Resolved : [fx010413.whyi.org] To [62.193.249.122] Resolved : [fx010413.whyi.org] To [79.113.167.139] Resolved : [fx010413.whyi.org] To [210.127.253.90] Resolved : [fx010413.whyi.org] To [210.166.223.51] Resolved : [fx010413.whyi.org] To [80.247.72.130] – IRC Conversations: 79.113.167.139:3305 Nick: P|qh16j2hce Username: dygc9fsr5 Server Pass: secretpass Joined Channel: #mm with Password RSA Channel Topic for Channel #mm: “+RFK1S/6KRjv0TkGzf1/9DgN/v9Xc4.xLe8L1bni40/nobx.1Yk9c/0huyUx0jw3NQ.1MD7F.yzT88.Nkc9c1EdFzy/8M3IL1fpZib.aEu1R.F7Xil0nzHEC.zO2Ji.qiFiN1fB5yg.4LavN/r5ZOu1p7Mhb.Rvv8x.Adm9j0”
pimp.foilball.info
pimp.foilball.info 78.129.228.56 Resolved: [pimp.foilball.info] To [78.129.228.56] C&C Server: 78.129.228.56:65267 Server Password: Username: ylbcherw Nickname: DEU|00|XP|SP3|7410895 Channel: #NzM# (Password: screwu) Channeltopic: :.root.start sym 100 5 0 -a -r Now talking in #NzM# Topic On: [ #NzM# ] [ .root.start dcom135 200 0 0 59.x.x.x -a -r -s ] Topic By: [ weeble ] Registry Changes byRead more...
qiu1984.2288.org
qiu1984.2288.org: type A, class IN, addr 60.173.8.181 Outgoing connection to remote server: qiu1984.2288.org TCP port 7089 Outgoing connection to remote server: qiu1984.2288.org TCP port 7089 Outgoing connection to remote server: qiu1984.2288.org TCP port 7089 Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREInstall “Debug” = C:ProgrammeNVIDIAYRntEx.OLE HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{438755C2-A8BA-11D1-B96B-00A0C90312E1}InProcServer32 “” = C:ProgrammeNVIDIAYRntEx.Dll Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboardRead more...
cx10man.weedns.com(Mouse botnet)
Resolved : [cx10man.weedns.com] To [62.193.249.122] Resolved : [cx10man.weedns.com] To [80.247.72.130] Resolved : [cx10man.weedns.com] To [79.113.167.139] Resolved : [cx10man.weedns.com] To [210.166.223.51] Resolved : [cx10man.weedns.com] To [210.127.253.90] yoshi.informatik.uni-mannheim.de 192.168.241.17 C&C Server: cx10man.weedns.com:3305 Server Password: Username: wrsacnb5l Nickname: P|poieawr1s Channel: #mm (Password: RSA) Channeltopic: :+t0Cc2/G5oAh06w2GQ0tQkXD1bqhV7/ipBe01hiyOt1tAGoD0bni40/nobx.1Yk9c/0huyUx0ugcQs0puLM0.F7Xil0nzHEC.zO2Ji.qiFiN1fB5yg.4LavN/Y32Vl.icZdS/6IIdG/IzRhU/N8F9A1pMQnb1wLZMb.FzK1Y/C5aBp.H2I7z1vdVFY0rM6ME135Qy/1qcS5D0 Resolved : [cx10man.weedns.com] To [62.193.249.122] Resolved : [cx10man.weedns.com] To [80.247.72.130] Resolved : [cx10man.weedns.com]Read more...
blabla.douteux.info
– IRC Conversations: 94.47.254.1:6692 Nick: lswmOLdb Username: jryzondt Joined Channel: #0 Channel Topic for Channel #0: “=C1nNBnfNVDkkQRqxCbVec51gkackSc6brTZ” Topic By: [ ggbdg ]
keno.hizzibolla.com
keno.hizzibolla.com 69.42.218.75 Resolved : [keno.hizzibolla.com] To [69.42.218.75] C&C Server: 69.42.218.75:8878 Server Password: Username: iyicpazy Nickname: obZhzECbX Channel: #maxi (Password: ) Channeltopic: :=glRW7E+NAInKAWQQ9QNpMjm2/81PJzDl0ggaCl8I9h9tSzyjtM4cn6mC9aL1JrmzdqVs5/a9kXPXyRkv7CNtD6uKgjNKvUDhzc7e7bNqdGGL+T/DDRuqVsdOVnWpBdDPucbFYwN/AJyLkrYs9h6fLKN6q3x Topic By: [ eebab ] Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Background Intelligent Transfer Service” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenbits.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:WINDOWSExplorer.EXE” = C:WINDOWSExplorer.EXE:*:Enabled:Background Intelligent Transfer Service Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”Read more...
ms.mobilerequests.com(Buterfly Bot)
ms.mobilerequests.com: type A, class IN, addr 89.149.223.140 udp port:1863 Startup: explorer.exe (PID: 776 MD5: 12896823FB95BFB3DC9B46BCAEDC9923) wscntfy.exe (PID: 676 MD5: F92E1076C42FCD6DB3D72D8CFE9816D5) File created: C:RECYCLERS-1-5-21-5315288217-6398524660-645013835-9465 C:RECYCLERS-1-5-21-5315288217-6398524660-645013835-9465Desktop.ini Other file operations: C:RECYCLERS-1-5-21-5315288217-6398524660-645013835-9465
tes.enterhere2.biz(Buterfly Bot)
tes.stuckin.org: type A, class IN, addr 208.53.131.135 tes.memehehz.info: type A, class IN, addr 208.53.131.135 tes.enterhere2.biz: type A, class IN, addr 208.53.131.135 Startup: explorer.exe (PID: 776 MD5: 12896823FB95BFB3DC9B46BCAEDC9923) wscntfy.exe (PID: 676 MD5: F92E1076C42FCD6DB3D72D8CFE9816D5) udp ports: 57134,4444 File Created: C:RECYCLERS-1-5-21-9031247443-7444027205-238249698-8303 C:RECYCLERS-1-5-21-9031247443-7444027205-238249698-8303Desktop.ini Memory written: 3 776 C:WINDOWSexplorer.exe 00980000 success or wait 1 8 776 C:WINDOWSexplorer.exe 00990000 success orRead more...
backup.kazeu.net(big net)
Resolved : [backup.kazeu.net] To [217.219.137.162] Resolved : [backup.kazeu.net] To [218.206.248.154] Resolved : [backup.kazeu.net] To [178.32.95.119] 178.32.95.119:23232 Nickname: n[USA|XPP|x32|HANS]qebjljr User: 6625″” Joins channel: :#security-check# Joins channel: #!icee PW: ERROR Joins channel: :#!icee ..’..K..’.?…E..
irc.NaDe.gov
Remote Host Port Number 217.23.13.240 6374 NICK n{USA|XP}392156 USER 3921 “” “TsGh” :3921 JOIN #nade2# PONG :irc.NaDe.gov * The following port was open in the system: Port Protocol Process 1053 TCP hidserv.exe (%AppData%hidserv.exe) Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Update System = “%AppData%hidserv.exe” so that hidserv.exe runs everyRead more...