Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<Full path to virus>,'
- 'www.si##.co.jp':80
- 'www.a-##sato.jp':80
- http://www.si##.co.jp/view6/viewdata/book/index.php
- http://www.a-##sato.jp/html/mainland/index.php
- DNS ASK www.si##.co.jp
- DNS ASK www.a-##sato.jp