NICK [BHH|XP|US|700438][v5] USER BHH700438 700438 COMPUTERNAME :[BHH|XP|US|700438][v5] JOIN #InItTogether Other details * The following Host Name was requested from a host database: o fluffy.jessicadube.com Memory Modifications * There were new processes created in the system: Process Name Process Filename Main Module Size services.exe %Temp%services.exe 262 144 bytes [filename of the sample #1] [file and pathnameRead more...
pics09.itsinthediddle.info
pics09.itsinthediddle.info DNS_TYPE_A 116.80.220.158 YES udp 116.80.220.158:9595 Nick: {NEW}[AUT][XP]494868 Username: 0652 Joined Channel: #!sw
here.virtual-rejectz.com
Resolved : [here.virtual-rejectz.com] To [70.91.45.236] Resolved : [here.virtual-rejectz.com] To [66.178.131.99] here.virtual-rejectz.com:9000 Joined Channel: ##indi Joined Channel: ##deadmeat##
ms4alllll.inluver.com
ms4alllll.inluver.com 47221 #dpi jojo #! jojo is the command for /join
get.articleslinked.com
browseusers.myspace.com browseusers.myspace.com 216.178.38.168 x.myspacecdn.com x.myspacecdn.com 212.201.100.176 myspace.ivwbox.de myspace.ivwbox.de 193.46.63.103 cms.myspacecdn.com cms.myspacecdn.com 212.201.100.169 www.google-analytics.com www.google-analytics.com 74.125.43.113 js.myspacecdn.com js.myspacecdn.com 212.201.100.169 qs.ivwbox.de qs.ivwbox.de 193.46.63.90 pagead2.googlesyndication.com pagead2.googlesyndication.com 209.85.129.167 googleads.g.doubleclick.net googleads.g.doubleclick.net 209.85.129.156 b.myspace.com c3.ac-images.myspacecdn.com b.myspace.com 63.135.80.58 c1.ac-images.myspacecdn.com c2.ac-images.myspacecdn.com c3.ac-images.myspacecdn.com 212.201.100.134 c4.ac-images.myspacecdn.com c2.ac-images.myspacecdn.com 212.201.100.133 c4.ac-images.myspacecdn.com 212.201.100.135 c1.ac-images.myspacecdn.com 212.201.100.142 delb.opt.fimserve.com delb.opt.fimserve.com 63.135.86.37 desk.opt.fimserve.com desk.opt.fimserve.com 63.135.86.39 adserver.adtech.de adserver.adtech.de 194.117.224.81 ad.doubleclick.net ad.doubleclick.net 209.85.135.149 ad.zanox.comRead more...
123.176.40.3
Remote Host Port Number 123.176.40.3 2345 204.0.5.34 80 204.0.5.40 80 204.0.5.41 80 204.0.5.42 80 204.0.5.43 80 204.0.5.51 80 204.0.5.56 80 207.46.148.32 80 216.178.38.103 80 63.135.86.21 80 * The data identified by the following URLs was then requested from the remote web server: o http://1.download.advertise.myspace.com/upld/cs/1//cs3_sk_11208_.jpg o http://c1.ac-images.myspacecdn.com/images02/80/s_888834f414aa4f2b924101a5167113d8.jpg o http://c1.ac-images.myspacecdn.com/images02/120/s_87487f0ec53045ce8e581b17fdd77a64.jpg o http://c1.ac-images.myspacecdn.com/images02/79/s_ef84fd52b6874d7e8bf45175203fb080.jpg o http://c1.ac-images.myspacecdn.com/images02/142/s_66ab256c0ab74472bbeebd063fed0014.jpg o http://c1.ac-images.myspacecdn.com/images02/137/s_865bedd8217a483c8892740d0a6cc010.jpg oRead more...
darkjester.xplosionirc.net
Remote Host Port Number darkjester.xplosionirc.net 8080 Other details * The following Host Name was requested from a host database: o darkjester.xplosionirc.net Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{AC1FC6A8-D767-4FD2-A75F-63BA7FDDB043} o HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{AC1FC6A8-D767-4FD2-A75F-63BA7FDDB043}InProcServer32 * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{AC1FC6A8-D767-4FD2-A75F-63BA7FDDB043}InProcServer32] + (Default) = “rdshost.dll” o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad] + rdshost = “{AC1FC6A8-D767-4FD2-A75F-63BA7FDDB043}” Memory ModificationsRead more...
moves.vaiosys.com(SnK new domain )
Remote Host Port Number moves.vaiosys.com 81 NICK [USA|XP]3955007 USER s “” “lol” :s JOIN #newgen# JOIN #USA (null) NICK n[USA|XP]1780382 NICK [USA|XP]1860968 * To mark the presence in the system, the following Mutex object was created: o 9n7v6v9n8v5bn8 * The following ports were open in the system: Port Protocol Process 1034 TCP egun.exe (%AppData%egun.exe) 1035Read more...
windowsupdatecenter.net (SnK aspergillus mod)
www.scopeo-eng.com www.scopeo-eng.com 213.186.33.2 UDP Connections Remote IP Address: 127.0.0.1 Port: 1053 Send Datagram: 47 packet(s) of size 1 Recv Datagram: 47 packet(s) of size 1 Download URLs http://213.186.33.2/fonctions/o.exe (www.scopeo-eng.com) Outgoing connection to remote server: www.scopeo-eng.com TCP port 80 DNS Lookup Host Name IP Address windowsupdatecenter.net 85.12.60.20 * C&C Server: 85.12.60.20:81 * Server Password: * Username:Read more...
fusiiion.info
Remote Host Port Number fusiiion.info 51987 NICK [USA-161730] USER 4197 “” “lol” :4197 JOIN #Asper NICK [USA-551703] USER 8351 “” “lol” :8351 Other details * To mark the presence in the system, the following Mutex object was created: o GDT768YHJ * The following ports were open in the system: Port Protocol Process 1033 TCP svchost.exeRead more...