Technical Information
- '%TEMP%\bisc\curl.exe' -s -o "%TEMP%\bisc\ccleaner-v.txt" "http://www.bi#####icomputers.com/bisc_files/files/ccleaner-v.txt"
- '%TEMP%\bisc\curl.exe' --progress-bar -o "%TEMP%\bisc\BiscontiComputers.exe" "http://www.bi#####icomputers.com/bisc_files/BiscontiComputers_MZР.exe"
- '%TEMP%\1.tmp\tasklist.exe' /pid=3892
- '%TEMP%\bisc\curl.exe' --progress-bar -o "%TEMP%\bisc\Malwarebytes.uha" "http://www.bi#####icomputers.com/bisc_files/files/Malwarebytes.uha"
- '%TEMP%\bisc\curl.exe' "bisc_files\mbam-v.txt" "%TEMP%\bisc\mbam-v.txt"
- '%TEMP%\bisc\curl.exe' --progress-bar -o "%TEMP%\bisc\Piriform.uha" "http://www.bi#####icomputers.com/bisc_files/files/Piriform.uha"
- '%TEMP%\1.tmp\tasklist.exe' /pid=3296
- '%TEMP%\afolder\uharc.exe' x -t"%TEMP%\bisc" -y+ %TEMP%\afolder\curl.uha
- '%TEMP%\1.tmp\BiscontiComputers-start.exe'
- '%TEMP%\1.tmp\tasklist.exe' /FI "IMAGENAME eq BiscontiComputers-start.exe" /FO CSV
- '%TEMP%\bisc\curl.exe' --progress-bar -o "%TEMP%\bisc\aiov.txt " "http://www.bi#####icomputers.com/bisc_files/aiov.txt "
- '%TEMP%\1.tmp\tasklist.exe' /pid=2804
- '%TEMP%\1.tmp\tasklist.exe' 1.1.1.1 -n 1 -w 125
- '<SYSTEM32>\ping.exe' -s -o "%TEMP%\bisc\mbam-v.txt" "http://www.bi#####icomputers.com/bisc_files/files/mbam-v.txt"
- '<SYSTEM32>\ping.exe' /pid=3800
- '<SYSTEM32>\ping.exe' /pid=3656
- '<SYSTEM32>\ping.exe' x -t"%TEMP%\bisc" -y+ %TEMP%\afolder\curl.uha
- '<SYSTEM32>\ping.exe' con: lines=10
- '<SYSTEM32>\ping.exe' /pid=3392
- '<SYSTEM32>\mode.com' /pid=3324
- '<SYSTEM32>\ping.exe' "bisc_files\ccleaner-v.txt" "%TEMP%\bisc\ccleaner-v.txt"
- '<SYSTEM32>\ping.exe' /pid=3740
- '<SYSTEM32>\ping.exe' /pid=3780
- '<SYSTEM32>\find.exe' /pid=1484
- '<SYSTEM32>\attrib.exe' x -t"%TEMP%\bisc" -y+ %TEMP%\afolder\curl.uha
- '<SYSTEM32>\fc.exe' /pid=2948
- '<SYSTEM32>\ping.exe' /pid=2816
- '<SYSTEM32>\find.exe' /pid=2832
- '<SYSTEM32>\ping.exe' /pid=2760
- '<SYSTEM32>\ping.exe' -s -o "%TEMP%\bisc\glary-v.txt" "http://www.bi#####icomputers.com/bisc_files/files/glary-v.txt"
- '<SYSTEM32>\ping.exe' /pid=2616
- '<SYSTEM32>\find.exe' /pid=916
- '<SYSTEM32>\fc.exe' "bisc_files\glary-v.txt" "%TEMP%\bisc\glary-v.txt"
- '<SYSTEM32>\ping.exe' /pid=2540
- '<SYSTEM32>\find.exe' /pid=2792
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 125
- '<SYSTEM32>\attrib.exe' +h %TEMP%\ztmp
- '<SYSTEM32>\ping.exe' -n 1 www.bi#####icomputers.com
- '<SYSTEM32>\find.exe' 1.1.1.1 -n 1 -w 125
- '<SYSTEM32>\find.exe' "Reply from "
- '<SYSTEM32>\attrib.exe' +h "<Current directory>\\bisc_files"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\BiscontiComputers.bat" <Current directory>\"
- '<SYSTEM32>\find.exe' "BiscontiComputers-start.exe" %TEMP%\running2.log
- '<SYSTEM32>\find.exe' "BiscontiComputers-start.exe" %TEMP%\running.log
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 4000
- '<SYSTEM32>\find.exe' /pid=2988
