Month: March 2010

winupdservice.net 205.234.232.216 C&C Server: 205.234.232.216:81 Server Password: Username: s Nickname: n[DEU|XP]7063463 Channel: #start# (Password: ) Channeltopic: :, Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:Dokumente und EinstellungenAdministratorAnwendungsdatenwinsvcn.exe” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenwinsvcn.exe:*:Enabled:WindowsUpdateManager HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “WindowsUpdateManager” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenwinsvcn.exe Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerAppCompatibilityRead more...

# Remote Address: 70.39.83.130 # Host Name: test.panjsheri.com * IRC Data o User Name: s o Host Name: “” o Server Name: o Real Name: s o Nick Name: n[USA|XP]1031764 o Non RFC Conform: 1 + Channel # Name: #start# # Transport Protocol: TCP # Remote Address: 70.39.83.130 # Remote Port: 81 # Protocol: IRCRead more...

Remote Host Port Number bul.panjsheri.com 1234 NICK n[USA|XP]0002913 USER 4625 “” “lol” :4625 JOIN #po# NICK [USA|XP]9349820 USER 4548 “” “lol” :4548 ther details * To mark the presence in the system, the following Mutex object was created: o SN6JSN868L * The following ports were open in the system: Port Protocol Process 1034 TCP aiambc.exeRead more...

Remote Host Port Number irandy.info 8160 NICK {USA-XP}481463 USER yjmpomf * 0 :COMPUTERNAME * The following ports were open in the system: Port Protocol Process 1033 TCP svhost.exe (%Windir%svhost.exe) 1034 TCP svhost.exe (%Windir%svhost.exe) * The following Host Name was requested from a host database: o irandy.info Other details * To mark the presence in theRead more...

# Remote Address: 82.114.87.46 # Host Name: stores.dellhp.net # Transport Protocol: TCP # Remote Address: 82.114.87.46 # Remote Port: 1234 # Protocol: IRC * IRC Data o User Name: 3052 o Host Name: “” o Server Name: o Real Name: 3052 o Nick Name: n[USA|XP]8081698 o Non RFC Conform: 1 + Channel # Name: #dl#Read more...

Remote Host Port Number 173.201.179.47 8016 NICK [00|USA|492539] PONG sv.privatenetwork.pv USER XP-0542 * 0 :COMPUTERNAME MODE [00|USA|492539] +su JOIN #private MODE #private +su NICK [00|USA|890609] USER XP-0460 * 0 :COMPUTERNAME MODE [00|USA|890609] +su * The following port was open in the system: Port Protocol Process 1054 TCP service.exe (%Windir%service.exe) Registry Modifications * The following RegistryRead more...

electric-servers.com 217.23.7.121 C&C Server: 217.23.7.121:6667 Server Password: Username: XP-0733 Nickname: [DEU-[L]-65709]NEW Channel: #Cracker (Password: none) Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftGDIPlus “FontCachePath” = C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdaten HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Micrososft Omg” = taskmgrr.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “Micrososft Omg” = taskmgrr.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe” = C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe:*:Enabled:Micrososft OmgRead more...

just.addsyrup.net 174.120.225.25 C&C Server: 174.120.225.25:6667 Server Password: Username: 9273 Nickname: [9273|DEU|XP] Channel: ##syrup## (Password: da32rga4a) Channeltopic: :http://teamwaffle.net/bots/syrup.exe Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Microsoft Windows Hosting Service Login” = C:DOKUME~1ADMINI~1LOKALE~1Tempexplorer.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Microsoft Windows Hosting Service Login” = C:DOKUME~1ADMINI~1LOKALE~1Tempexplorer.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “Microsoft Windows Hosting Service Login” = C:DOKUME~1ADMINI~1LOKALE~1Tempexplorer.exe Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggleRead more...

und.shkumbimi.net 122.183.243.48 Opened listening TCP connection on port: 559 C&C Server: 122.183.243.48:12351 Server Password: Username: pdndt Nickname: pdndt Channel: (Password: ) Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows System Configuration” = C:WINDOWSwinupdates.exe Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File” HKEY_CURRENT_USERSoftwareMicrosoftCTFRead more...