Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '360sdd' = '<Full path to virus>'
- <SYSTEM32>\ftp.exe -s:x
- <SYSTEM32>\cmd.exe /c down.bat
- 360tray.exe
- <Current directory>\x
- <Current directory>\down.bat
- <Current directory>\SuperDeletor.sys
- <Current directory>\SuperDeletor.sys
- 'hi###u.gicp.net':21
- 'localhost':1036
- DNS ASK hi###u.gicp.net
- ClassName: 'Shell_TrayWnd' WindowName: ''