Resolved : [g.0x20.biz] To [62.193.249.122] Resolved : [g.0x20.biz] To [210.127.253.90] Resolved : [g.0x20.biz] To [210.166.223.51] Resolved : [g.0x20.biz] To [81.144.210.251] Resolved : [g.0x20.biz] To [80.247.72.130] Resolved : [g.0x20.biz] To [12.50.233.121] Resolved : [g.0x20.biz] To [208.123.165.73] Resolved : [g.0x20.biz] To [173.51.215.195] Resolved : [g.0x20.biz] To [61.221.147.253] Resolved : [gynoman.weedns.com] To [62.193.249.122] Resolved : [gynoman.weedns.com] To [80.247.72.130]Read more...
kadds.ru
gutyeaz.com kadds.ru 91.211.117.127 91.211.117.76 91.211.117.76 94.47.254.1 94.47.254.1 UDP Connections Remote IP Address: Port: 2323 Send Datagram: packet(s) of size 21 Recv Datagram: 3000 packet(s) of size 0 Remote IP Address: Port: 2323 Send Datagram: packet(s) of size 21 Recv Datagram: 3000 packet(s) of size 0 Remote IP Address: 91.211.117.127 Port: 2323 Send Datagram: packet(s) ofRead more...
qia.9966.org
qia.9966.org 218.10.18.77 Outgoing connection to remote server: qia.9966.org TCP port 8000 Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesfyddos_svcname “Description” = fyddos services descrption HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:WINDOWSsystem32svchest.exe” = C:WINDOWSsystem32svchest.exe:*:Enabled:Microsoft (R) Internetal IExplore Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File” HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”Read more...
fx010413.whyI.org(Mouse’s big net)
Resolved : [fx010413.whyi.org] To [62.193.249.122] Resolved : [fx010413.whyi.org] To [79.113.167.139] Resolved : [fx010413.whyi.org] To [210.127.253.90] Resolved : [fx010413.whyi.org] To [210.166.223.51] Resolved : [fx010413.whyi.org] To [80.247.72.130] – IRC Conversations: 79.113.167.139:3305 Nick: P|qh16j2hce Username: dygc9fsr5 Server Pass: secretpass Joined Channel: #mm with Password RSA Channel Topic for Channel #mm: “+RFK1S/6KRjv0TkGzf1/9DgN/v9Xc4.xLe8L1bni40/nobx.1Yk9c/0huyUx0jw3NQ.1MD7F.yzT88.Nkc9c1EdFzy/8M3IL1fpZib.aEu1R.F7Xil0nzHEC.zO2Ji.qiFiN1fB5yg.4LavN/r5ZOu1p7Mhb.Rvv8x.Adm9j0”
pimp.foilball.info
pimp.foilball.info 78.129.228.56 Resolved: [pimp.foilball.info] To [78.129.228.56] C&C Server: 78.129.228.56:65267 Server Password: Username: ylbcherw Nickname: DEU|00|XP|SP3|7410895 Channel: #NzM# (Password: screwu) Channeltopic: :.root.start sym 100 5 0 -a -r Now talking in #NzM# Topic On: [ #NzM# ] [ .root.start dcom135 200 0 0 59.x.x.x -a -r -s ] Topic By: [ weeble ] Registry Changes byRead more...
qiu1984.2288.org
qiu1984.2288.org: type A, class IN, addr 60.173.8.181 Outgoing connection to remote server: qiu1984.2288.org TCP port 7089 Outgoing connection to remote server: qiu1984.2288.org TCP port 7089 Outgoing connection to remote server: qiu1984.2288.org TCP port 7089 Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREInstall “Debug” = C:ProgrammeNVIDIAYRntEx.OLE HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{438755C2-A8BA-11D1-B96B-00A0C90312E1}InProcServer32 “” = C:ProgrammeNVIDIAYRntEx.Dll Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboardRead more...
cx10man.weedns.com(Mouse botnet)
Resolved : [cx10man.weedns.com] To [62.193.249.122] Resolved : [cx10man.weedns.com] To [80.247.72.130] Resolved : [cx10man.weedns.com] To [79.113.167.139] Resolved : [cx10man.weedns.com] To [210.166.223.51] Resolved : [cx10man.weedns.com] To [210.127.253.90] yoshi.informatik.uni-mannheim.de 192.168.241.17 C&C Server: cx10man.weedns.com:3305 Server Password: Username: wrsacnb5l Nickname: P|poieawr1s Channel: #mm (Password: RSA) Channeltopic: :+t0Cc2/G5oAh06w2GQ0tQkXD1bqhV7/ipBe01hiyOt1tAGoD0bni40/nobx.1Yk9c/0huyUx0ugcQs0puLM0.F7Xil0nzHEC.zO2Ji.qiFiN1fB5yg.4LavN/Y32Vl.icZdS/6IIdG/IzRhU/N8F9A1pMQnb1wLZMb.FzK1Y/C5aBp.H2I7z1vdVFY0rM6ME135Qy/1qcS5D0 Resolved : [cx10man.weedns.com] To [62.193.249.122] Resolved : [cx10man.weedns.com] To [80.247.72.130] Resolved : [cx10man.weedns.com]Read more...
blabla.douteux.info
– IRC Conversations: 94.47.254.1:6692 Nick: lswmOLdb Username: jryzondt Joined Channel: #0 Channel Topic for Channel #0: “=C1nNBnfNVDkkQRqxCbVec51gkackSc6brTZ” Topic By: [ ggbdg ]
keno.hizzibolla.com
keno.hizzibolla.com 69.42.218.75 Resolved : [keno.hizzibolla.com] To [69.42.218.75] C&C Server: 69.42.218.75:8878 Server Password: Username: iyicpazy Nickname: obZhzECbX Channel: #maxi (Password: ) Channeltopic: :=glRW7E+NAInKAWQQ9QNpMjm2/81PJzDl0ggaCl8I9h9tSzyjtM4cn6mC9aL1JrmzdqVs5/a9kXPXyRkv7CNtD6uKgjNKvUDhzc7e7bNqdGGL+T/DDRuqVsdOVnWpBdDPucbFYwN/AJyLkrYs9h6fLKN6q3x Topic By: [ eebab ] Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Background Intelligent Transfer Service” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenbits.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:WINDOWSExplorer.EXE” = C:WINDOWSExplorer.EXE:*:Enabled:Background Intelligent Transfer Service Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”Read more...
ms.mobilerequests.com(Buterfly Bot)
ms.mobilerequests.com: type A, class IN, addr 89.149.223.140 udp port:1863 Startup: explorer.exe (PID: 776 MD5: 12896823FB95BFB3DC9B46BCAEDC9923) wscntfy.exe (PID: 676 MD5: F92E1076C42FCD6DB3D72D8CFE9816D5) File created: C:RECYCLERS-1-5-21-5315288217-6398524660-645013835-9465 C:RECYCLERS-1-5-21-5315288217-6398524660-645013835-9465Desktop.ini Other file operations: C:RECYCLERS-1-5-21-5315288217-6398524660-645013835-9465