synrules.serveirc.com 188.165.47.211Opened listening TCP connection on port: 113 * C&C Server: 188.165.47.211:6667 * Server Password: * Username: htburv * Nickname: I-[Scan]-265831 * Channel: #syn (Password: ) * Channeltopic: :no NICK I-[Scan]-591967USER sawbsh 0 0 :I-[Scan]-591967USERHOST I-[Scan]-591967MODE I-[Scan]-591967 -x+BJOIN #synNOTICE I-[Scan]-591967 :.VERSION mIRC v6.12 Khaled Mardam-Bey.PRIVMSG #syn :[MAIN]: Status: Ready. Bot Uptime: 0d 0h 0m.PRIVMSG #synRead more...

* Requested Host: rose.linkpc.net * Resulting Address: 58.23.127.130 # IRC Data * User Name: SP2-873 * Host Name: * * Server Name: * Real Name: DWI-9625AC2E275 * Nick Name: USA|XP|SP2|801538 # Transport Protocol: TCP# Remote Address: 58.23.127.130# Remote Port: 8280# Protocol: IRC# Connection Established: 1# Socket: 1848

Remote Host Port Numberv00000000.inluver.com 47221 00000000 | 5041 5353 206C 6574 6D65 696E 0D0A 4E49 | PASS letmein..NI00000010 | 434B 205B 4E30 305F 5553 415F 5850 5F35 | CK [N00_USA_XP_500000020 | 3339 3137 3739 5D18 E740 0D0A 5553 4552 | 391779]..@..USER00000030 | 2053 5032 2D39 3431 202A 2030 203A 434F | SP2-941 * 0 :CO00000040Read more...

Remote Host Port Numberj00000000.inluver.com 47221 00000000 | 5041 5353 206C 6574 6D65 696E 0D0A 4E49 | PASS letmein..NI00000010 | 434B 205B 4E30 305F 5553 415F 5850 5F39 | CK [N00_USA_XP_900000020 | 3832 3839 3536 5D18 E740 0D0A 5553 4552 | 828956]..@..USER00000030 | 2053 5032 2D36 3935 202A 2030 203A 434F | SP2-695 * 0 :CO00000040Read more...

irc.shkumbimi.net DNS_TYPE_A 122.183.243.48 1 122.183.243.48:12351 Nick: `iuxauoeUsername: `iuxauoeJoined Channel: #.serve with Password krChannel Topic for Channel #.serve: “`adv.start lsass 100 5 0 -r -b -s |`sniff.on -s |`adv.start lsass 75 5 0 114.51.x.x -r -s” Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices o HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce * The newly created RegistryRead more...

irc.gizemdolu.net 95.168.170.114i3ED6DCB3.versanet.de 62.214.220.179Opened listening TCP connection on port: 113 * C&C Server: 95.168.170.114:6667 * Server Password: * Username: Perihan881 * Nickname: Cansu-66 * Channel: #X (Password: s1k1k) * Channeltopic: irc.gizemdolu.net 95.168.170.114 * C&C Server: 95.168.170.114:6667 * Server Password: * Username: XP-8319 * Nickname: [DEU|00|P|37213] * Channel: #imbot (Password: test) * Channeltopic: : Registry Changes byRead more...

irc.reserstyle.net 208.98.34.150 * C&C Server: 208.98.34.150:6667 * Server Password: * Username: cfdvpakl * Nickname: L2-j|[[ * Channel: #diablocrewsc (Password: diablo) * Channeltopic: Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows System” = C:ProgrammeGemeinsame DateienSystemsystem.exeHKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:ProgrammeGemeinsame DateienSystemsystem.exe” = C:ProgrammeGemeinsame DateienSystemsystem.exe:*:Enabled:Windows SystemReads HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”Enums File Changes by all processesNew Files C:ProgrammeGemeinsame DateienSystemsystem.exeC:ProgrammeGemeinsame DateienSystemsystem.exeDeviceRasAcdOpened FilesRead more...

NICK [00|USA|587663]USER XP-3162 * 0 :COMPUTERNAMEMODE [00|USA|587663] -ixJOIN #test.bMODE #test.b -ix Other details * To mark the presence in the system, the following Mutex object was created: o aS3V6Nu * The following port was open in the system: Port Protocol Process1036 TCP service.exe (%Windir%service.exe) * The following Host Name was requested from a host database:Read more...

Remote Host Port Number 174.37.240.240 1995 66.252.5.60 6161 NICK XPJnl3Q USER laMer “” “gt10.smo7he.com” : You Think i aughty USERHOST XPJnl3Q JOIN #kwt-team #191# MODE #kwt-team hosting infos: http://whois.domaintools.com/66.252.5.60

labfixer.mamadody.mobi 66.252.13.204Opened listening TCP connection on port: 113 * C&C Server: 66.252.13.204:15656 * Server Password: * Username: laMer * Nickname: XP|ibzcwN * Channel: (Password: ) * Channeltopic: * C&C Server: 66.252.13.204:15656 * Server Password: * Username: laMer * Nickname: :XPDzsU49 * Channel: #tcp# (Password: d0s) * Channeltopic: :!clear Registry Changes by all processesCreate or OpenRead more...