msvcr120.dll
- %TEMP%\7zipsfx.000\msvcp140.dll
- %TEMP%\7zipsfx.000\locale\tools_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\qtxmlpatterns_fr.qm
- %TEMP%\7zipsfx.000\locale\qtscript_fr.qm
- %TEMP%\7zipsfx.000\locale\qtmultimedia_fr.qm
- %TEMP%\7zipsfx.000\locale\qtlocation_fr.qm
- %TEMP%\7zipsfx.000\locale\qtbase_fr.qm
- %TEMP%\7zipsfx.000\locale\gui_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actiontools_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\executer_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actionpackwindows_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actionpacksystem_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actionpackinternal_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actionpackdevice_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actionpackdata_fr_fr.qm
- %TEMP%\7zipsfx.000\locale\actexecuter_fr_fr.qm
- %TEMP%\7zipsfx.000\license.txt
- %TEMP%\7zipsfx.000\libpq.dll
- %TEMP%\7zipsfx.000\libmysql.dll
- %TEMP%\7zipsfx.000\msvcr90.dll
- %TEMP%\7zipsfx.000\vcruntime140.dll
Network activity
Connects to
- 'mi##.com':80
- 'mi##.com':443
TCP
- 'mi##.com':443
UDP
- DNS ASK mi##.com
- DNS ASK microsoft.com
Miscellaneous
Searches for the following windows
- ClassName: 'DDEMLMom' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
Creates and executes the following
- '%TEMP%\7zipsfx.000\runner.exe' fr_FR open actiona "-esCx script.ascr"
- '%TEMP%\7zipsfx.000\actiona.exe' -esCx script.ascr
- '%TEMP%\7zipsfx.000\actiona.exe' -esCx script.ascr' (with hidden window)
Executes the following
- '%ProgramFiles(x86)%\mirc\mirc.exe'
