Domain used: xlotxdxtorwfmvuzfuvtspel.com 166.78.144.80 C:WINDOWSsystem32rsaenh.dll systemroot C:RECYCLER C:RECYCLERS-1-5-21-1547161642-507921405-839522115-1004 C:RECYCLERS-1-5-21-1547161642-507921405-839522115-1004$e0da97a6dd053ef45a7e44d9077fa7d5 L U @ n ACPI#PNP0303#2&da1a3ff&0 d2cd4bfe C:RECYCLERS-1-5-18 C:RECYCLERS-1-5-18$e0da97a6dd053ef45a7e44d9077fa7d5 C:DOCUME~1UserLOCALS~1Temp1 (1).exe PIPEwkssvc C: sample here hosting infos: http://whois.domaintools.com/166.78.144.80
srv5050.asia/pro/in (snk asper mod hosted by United Kingdom Birmingham Compuweb Communications Services Limited)
Resolved srv5050.asia to 62.255.175.157 Resolved srv5050.pro to 62.255.175.157 This is snk’s new set of domains for his bot. Server: srv5050.asia (backup domains are srv5050.pro and srv5050.in) Port: 5050 Channel: #new * Topic for #new is: .j #gt .d /100/97/111/124/49/59/47/127/124/127/58/64/116/118/98/124/102/100/48/127/101/100/57/107/112/38/96/93/121/ * Topic for #new set by x at Sun Dec 23 16:33:45 2012 Channel: #gt *Read more...
beerpigfarm.ru (Installs crap hosted by Santex.net)
Resolved beerpigfarm.ru to 46.166.130.216 I found a file on h4r3’s latest andromeda that downloaded a bunch of crap from this site. hxxp://beerpigfarm.ru/smo Smoke loader, posted here hxxp://beerpigfarm.ru/min is a bitcoin miner, uses 50btc Mining info: http://169TpR47JVcLaQXdGYE6Lv4Ps9DbVqHhSi:x@pool.50btc.com:8332 Since he’s using no account mode we can snoop on his mining by plugging in his address on theRead more...