Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AutoConfigProxy' = '%ALLUSERSPROFILE%\Smadav\Smadav.exe'
- %TEMP%\nsme43.tmp
- %TEMP%\nsre63.tmp\system.dll
- %ALLUSERSPROFILE%\smadav\smadav.exe
- %ALLUSERSPROFILE%\smadav\data.dat
- %ALLUSERSPROFILE%\smadav\smadhook32.dll
- %ALLUSERSPROFILE%\smadav\ser.dat
- %TEMP%\nsre63.tmp\system.dll
- '<LOCALNET>.86.139':443
- '%ALLUSERSPROFILE%\smadav\smadav.exe'
- '%ALLUSERSPROFILE%\smadav\smadav.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ping 127.0.0.1&del "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ping 127.0.0.1&del "<Full path to file>"
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1