Remote Host Port Number 112.78.112.208 80 195.2.252.21 80 204.45.118.250 80 204.45.121.50 80 218.85.133.201 80 123.0.41.218 3128 24.63.206.135 3128 62.103.174.192 3128 82.38.141.57 3128 204.45.85.218 57221 PASS laorosr 209.90.137.223 1199 USER SP2-743 * 0 :COMPUTERNAME MODE #! -ix MODE #Ma -ix MODE [N00_USA_XP_7728388] @ -ix MODE #dpi -ix 00000000 | 5041 5353 206C 616F 726F 7372 0D0ARead more...

formosa.notengodominio.com 184.106.215.31 C&C Server: 184.106.215.31:6667 Server Password: Username: DELL-D3E62F7E26 Nickname: {XPDEU494207} Channel: ##fuds9## (Password: ) Channeltopic: C&C Server: 184.106.215.31:6667 Server Password: Username: DELL-D3E62F7E26 Nickname: {XPDEU485738} Channel: ##fuds9## (Password: ) Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Windows Update” = C:DOKUME~1ADMINI~1LOKALE~1Tempservice.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Services” = service.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Windows Update” = C:DOKUME~1ADMINI~1LOKALE~1Tempservice.exe ReadsRead more...

Remote Host Port Number ate.lacoctelera.net 1034 Other details * To mark the presence in the system, the following Mutex objects were created: o Micro Upe o oleacc-msaa-loaded o _!SHMSFTHISTORY!_ * The following Host Names were requested from a host database: o astro.ic.ac.uk o ale.pakibili.com o versatek.com o journalofaccountancy.com o transnationale.org o mas.0730ip.com o bejsis.com oRead more...

kuwait.arabgroup.org 204.188.240.50 Opened listening TCP connection on port: 113 C&C Server: 204.188.240.50:3232 Server Password: Username: xxzag Nickname: DEU|XP|SP3|00|40038 Channel: #drhackers1# (Password: ) Channeltopic: :.advscan asn445 100 9 0 -r -b

Remote Host Port Number 46.4.229.246 51987 USER rA rA rA rA NICK [rA|USA|XP|26962] JOIN #Scope# nokey PRIVMSG #Scope# : 4New bot for Scope PING :IRC.Secret.GoV Other details * The following port was open in the system: Port Protocol Process 1054 TCP lsass.exe (%AppData%lsass.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] +Read more...

Resolved : [ogard.shannen.cc] To [95.142.163.184] Resolved : [ogard.shannen.cc] To [92.243.28.194] * The following Host Names were requested from a host database: o ogard.shannen.cc o Ogard.helldark.biz o ogard.ircdevils.net PASS Virus NICK VirUs-vxbscaka USER VirUs “” “xdm” : .8,1..8Coded .4By .8VirUs.. Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-00WE-AAX5-74CC2A322142} * The newlyRead more...

Remote Host Port Number 23u.no-ip.info 51987 Resolved : [3u.no-ip.info] To [82.146.49.176] PASS google_cache2.tmp NICK NEW{EpicBot-USA|XP}615228 USER 7570 “” “TsGh” :7570 JOIN #Cheese# Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Simatic Updates = “%Windir%winlogon.exe” + UserFaultCheck = “%System%dumprep 0 -u” so that winlogon.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]Read more...

Remote Host Port Number 66.187.110.154 81 NICK n[USA|XP|COMPUTERNAME]kspycmw USER n “” “lol” :n JOIN #biz# PONG 422 * The following directory was created: o %AppData%C-76947-8457-2745 Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + WindowsDriverControl = “%AppData%C-76947-8457-2745winmsngrn.exe” so that winmsngrn.exe runs every time Windows starts File System Modifications * The following filesRead more...

Remote Host Port Number 64.20.46.176 81 67.195.145.141 80 * The data identified by the following URL was then requested from the remote web server: o http://wallprofiles.net/pic.exe NICK n[USA|XP|COMPUTERNAME]putuqyw USER n “” “lol” :n JOIN #biz# PONG 422 Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + WindowsDriverControl = “%AppData%C-76947-8457-2745wincdrsvn.exe” so that wincdrsvn.exeRead more...