Technical Information
- C:\qdw.exe
- C:\mwdq.exe
- C:\xlc.exe
- C:\qvod.exe
- C:\qdw.exe (downloaded from the Internet)
- C:\mwdq.exe (downloaded from the Internet)
- C:\qvod.exe (downloaded from the Internet)
- C:\xlc.exe (downloaded from the Internet)
- %WINDIR%\sleep.exe 100
- <SYSTEM32>\cmd.exe /c <Current directory>\a.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\PowerWord2010_Beta2.25269.3042[1].exe
- C:\mwdq.exe
- <Current directory>\a.bat
- C:\qdw.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\flashget3.7.0.1150cn[1].exe
- C:\qvod.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\QvodSetupPlus3[1].exe
- C:\xlc.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ThunderInstaller5.9.28.1564[1].exe
- 'cd####wn.7pk.com':80
- 'do####ad.iciba.com':80
- 'do##.sandai.net':80
- 'localhost':1035
- 'dl.#vod.com':80
- cd####wn.7pk.com/flashget3.7.0.1150cn.exe
- do####ad.iciba.com/Pw2010_Beta2/PowerWord2010_Beta2.25269.3042.exe
- dl.#vod.com/QvodSetupPlus3.exe
- do##.sandai.net/ThunderInstaller5.9.28.1564.exe
- DNS ASK cd####wn.7pk.com
- DNS ASK do####ad.iciba.com
- DNS ASK dl.#vod.com
- DNS ASK do##.sandai.net