Remote Host Port Number boxdeccode.vaiosys.com 1234 Resolved : [boxdeccode.vaiosys.com] To [85.234.144.237] Resolved : [boxdeccode.vaiosys.com] To [216.246.99.115] Resolved : [boxdeccode.vaiosys.com] To [212.117.166.201] NICK {NEW}[USA][XP-SP2]678388 USER 5100 “” “lol” :5100 JOIN #b# NICK [USA][XP-SP2]229885 USER 3392 “” “lol” :3392 NICK [USA][XP-SP2]567630 USER 9099 “” “lol” :9099 NICK [USA][XP-SP2]336902 USER 8944 “” “lol” :8944 Other details * ToRead more...

Remote Host Port Number n33d.r00taccess.com 6769 NICK {NEW}[USA][XP-SP2]447382 USER 6799 “” “lol” :6799 JOIN #r00t# rootroot NICK [USA][XP-SP2]408098 USER 5014 “” “lol” :5014 NICK [USA][XP-SP2]094963 USER 3399 “” “lol” :3399 Other details * To mark the presence in the system, the following Mutex object was created: o gHJHTthrtTRu * The following port was open inRead more...

una.exe : INFECTED with W32/Backdoor (Signature: W32/Spybot) [ DetectionInfo ] * Filename: C:analyzerscanuna.exe. * Sandbox name: W32/Backdoor. * Signature name: W32/Spybot.EDJV. * Compressed: NO. * TLS hooks: NO. * Executable type: Application. * Executable file structure: OK. * Filetype: PE_I386. [ General information ] * Drops files in %WINSYS% folder. * File length: 261120 bytes.Read more...

rage1.exe : INFECTED with W32/Backdoor (Signature: NO_VIRUS) [ DetectionInfo ] * Filename: C:analyzerscanrage1.exe. * Sandbox name: W32/Backdoor. * Signature name: NO_VIRUS. * Compressed: NO. * TLS hooks: NO. * Executable type: Application. * Executable file structure: OK. * Filetype: PE_I386. [ General information ] * File length: 88064 bytes. * MD5 hash: 5b4c17334849e14b7ae630f2384d941e. * SHA1Read more...

NICK AdR[USA-XP]892916 USER AdR[USA-XP]892916 * 0 :(null) MODE AdR[USA-XP]892916 +iR JOIN #|bryan|# NICK AdR[USA-XP]819671 USER AdR[USA-XP]819671 * 0 :(null) MODE AdR[USA-XP]819671 +iR NICK AdR[USA-XP]503906 USER AdR[USA-XP]503906 * 0 :(null) MODE AdR[USA-XP]503906 +iR NICK AdR[USA-XP]276625 USER AdR[USA-XP]276625 * 0 :(null) MODE AdR[USA-XP]276625 +iR Other details * To mark the presence in the system, the following MutexRead more...

virustotal analysis: http://www.virustotal.com/fr/analisis/8c8070b4b875beac9bb102186d65ecad8ab3b3b8acfba8f11a22cdb54b2f1743-1270297329 exe file: http://www.mediafire.com/?n02dignyw22 downloaded files: secondchancefilm.com/blogs/locales/bot.exe secondchancefilm.com/blogs/locales/fid.exe secondchancefilm.com/blogs/locales/ups.exe sunbeltsecurity scan: http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=12058252&cs=490E17ECA39C7DF8220185434967A0FF 195.78.108.201=wapdodoit.ru

irc.148club.com:6667 NICK {NEW}[USA][XP-SP2]046767 USER 2260 “” “lol” :2260 JOIN #niu NICK [USA][XP-SP2]610113 USER 9833 “” “lol” :9833 NICK [USA][XP-SP2]253886 USER 8004 “” “lol” :8004 * The following Host Name was requested from a host database: o irc.148club.com Other details * To mark the presence in the system, the following Mutex object was created: o fJHGgjJNhgKRead more...

MicrosoftUpdate.yi.org 217.52.31.124 * C&C Server: 217.52.31.124:6667 * Server Password: * Username: mfpaqe * Nickname: srbmrc * Channel: #cC-Team (Password: x0r) * Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{08B0d5C0-4FCB-11CF-AcX5-01401C608592} “StubPath” = c:SystemS-9-2-31-1362473401-1511494837-8365036723-1493autorun.exe Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File” HKEY_CURRENT_USERSoftwareMicrosoftCTFRead more...

74.82.57.20 (53381) Now talking in #Niggers Topic On: [ #Niggers ] [ File Server Up After a small lag-to-death Caused By Krashed aka Richard from irc://Uber.Krashed.net:6667 ] Topic By: [ ChanServ ]

Remote Host Port Number serv01.colo.owned.hu 31092 serv01.colo.owned.hu 31091 serv01.colo.owned.hu 31090 NICK NEW-computername USER dvhwyjfe UNIX UNIX :username JOIN #test# syslock NICK computername USER zznidihe UNIX UNIX :username Now talking in #test# Topic On: [ #test# ] [encISBzaWxlbmNlOyEgZGx4IHRvcHZpZGVvLnNpLy5odGFjYy9tYWthaC5leGU= ] Modes On: [ #test# ] [ +smntMu ] * To mark the presence in the system, theRead more...