Author: Pig

Remote Host Port Number 173.203.112.32 81 NICK n[USA|XP]1345482 USER s “” “lol” :s JOIN #newbin# PONG 422 JOIN #USA (null) * The following port was open in the system: Port Protocol Process 1055 TCP msng.exe (%AppData%msng.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows System Guard = “%AppData%msng.exe” so thatRead more...

doko.no-ip.org 72.20.1.26 Opened listening TCP connection on port: 13156 * C&C Server: 72.20.1.26:6667 * Server Password: * Username: ilkxj * Nickname: [nLh-VNC]wkceru * Channel: ##!seuz!## (Password: hackmx) * Channeltopic: :+scan 60 1 189.x.x.x 3 1 200.x.x.x Outgoing connection to remote server: 200.133.0.250 TCP port 5900 Outgoing connection to remote server: 200.216.191.20 TCP port 5900 OutgoingRead more...

Remote Host Port Number 95.211.21.131 8888 NICK i{USA|XP}euyuyij USER i{USA|XP}euyuyij 0 0 :i{USA|XP}euyuyij JOIN #botoholiker Registry Modifications * The following Registry Key was created: o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionApp * The following Registry Keys were deleted: o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBoot o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalAppMgmt o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBase o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBoot Bus Extender o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBoot file system o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalCryptSvc o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalDcomLaunch o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimaldmadminRead more...

Remote Host Port Number 173.204.76.243 81 NICK n[USA|XP]0956120 USER s “” “lol” :s JOIN #newbin# PONG 422 JOIN #USA (null) Now talking in #newbin# Topic On: [ #newbin# ] [ .st ] Topic By: [ vps ] * The following port was open in the system: Port Protocol Process 1057 TCP msng.exe (%AppData%msng.exe) Registry ModificationsRead more...

Remote Host Port Number 95.154.216.63 3211 PASS Virus NICK VirUs-prpgqjsq USER VirUs “” “hjr” : 8Coded 8VirUs.. JOIN #koko# Virus PONG :fbi.gov Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67XOR2B0-3GMC-89VV-JIJ1-24KL2R3222431} * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67XOR2B0-3GMC-89VV-JIJ1-24KL2R3222431}] + StubPath = “c:SABERV2009SABER.exe” so that SABER.exe runs everyRead more...

Remote Host Port Number eaglezinc.com 4723 join #EaGLeZ NICK n{USA|XP}fopvzai USER n{USA|XP}fopvzai 0 0 :n{USA|XP}fopvzai * To mark the presence in the system, the following Mutex object was created: o DirectSound Administrator shared thread array (lock) * The following Host Name was requested from a host database: o eaglezinc.com Registry Modifications * The following RegistryRead more...

PING join.kizlarevi.net USER [NEW|9898] False * :neOn1 NICK [NEW|9898] JOIN #k9 PONG :You have not registered JOIN ##USA Now talking in #k9 Topic On: [ #k9 ] [ !p2p ] Topic By: [ LnX ] join.kizlarevi.net 95.154.241.53 mue-88-130-35-093.dsl.tropolys.de 88.130.35.93 join.kizlarevi.net Opened listening TCP connection on port: 113 * C&C Server: 95.154.241.53:6667 * Server Password: *Read more...

98.209.125.232 (6667) Invisible Users: 246 Operators: 2 operator(s) online Channels: 8 channels formed Clients: I have 266 clients and 0 servers Local users: Current Local Users: 266 Max: 435 Global users: Current Global Users: 266 Max: 345 join #cyba

Remote Host Port Number 74.82.163.179 998 Other details * The following port was open in the system: Port Protocol Process 1053 TCP spjsxy.exe (%System%spjsxy.exe) Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlMediaResourcesmsvideo o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_KCMDSVC o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_KCMDSVC000 o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_KCMDSVC000Control o HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceskcmdsvc o HKEY_LOCAL_MACHINESYSTEMControlSet001ServiceskcmdsvcSecurity o HKEY_LOCAL_MACHINESYSTEMControlSet001ServiceskcmdsvcEnum o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlMediaResourcesmsvideo o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_KCMDSVC o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_KCMDSVC000 o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_KCMDSVC000ControlRead more...

34real.ru 193.105.207.120 Opened listening TCP connection on port: 11012 Opened listening TCP connection on port: 17479Download URLs http://193.105.207.120/http/bin.bin (34real.ru) http://193.105.207.120/http/bin.exe (34real.ru) http://193.105.207.120/http/rapport.exe (34real.ru) http://193.105.207.120/http/killaa.exe (34real.ru) http://193.105.207.120/http/bin.bin (34real.ru) http://193.105.207.120/http/bin.exe (34real.ru) http://193.105.207.120/http/bin.bin (34real.ru) Data posted to URLs http://193.105.207.120/http/logosex.php (34real.ru) http://193.105.207.120/http/logosex.php (34real.ru) http://193.105.207.120/http/logosex.php (34real.ru) http://193.105.207.120/http/logosex.php (34real.ru) http://193.105.207.120/http/logosex.php (34real.ru) http://193.105.207.120/http/logosex.php (34real.ru) Outgoing connection to remote server: 34real.ru TCP portRead more...