Technical Information
- <Full path to virus>
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\qlogin[1]
- <Current directory>\m9ijitincuk.sys
- %TEMP%\aarctlctlvn.dll
- <Current directory>\m9ijitincuk.sys
- 'xu#.##login2.qq.com':80
- 'hi.##idu.com':80
- 'localhost':1036
- xu#.##login2.qq.com/cgi-bin/qlogin
- hi.##idu.com/qifanwushuang/blog/item/60ffafe067ce9a20269791ab.html
- DNS ASK xu#.##login2.qq.com
- DNS ASK hi.##idu.com
- '<Private IP address>':1039
- '<Private IP address>':1038
- ClassName: 'fk6uobxb6r361y' WindowName: 'g2e6y8mi'
- ClassName: 'm5hrbeav' WindowName: 'ah58aj0g'
- ClassName: 'i3rt5a877' WindowName: 'xr8tbkag01k49k'
- ClassName: 'ieiwoqg' WindowName: 'hgvj238pshmh'
- ClassName: 'lpj2gcwhrjbp' WindowName: 'myckmbct7d1ow8b'
- ClassName: 'vk1okyj9wwsxkv' WindowName: 'lean79htsssieuq'
- ClassName: 'gpcqst7pwhp7860' WindowName: 'bos0wbi'
- ClassName: 'x01iotxyg' WindowName: 'fyepscoxw8e'
- ClassName: 'haeuvbjtfpbw' WindowName: 'mhj21tgybi'
- ClassName: 'vimhl71uqqf3y' WindowName: 'l7asq2hsod'
- ClassName: 'eydiyyix1nd2' WindowName: 'bambam606v'
- ClassName: 'hj40s7gpvvxcv5g4' WindowName: 'r3fisovinyi'
- ClassName: 'p5klwv3f' WindowName: 'e2c88tqm'
- ClassName: 'v1ioe82gf' WindowName: 'sq3qjfhs'
- ClassName: 'hdfk56hmgt7sh2hv' WindowName: 'wqi990n'
- ClassName: 'bei2ht48m' WindowName: 'per0mptl0xt1'
- ClassName: 'kunu3lj3oaj' WindowName: 'gtrm97rvsmgc3ich'
- ClassName: 'eod7rgvrv2' WindowName: 'igqvxpln23h3auy'
- ClassName: 'dc0m3whb9vok' WindowName: 'yfpv4si526ljix3l'
- ClassName: 'jq911nh4rsucogrj' WindowName: 'dkwod0uo6t3w'
- ClassName: 'yq1f82k8cyxmagca' WindowName: 'n544cvq'
- ClassName: 'q9y7prk9' WindowName: 'afqaoxxk'
- ClassName: 'qywd59b' WindowName: 'xqk5hwsc'
- ClassName: 'ety1glxh' WindowName: 'bjj4ltd'
- ClassName: 'o9xpe5lf' WindowName: 'bv8fydld6r8r4wn4'
- ClassName: 'ugv4i6ekmrw13ly' WindowName: 'gys8mc86'
- ClassName: 'rndrokhw' WindowName: 'ac34sfpk'
- ClassName: 'jip5l4u99f' WindowName: 'ayqmpas'
- ClassName: 'hphipxal' WindowName: 'epu4235au3'
- ClassName: 'cn0ut036hiyqt' WindowName: 'wx6vxtd'
- ClassName: 'p4yhkwrd8n8' WindowName: 's07yi0n'
- ClassName: 'gcqlbja' WindowName: 'wjfgb2nt'
- ClassName: 'nd7cah2i2mbu6r3' WindowName: 'ie8tpg9iepsfyus'
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'pdmoxafhq2hfo' WindowName: 'ygwf2hpmd'
- ClassName: 'i6qpkp3o3' WindowName: 'iw6rhg4'
- ClassName: 'TForm1' WindowName: 'YZHook'
- ClassName: 'fi8ncjefvfph46' WindowName: 'tv66h3u5t'
- ClassName: 'g3e4ctfev4cdl2nh' WindowName: 'v5muh2xu'
- ClassName: 'fe07ojips84' WindowName: 'f8yayr7'
- ClassName: 'n41lxv41' WindowName: 'nwreaieq3c6sv'
- ClassName: 'glmwip1hy8ccq' WindowName: 'q9g8u2uhcbbh'
- ClassName: 'uttj8liha9fi5r' WindowName: 'd9dm7r30h6'
- ClassName: 'ttwe2qaso3pt49rj' WindowName: 'ic0gd16n'
- ClassName: 'm033ofyjsp2nwl' WindowName: 'mae5q0pyrcwpcxg7'
- ClassName: 'ssalClortnoCresUerawMV' WindowName: 'VMwareUserControlTitle'
- ClassName: 'pn7mgljiw2' WindowName: 'ibeogrqr5ad3q'
