Author: Pig

Remote Host Port Number testusa.helohmar.com 8800 Resolved : [testusa.helohmar.com] To [76.73.36.42] Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] + Taskman = “C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455fddg.exe” so that fddg.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Tji771 = “C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455fddg.exe” so that fddg.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon] + Shell =Read more...

Remote Host Port Number 178.63.148.49 6667 NICK n{USA|XP}693101 USER 4584 “” “TsGh” :4584 JOIN #Adam Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Update System = “%AppData%winlogon.exe” + UserFaultCheck = “%System%dumprep 0 -u” so that winlogon.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Update System = “%AppData%winlogon.exe” soRead more...

Remote Host Port Number 66.187.110.152 81 NICK n[USA|XP]1167074 USER s “” “lol” :s JOIN #newbin# PONG 422 JOIN #USA (null) * The following port was open in the system: Port Protocol Process 1053 TCP msnd.exe (%AppData%msnd.exe) Memory Modifications * There was a new process created in the system: Process Name Process Filename Main Module SizeRead more...

Remote Host Port Number 124.217.239.92 1234 PASS xxx 184.73.209.168 80 204.0.5.41 80 204.0.5.42 80 204.0.5.58 80 204.0.5.59 80 216.178.38.103 80 216.178.38.168 80 63.135.86.21 80 63.135.86.25 80 64.208.138.220 80 NICK NEW-[USA|00|P|84708] USER XP-1884 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|84708] -ix JOIN #!nn! test PONG 22 MOTD

Remote Host Port Number insidehighered.com 1034 * The following Internet Connection was established: Server Name Server Port Connect as User Connection Password browseusers.myspace.com 80 (null) (null) * The following GET requests were made: o Browse/Browse.aspx o Browse/index.jpg * The data identified by the following URL was then requested from the remote web server: o http://4.45.182.239/index.phpRead more...

Resolved : [p34s3.hmarhelo.com] To [209.90.137.223] Resolved : [p34s3.hmarhelo.com] To [209.90.137.224] Resolved : [p34s3.hmarhelo.com] To [209.90.137.222] Resolved : [p34s3.hmarhelo.com] To [209.90.137.221] Remote Host Port Number p34s3.hmarhelo.com 1199 Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + 12CFG214-K641-12SF-N85P = “C:RECYCLERS-1-5-21-0243936033-3052116371-381863308-1811vsbntlo.exe” so that vsbntlo.exe runs every time Windows starts Memory Modifications * There were newRead more...

Remote Host Port Number 220.229.232.69 4891 USER fyejoxvc fyejoxvc fyejoxvc :morggdnd NICK FNaVaqaVE MODE FNaVaqaVE +xi JOIN #maxi USERHOST FNaVaqaVE MODE #maxi +smntu Now talking in #maxi Topic On: [ #maxi ] [ =glRW7E+NAInKAWQQ9QNpMjm2/81PJzDl0ggaCl8I9h9tSzyjtM4cn6mC9aL1JrmzdqVs5/a9kXPXyRkv7CNtD6uKgjNKvUDhzc7e7bNqdGGL+T/DDRuqVsdOVnWpBdDPucbFYwN/AJyLkrYs9h6fLKN6q3x ] Topic By: [ DIKFK ] Modes On: [ #maxi ] [ +smntSMCu ]

DNS Lookup Host Name IP Address Established.yi.org 87.236.232.25 Established.yi.org mue-88-130-14-018.dsl.tropolys.de 88.130.14.18 mue-88-130-14-018.dsl.tropolys.de whatismyip.akamai.com 212.201.100.185 whatismyip.akamai.com Driver.yi.org 91.93.117.180 Driver.yi.org Opened listening TCP connection on port: 113Download URLs http://212.201.100.169/ (212.201.100.169) http://91.93.117.180/run.exe (Driver.yi.org) C&C Server: 87.236.232.25:6667 Server Password: Username: t7d4z2 Nickname: :V|XP|G7Zd1 Channel: #Establish (Password: fuckyouall) Channeltopic: Outgoing connection to remote server: 212.201.100.169 TCP port 80 Outgoing connectionRead more...

Remote Host Port Number 204.0.5.41 80 204.0.5.42 80 204.0.5.48 80 204.0.5.56 80 207.38.101.10 80 207.38.101.12 80 216.178.38.103 80 216.178.38.168 80 63.135.86.21 80 63.135.86.25 80 205.234.231.194 1234 PASS xxx NICK NEW-[USA|00|P|36443] USER XP-9032 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|36443] -ix JOIN #!nn! test PONG 22 MOTD * The data identified by the following URLs was then requestedRead more...

Remote Host Port Number 174.120.205.250 81 NICK n[USA|XP]0115398 USER s “” “lol” :s JOIN #newbin# PONG 422 JOIN #USA (null) The following port was open in the system: Port Protocol Process 1055 TCP msnd.exe (%AppData%msnd.exe) Registry Modifications The newly created Registry Value is: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] Windows System Guard = “%AppData%msnd.exe” so that msnd.exe runs every timeRead more...