Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<Full path to virus>'
- %WINDIR%\Explorer.EXE
- 'ma###.jjcc88.com':80
- ma###.jjcc88.com/maoup/maoup.bmp
- ma###.jjcc88.com/maoup/maoup.jpg
- ma###.jjcc88.com/maoup/maoup.gif
- DNS ASK yu###.blog5566.com
- DNS ASK ma###.jjcc88.com
- DNS ASK ma#.#jcc88.com