Technical Information
- %WINDIR%\win.ini
- %APPDATA%\microsoft\windows\start menu\programs\startup\bitf852.tmp
- %WINDIR%\syswow64\cmd.exe
- %TEMP%\swprnc.c
- %TEMP%\dmor85.gif
- %TEMP%\zhtw
- %TEMP%\sulphathiazole
- %TEMP%\bellyachers.exe
- %TEMP%\sequestrum.dll
- %APPDATA%\identities\{91255d00-95d9-49f5-8e84-7c027f5283b7}\bitebaf.tmp
- %TEMP%\1e3615dc.lnk
- %APPDATA%\identities\{91255d00-95d9-49f5-8e84-7c027f5283b7}\bitebaf.tmp
- %APPDATA%\microsoft\windows\start menu\programs\startup\bitf852.tmp
- from %APPDATA%\identities\{91255d00-95d9-49f5-8e84-7c027f5283b7}\bitebaf.tmp to %APPDATA%\identities\{91255d00-95d9-49f5-8e84-7c027f5283b7}\systempropertiesremote.exe
- '%TEMP%\bellyachers.exe'
- '%WINDIR%\syswow64\cmd.exe'