Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SMΔRT-Protection' = '%ProgramFiles%\Smadav\SMΔRTP.exe rtp'
- %APPDATA%\Smadav\Upd105\Smadav105-Update.exe
- %APPDATA%\Smadav\Upd105\Smadav-Updater.exe
- %APPDATA%\Smadav\Upd105\SmadExtc.dll
- %APPDATA%\Smadav\Upd105\SmadExtc64.dll
- %APPDATA%\Smadav\Upd105\SmadEngine.dll
- %APPDATA%\Smadav\Upd105\Smadav.loov
- %ProgramFiles%\Smadav\SMΔRTP.exe
- %ProgramFiles%\Smadav\SmadEngine.dll
- %ProgramFiles%\Smadav\Smadav.loov
- %ProgramFiles%\Smadav\SmadExtc.dll
- %ProgramFiles%\Smadav\SmadExtc64.dll
- %ProgramFiles%\Smadav\Smadav-Updater.exe
- %TEMP%\Smadav.lnk
- %ALLUSERSPROFILE%\Desktop\SMADΔV.lnk
- %TEMP%\Smadav.lnk
- 'le##ar.com':80
- http://le##ar.com/smadstat.php?ma#################################################################################################
- DNS ASK le##ar.com
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: 'SmadHook'
- ClassName: '' WindowName: 'SmaRTP'
- ClassName: '' WindowName: 'Get Handle'
- ClassName: 'ThunderRT6ListBox' WindowName: ''
- ClassName: 'ThunderRT6TextBox' WindowName: ''
- '%APPDATA%\Smadav\Upd105\Smadav105-Update.exe' slt
- '%ProgramFiles%\Smadav\SMΔRTP.exe' rtc