Month: July 2010

67.43.232.36

Uncategorized

Remote Host Port Number 204.0.5.51 80 208.53.183.20 80 208.53.183.46 80 67.210.170.179 80 205.188.59.194 25 64.12.90.98 25 67.43.232.36 5190 * The data identified by the following URLs was then requested from the remote web server: o http://http.icq.com.edgesuite.net/pub/ICQ_Win95_98_NT4/ICQ_4/Lite_Edition/icq4_setup.exe o http://yutunrz.1dumb.com/reg?u=7710BA55&v=187&s=0&su=0&p=1&e=0&o=0&a=0&wr=75 JOIN #kok7 USERHOST FQixZtkC MODE ##xddc +smntu MODE #xddc1 +smntu MODE #xddc2 +smntu MODE #kok7 +smntu USERRead more...

67.210.170.142

Uncategorized

Remote Host Port Number 67.210.170.142 20000 PASS ohai NICK pavtkt USER ugjyyk “” “wfm” :ugjyyk Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{98ZVD5C0-4FCB-11CF-AAX5-81CX1C635612} * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{98ZVD5C0-4FCB-11CF-AAX5-81CX1C635612}] + StubPath = “c:ReCycLErS-1-5-21-1482276501-1663491937-6831267430-1013svchost.exe” so that svchost.exe runs every time Windows starts * The following fileRead more...

bazilboom.mine.nu

Uncategorized

Remote Host Port Number 92.237.69.33 6667 NICK vrX|na|XP|SP2|00001 NICK :vrX|na|XP|SP2|00008 NICK :vrX|na|XP|SP2|00009 NICK :vrX|na|XP|SP2|00010 NICK :vrX|na|XP|SP2|00011 NICK :vrX|na|XP|SP2|00012 NICK :vrX|na|XP|SP2|00013 NICK :vrX|na|XP|SP2|00014 NICK :vrX|na|XP|SP2|00015 NICK :vrX|na|XP|SP2|00016 NICK :vrX|na|XP|SP2|00017 USER RadXScan “” “bazilboom.mine.nu” :RadX NICK :vrX|na|XP|SP2|00018 NICK :vrX|na|XP|SP2|00002 NICK vrX|na|XP|SP2|00002 NICK :vrX|na|XP|SP2|00003 NICK :vrX|na|XP|SP2|00004 NICK :vrX|na|XP|SP2|00005 NICK :vrX|na|XP|SP2|00006 NICK :vrX|na|XP|SP2|00007 Registry Modifications * The following RegistryRead more...

193.107.16.29

Uncategorized

Remote Host Port Number 193.107.16.29 8888 NICK [Fresh|6673|USA|XP] USER 6673 “” “lol” :6673 JOIN #Cybernet 200500 * The following ports were open in the system: Port Protocol Process 1051 TCP [file and pathname of the sample #1] 1054 TCP [file and pathname of the sample #1] Registry Modifications * The newly created Registry Values are:Read more...