Technical Information
- [<HKLM>\software\Wow6432Node\microsoft\windows\CurrentVersion\Run] 'optimization_210689' = '%WINDIR%\zhuyestar\nvsmartmaxapp.exe'
- <Current directory>\zhukhtgrf.ini
- %TEMP%\erpfwn.tmp
- %TEMP%\zhukhtgrf.ini
- %TEMP%\xxxxxx
- %TEMP%\oooooo
- %WINDIR%\zhuyestar\nvsmartmaxapp.exe
- %WINDIR%\zhuyestar\videosdk.dll
- %HOMEPATH%\favorites\Гøö·µ¼º½.url
- %HOMEPATH%\favorites\½ñèõ÷ìõ.url
- %APPDATA%\microsoft\windows\start menu\Гøö·µ¼º½.url
- %APPDATA%\microsoft\windows\start menu\½ñèõ÷ìõ.url
- %APPDATA%\microsoft\windows\start menu\programs\Гøö·µ¼º½.url
- %APPDATA%\microsoft\windows\start menu\programs\½ñèõ÷ìõ.url
- %TEMP%\cnzqgxkyf.tmp
- from %TEMP%\xxxxxx to %TEMP%\qqapp.exe
- from %TEMP%\oooooo to %TEMP%\videosdk.dll
- 'ab#####abc.lofter.com':80
- 'dl.##rjxz.com':80
- DNS ASK ab#####abc.lofter.com
- DNS ASK dl.##rjxz.com
- '%TEMP%\erpfwn.tmp'
- '%WINDIR%\zhuyestar\nvsmartmaxapp.exe'
- '%TEMP%\cnzqgxkyf.tmp'