Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\TaoSrv] 'ImagePath' = '"%ALLUSERSPROFILE%\Application Data\Taoli\ZheziServiceMgr.exe" /asservice'
- [<HKLM>\SYSTEM\ControlSet001\Services\TaoSrv] 'Start' = '00000002'
- %TEMP%\temp
- %ALLUSERSPROFILE%\Application Data\zhezi\TaoConfig.ini
- %TEMP%\aut1.tmp
- %TEMP%\aut1.tmp
- 'www.zg##m.com':80
- http://www.zg##m.com/post.php?a=################################################
- DNS ASK www.zg##m.com
- ClassName: 'Shell_TrayWnd' WindowName: ''