User Name: nvvltpHost Name: 0Server Name: Real Name: N00|172|USA|XPSP3|Jim|XMPassword: l33tNick Name: N00|172|USA|XPSP3|Jim|XMNon RFC Conform: 1ChannelName: #v3#Password: fuckdTopic Deleted: :Notice Message DeletedValue: :leaf2.kredkrew.net NOTICE AUTH :*** Looking up your hostname… load.h4ck.biz 98.30.184.56 * C&C Server: 98.30.184.56:53381 * Server Password: * Username: inzv * Nickname: N00|10|DEU|XPSP3|Administrator|FF * Channel: #v3# (Password: fuckd) * Channeltopic: second server from sameRead more...

bb1.th3kings.net 208.96.62.2 * C&C Server: 208.96.62.2:27034 * Server Password: * Username: XP-4565 * Nickname: [00|DEU|217387] * Channel: #!!kk!!# (Password: aaaaaaa) * Channeltopic: :.msn.msg Is this your Pictur? http://larvax.com/fotos.exe?= Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce “wextract_cleanup0” = rundll32.exe C:WINDOWSsystem32advpack.dll,DelNodeRunDLL32 “C:DOKUME~1ADMINI~1LOKALE~1TempIXP000.TMP”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Java Update” = fitnets.exe.exeReads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsRead more...

k2r.th3kings.net 208.96.62.2 * C&C Server: 208.96.62.2:27034 * Server Password: * Username: XP-2677 * Nickname: [00|DEU|401746] * Channel: #!!kk!!# (Password: aaaaaaa) * Channeltopic: :.msn.msg Is this your Pictur? http://larvax.com/fotos.exe?= Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce “wextract_cleanup0” = rundll32.exe C:WINDOWSsystem32advpack.dll,DelNodeRunDLL32 “C:DOKUME~1ADMINI~1LOKALE~1TempIXP000.TMP”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Java Update” = buthass.exe.exeReads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsRead more...

bub.th3kings.net 217.148.32.202 * C&C Server: 217.148.32.202:27034 * Server Password: * Username: XP-1568 * Nickname: [00|DEU|051548] * Channel: #!!kk!!# (Password: aaaaaaa) * Channeltopic: :.msn.msg Is this your Pictur? http://th3bestgirl.com/fotos.exe?= * Private Message Deleted o Value: :Cs!XP@yes.gov PRIVMSG #!!kk!!# :.login yeste o Value: :Cs!XP@yes.gov PRIVMSG #!!kk!!# :.msn.msg Is this your Pictur? http://th3bestgirl.com/chek.exe?= Registry Changes by all processesCreateRead more...

Remote Host Port Number199.71.215.177 51987 MODE pLagUe{USA}91936 -ixJOIN #PlaguePONG CancerTreatmentCenter.orgPRIVMSG #Plague :New PC Infected. * The following port was open in the system: Port Protocol Process1052 TCP raidhost.exe (%Windir%raidhost.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + raidhost = “raidhost.exe” so that raidhost.exe runs every time Windows starts Memory Modifications *Read more...

Remote Host Port Number85.234.148.2 17402 Other details * The following port was open in the system: Port Protocol Process1050 TCP lsass.exe (%Windir%systemlsass.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + lsass = “lsass.exe” so that lsass.exe runs every time Windows starts Memory Modifications * There was a new process created inRead more...

* Unknown Connections o Host By Name: + Requested Host: love.blowingbabes.net + Resulting Address: 192.168.1.1 o Connection Established: 0 o Socket: 0 * UDP Connections o Send Datagram + Remote Address 192.168.1.1 + Remote Port: 6061 + Size: 7 o Receive Datagram + Local Port: 0 + Remote Address 192.168.1.1 + Remote Port: 6061 +Read more...

Remote Host Port Number112.78.219.146 80222.76.217.154 8098.126.125.202 47221 * The data identified by the following URLs was then requested from the remote web server: o http://www.nippon.to/cgi-bin/prxjdg.cgi o http://www.cooleasy.com/cgi-bin/prxjdg.cgi PRIVMSG [N00_USA_XP_3663@ :scan// Trying to get external IP.@ :scan// Random Port Scan started on 192.168.x.x:445 with a delay of 5 seconds for 0 minutes using 25 threads.@ :scan//Read more...

Remote Host Port Number112.78.219.146 80222.76.217.154 80195.190.13.163 47221 * The data identified by the following URLs was then requested from the remote web server: o http://www.nippon.to/cgi-bin/prxjdg.cgi o http://www.cooleasy.com/cgi-bin/prxjdg.cgi MODE [N00_USA_XP_2766612]@ -ixPRIVMSG [N00_USA_XP_2766@ :scan// Trying to get external IP.@ :scan// Random Port Scan started on 192.x.x.x:445 with a delay of 5 seconds for 0 minutes using 25Read more...

Remote Host Port Number 116.114.20.98 80 119.42.233.243 80 202.110.64.130 80 202.110.64.140 80 220.181.68.221 80 221.204.231.66 80 221.204.231.91 80 221.9.252.248 80 221.9.252.251 80 221.9.252.252 80 218.6.8.204 6688 ircd here 61.137.190.246 6688 ircd here 222.35.250.32 6060 ircd here 222.35.250.56 21 222.35.250.56 23793 USER FunshionSoftC PASS ZhiMaKaiMenC for the ftp on port 21