Technical Information
- [<HKLM>\System\CurrentControlSet\Services\FSzdjg lsxvocbb] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\FSzdjg lsxvocbb] 'ImagePath' = '<SYSTEM32>\Swiqi.exe'
- %WINDIR%\syswow64\swiqi.exe
- %WINDIR%\syswow64\swiqi.exe
- from <Full path to file> to %WINDIR%\syswow64\1047890.bak
- DNS ASK lt###nline.cn
- '%WINDIR%\syswow64\swiqi.exe'
- '%WINDIR%\syswow64\swiqi.exe' Win7