PASS cih4n1313NICK USA|XP|SP2|00|0059USER ivchk 0 0 :..4CodeD .8By …1zerX.-…Virus.USERHOST USA|XP|SP2|00|0059MODE USA|XP|SP2|00|0059 -x+iJOIN #Botistan cih4n1313NOTICE USA|XP|SP2|00|0059 :.VERSION mIRC v6.21 Khaled Mardam-Bey.PRIVMSG #Botistan :.8,1-VrX- Bot ID: 915860.PRIVMSG #Botistan :.8,1-VrX- Uptime: 0d 0h 2m.PRIVMSG #Botistan :-.4.procs..- Failed to terminate process: PROCESS_NAME_TO_TERMINATE The following port was open in the system: Port Protocol Process 1041 TCP zjeecr.exe (%System%zjeecr.exe) Other detailsRead more...
xx.sqlteam.info
xx.sqlteam.info 83.68.16.6xx.enterhere.biz * C&C Server: 83.68.16.6:5190 * Server Password: * Username: jwnzny * Nickname: qRRfqWVX * Channel: (Password: ) * Channeltopic: * C&C Server: 83.68.16.6:5190 * Server Password: * Username: jwnzny * Nickname: qRRfqWVX * Channel: #las6 (Password: ) * Channeltopic: : Registry Changes by all processesCreate or Open Changes HKEY_CURRENT_USERSoftwarebcrypt “i” = [REG_DWORD, value:Read more...
xx.nadnadzz.info(VaneBot )
xx.nadnadzz.info:5190 Now talking in #mTopic On: [ #m ] [ =NuGITTP9xJfGNsT11y7ZTNlmnxwJ6cqiUAX70HX7sFxHUIpR833LVoJB7TaUK1Pzr6ddH/IiXKspDoGDbNVV2Gj3x/Y3qj1oQzyBsLjfUNELAMp ]Topic By: [ k1a3 ]Modes On: [ #m ] [ +smntSMCu ] Resolved : [xx.nadnadzz.info] To [67.43.236.67]
92.240.234.164(Mouse’s 100k botnet)
Remote Host Port Number92.240.234.164 3305 NICK P|hy4m13g8cUSER kv7ucu7y9 * 0 :USA|XP|601USERHOST P|hy4m13g8cMODE P|hy4m13g8cJOIN #mm RSAPRIVMSG #mm :+Cpiwe/Bec9E07RQ/c0vtb4S//EdYX/xXUDj093Z0X0JV7.c0puSW4.pimDm1LRefR1ZyBMf0vZEvo.KMXSW1c0M3m/Fwv310uA.y6/SUz0u/OGWL5.gwJqI.6pkc9.kty0t0KWEjq.nHZN20/qQ08.asyjW/qqA8J1QcT5G1 PASS secretpass Other details * The following ports were open in the system: Port Protocol Process69 UDP unwise_.exe (%FontsDir%unwise_.exe)1052 TCP unwise_.exe (%FontsDir%unwise_.exe)20620 TCP unwise_.exe (%FontsDir%unwise_.exe) Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate o HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftMRTRead more...
legend.rootyou.org(spybot server)
83.217.70.132:443 Nick: rrzhkUsername: rrzhkJoined Channel: #spybot with Password chanpassPrivate Message to Channel #spybot: “Version:spybot1.2c cpu: 0MHz. ram: 127MB total, 28MB free 77% in use os: Windows XP [Service Pack 3] (5.1, build 2600). uptime: 0d 0h 9m. Date: 02:Jul:2009 Time: 14:21:37 Current user: Administrator IP:192.168.0.2 Hostname:pc Windir: C:WINDOWS Systemdir: C:WINDOWSsystem32”Private Message to Channel #spybot: “KeyloggerRead more...
79.172.162.116
Host Name IP Address79.172.162.116 79.172.162.116Outgoing connection to remote server: 79.172.162.116 TCP port 3085DNS LookupHost Name IP Address79.172.162.116 79.172.162.116Outgoing connection to remote server: 79.172.162.116 TCP port 3085Outgoing connection to remote server: 79.172.162.116 TCP port 3085Outgoing connection to remote server: 79.172.162.116 TCP port 3085Outgoing connection to remote server: 79.172.162.116 TCP port 3085 Registry Changes by all processesCreateRead more...
irc.priv8net.com
Remote Host Port Number208.98.57.48 2201 NICK rpvlutUSER vafssj “” “kgq” :vafssjPONG :FDFA11A9JOIN #unf mksPONG :irc.priv8net.com PASS MSMS Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] + StubPath = “c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013iseL2.exe” so that iseL2.exe runs every time Windows starts * TheRead more...
load.h4ck.biz
User Name: nvvltpHost Name: 0Server Name: Real Name: N00|172|USA|XPSP3|Jim|XMPassword: l33tNick Name: N00|172|USA|XPSP3|Jim|XMNon RFC Conform: 1ChannelName: #v3#Password: fuckdTopic Deleted: :Notice Message DeletedValue: :leaf2.kredkrew.net NOTICE AUTH :*** Looking up your hostname… load.h4ck.biz 98.30.184.56 * C&C Server: 98.30.184.56:53381 * Server Password: * Username: inzv * Nickname: N00|10|DEU|XPSP3|Administrator|FF * Channel: #v3# (Password: fuckd) * Channeltopic: second server from sameRead more...
bb1.th3kings.net
bb1.th3kings.net 208.96.62.2 * C&C Server: 208.96.62.2:27034 * Server Password: * Username: XP-4565 * Nickname: [00|DEU|217387] * Channel: #!!kk!!# (Password: aaaaaaa) * Channeltopic: :.msn.msg Is this your Pictur? http://larvax.com/fotos.exe?= Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce “wextract_cleanup0” = rundll32.exe C:WINDOWSsystem32advpack.dll,DelNodeRunDLL32 “C:DOKUME~1ADMINI~1LOKALE~1TempIXP000.TMP”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Java Update” = fitnets.exe.exeReads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsRead more...
k2r.th3kings.net
k2r.th3kings.net 208.96.62.2 * C&C Server: 208.96.62.2:27034 * Server Password: * Username: XP-2677 * Nickname: [00|DEU|401746] * Channel: #!!kk!!# (Password: aaaaaaa) * Channeltopic: :.msn.msg Is this your Pictur? http://larvax.com/fotos.exe?= Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce “wextract_cleanup0” = rundll32.exe C:WINDOWSsystem32advpack.dll,DelNodeRunDLL32 “C:DOKUME~1ADMINI~1LOKALE~1TempIXP000.TMP”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Java Update” = buthass.exe.exeReads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsRead more...