- ClassName: 'p4qqnqwdbr' WindowName: 'fn9ilvx7j8'
- ClassName: 'eldfy35' WindowName: 'ldsvd59j93yosm97'
- ClassName: 'ebpucpcp2enxnj' WindowName: 'xbd6dxvlpjpmbd94'
- ClassName: 'v521kitt' WindowName: 'm6m2vsb'
- ClassName: 'uoiih5hfb' WindowName: 'l4aomp2d9br48'
- ClassName: 'nk0py8jx7gix' WindowName: 'wm6b54589cxa3'
- ClassName: 'bbbic3f' WindowName: 'ylg5ofekd'
- ClassName: 'pyal57f6akeijk0u' WindowName: 'j0225qnwj31kif'
- ClassName: 'j9iw15qp8ntbbeak' WindowName: 'my545o37'
- ClassName: 'pqiv4r9b2p8b' WindowName: 'eiro3vhbp'
- ClassName: 'v4sj3dedvp8qu2' WindowName: 'egly9yhysc7lr0r'
- ClassName: 'cvlc2gfnevjwta' WindowName: 'h4uo5a2o'
- ClassName: 'i37r2svcm3giej' WindowName: 'ta5r82bxa5ue8'
- ClassName: 'fel8asi0' WindowName: 'm9cxl3hxhl'
- ClassName: 'jrgll5cjgxch' WindowName: 'jo16pmr'
- ClassName: 'iqe3y6ohteenxcsi' WindowName: 'f5di3dtg8'
- ClassName: 'pl3bnpwqt' WindowName: 'pwv1lhfm3'
- ClassName: 's0oqjrm89a' WindowName: 'g1e2k0yslsxt0r19'
- ClassName: 'qvljy2nhqp' WindowName: 's8k63x8nw3h'
- ClassName: 'cq1cupb' WindowName: 'p6qpshh'
- ClassName: 'xhq1p48j' WindowName: 'hd324tv06cd4'
- ClassName: 'scd4sn44s' WindowName: 'i5fls7xebm85x'
- ClassName: 'c8tj2wkw2nmp' WindowName: 'elwc63ux'
- ClassName: 'wtsa84a01l3sj' WindowName: 'f5lpepelx82mgj'
- ClassName: 'no3h8j8lys4q' WindowName: 'clahesg17qcs8h'
- ClassName: 'ike5b7n' WindowName: 'qa4hf1vk'
- ClassName: 'y0ra2r56l' WindowName: 'dnnnd3rvmeb'
- ClassName: 'vuh9d7161ci' WindowName: 'f3o8qjcr81hcl'
- ClassName: 'fqcxucxouh8qqa5' WindowName: 'v7yo0rmix4d'
- ClassName: 'jvncan32hjej3fd8' WindowName: 'caonm1x6q6mf3k'
- ClassName: 'hdjrorag6rw' WindowName: 'k51ltbo7v7i7'
- ClassName: 'ueif3ilih' WindowName: 'ufg62nga6iph'
- ClassName: 'na0mkkn1dxrog' WindowName: 'eismjdplli'
- ClassName: 'tayo3dekoltuccsa' WindowName: 'o6tgdmxx'
- ClassName: 'nwpvkg9' WindowName: 'yp4hqdn1sl'
- ClassName: 'c7ao615820ue2c9' WindowName: 'qtv2c949uh9'
- ClassName: 'uk153om' WindowName: 'q3dq3i6t'
- ClassName: 'w68hfyw' WindowName: 'qr05jth'
- ClassName: 'jtbwt3h' WindowName: 'a978yxpg'
- ClassName: 'c48v7fl' WindowName: 'vfht9pf7kon1ejy8'
- ClassName: 'k96cplkdycu' WindowName: 'sqrdndmsa'
- ClassName: 'wipgopk3d785' WindowName: 'nrt62fu1h9u5ssl1'
- ClassName: 'mlnv3sn8at315uml' WindowName: 'abql30pe7uwod8m'
- ClassName: 'otvlft5sddh1' WindowName: 'idh6lqj2voyajn2'
- ClassName: 'jtntuft34c2iux' WindowName: 'r5ga11wo1x2drvg'
- ClassName: 'biho613e13927' WindowName: 'x1ta5vmn0r6qhk'
- ClassName: 'e9w9tl3xccc1x' WindowName: 'txlkygiwbx'
- ClassName: 'qtdjs7v0m' WindowName: 'wwnx5vneoox7ygj3'
- ClassName: 'f11m0tg1' WindowName: 'lb8r30u'
- ClassName: 'rqcdhd442eou2' WindowName: 'csiym9oe4a37q'
- ClassName: 'u2ywtcr6a8a2q' WindowName: 'ju9prg06xr'
- ClassName: 'qg6fa1t2h3ek5ym' WindowName: 'jn27hm912jg08c7q'
- ClassName: 'uskkhtyoqg' WindowName: 'ulfirrxalv'
- ClassName: 'rhtl9bhbv9j' WindowName: 'e6by63u0'
- ClassName: 'opi3ld1gmsr' WindowName: 'i94nrbgo649qu1k'
- ClassName: 'qy239timgda' WindowName: 'non5e1xybd'