- '<SYSTEM32>\fc.exe' "<Current directory>\bisc_files\aiov.txt" "%TEMP%\bisc\aiov.txt"
- '<SYSTEM32>\ping.exe' /pid=4040
- '<SYSTEM32>\ping.exe' /pid=312
- '<SYSTEM32>\find.exe' /pid=3012
- '<SYSTEM32>\ping.exe' /K "%TEMP%\bisc\dwn_util.bat"
- '<SYSTEM32>\ping.exe' /pid=3144
- '<SYSTEM32>\attrib.exe' "BiscontiComputers-start.exe" %TEMP%\running.log
- '<SYSTEM32>\mode.com' con: lines=10
- '<SYSTEM32>\ping.exe' "BiscontiComputers-start.exe" %TEMP%\running.log
- '<SYSTEM32>\find.exe' /pid=3668
- <SYSTEM32>\attrib.exe
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\find.exe
- <SYSTEM32>\ping.exe
- %TEMP%\bisc\dwn_util.bat
- %TEMP%\bisc\check_inet.bat
- %TEMP%\bisc\Wi-Fi-TechCenter.xml
- %TEMP%\bisc\libcurl.dll
- %TEMP%\bisc\libssl32.dll
- %TEMP%\bisc\libeay32.dll
- %TEMP%\bisc\replace.vbs
- %TEMP%\waiting.bat
- %TEMP%\ztmp\tmp4142.exe
- %TEMP%\ztmp\tmp5550.bat
- %TEMP%\bisc\tasklist.exe
- %TEMP%\bisc\uharc.exe
- %TEMP%\myfiles.txt
- %TEMP%\bisc\curl.exe
- %TEMP%\bisc\Malwarebytes.uha
- %TEMP%\bisc\mbam-v.txt
- %TEMP%\bisc\Piriform.uha
- <Current directory>\BiscontiComputers.exe
- %TEMP%\bisc\GlaryRegistryRepair.uha
- %TEMP%\bisc\glary-v.txt
- %TEMP%\bisc\ccleaner-v.txt
- %TEMP%\bisc\loaded.txt
- %TEMP%\bisc\aiov.txt
- %TEMP%\bisc\bisc_setup-tmp.txt
- %TEMP%\bisc\BiscontiComputers.exe
- <Auxiliary element>
- %TEMP%\end_prog.txt
- %TEMP%\afolder\replace.vbs
- %TEMP%\afolder\createsrp.vbs
- %TEMP%\afolder\check_inet.bat
- %TEMP%\afolder\prog_list.exe
- %TEMP%\afolder\no_dup.bat
- %TEMP%\afolder\curl.uha
- %TEMP%\afolder\AutoFix.exe
- %TEMP%\1.tmp\tasklist.exe
- %TEMP%\1.tmp\BiscontiComputers-start.exe
- %TEMP%\1.tmp\BiscontiComputers.bat
- %TEMP%\running.log
- %TEMP%\tmp_dir.txt
- %TEMP%\aio_dir.bat
- %TEMP%\afolder\resetdma.vbs
- %TEMP%\afolder\blat.exe
- %TEMP%\afolder\blat.dll
- %TEMP%\afolder\Wi-Fi-TechCenter.xml
- %TEMP%\afolder\TimeMath.exe
- %TEMP%\afolder\blatdll.h
- %TEMP%\afolder\blat.lib
- %TEMP%\afolder\regjump.exe
- %TEMP%\afolder\SetWallpaper.exe
- %TEMP%\afolder\sendmail.exe
- %TEMP%\afolder\say.exe
- %TEMP%\afolder\waiting.bat
- %TEMP%\afolder\dwn_util.bat
- %TEMP%\afolder\uharc.exe
- %TEMP%\1.tmp\BiscontiComputers-start.exe
- %TEMP%\1.tmp\tasklist.exe
- %TEMP%\1.tmp\BiscontiComputers.bat
- %TEMP%\aio_dir.bat
- %TEMP%\tmp_dir.txt
- %TEMP%\bisc\bisc_setup-tmp.txt
- 'www.bi#####icomputers.com':80
- www.bi#####icomputers.com/bisc_files/files/Malwarebytes.uha
- www.bi#####icomputers.com/bisc_files/files/mbam-v.txt
- www.bi#####icomputers.com/bisc_files/files/GlaryRegistryRepair.uha
- www.bi#####icomputers.com/bisc_files/files/glary-v.txt
- www.bi#####icomputers.com/bisc_files/BiscontiComputers_MZ?.e##
- www.bi#####icomputers.com/bisc_files/aiov.txt
- www.bi#####icomputers.com/bisc_files/files/Piriform.uha
- www.bi#####icomputers.com/bisc_files/files/ccleaner-v.txt
- DNS ASK www.bi#####icomputers.com