10/29-01:13:15.672965  [**] [1:299913:1] E2[rb] SHELLCODE x86 0x90 unicode NOOP [**] [Classification: Executable code was detected] [Priority: 1] {TCP} 118.87.20.81:15218 -> 192.168.1.201:135
10/29-01:13:15.969234  [**] [1:52123:3] E5[rb] REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner [**] [Classification: Successful Administrator Privilege Gain] [Priority: 1] {TCP} 192.168.1.201:1027 -> 118.87.20.81:707
10/29-01:13:18.421135  [**] [1:3001441:1] E3[rb] TFTP GET .exe from external source [**] [Classification: Successful Administrator Privilege Gain] [Priority: 1] {UDP} 192.168.1.201:1028 -> 118.87.20.81:69
10/29-01:13:18.421135  [**] [1:2008120:1] E3[rb] ET POLICY Outbound TFTP Read Request [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.1.201:1028 -> 118.87.20.81:69
10/29-01:13:18.421135  [**] [1:1444:3] E3[rb] TFTP GET from external source [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.1.201:1028 -> 118.87.20.81:69
10/29-01:13:19.459635  [**] [1:3001441:1] E3[rb] TFTP GET .exe from external source [**] [Classification: Successful Administrator Privilege Gain] [Priority: 1] {UDP} 192.168.1.201:1028 -> 118.87.20.81:69
10/29-01:13:19.459635  [**] [1:2008120:1] E3[rb] ET POLICY Outbound TFTP Read Request [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.1.201:1028 -> 118.87.20.81:69
10/29-01:13:19.459635  [**] [1:1444:3] E3[rb] TFTP GET from external source [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.1.201:1028 -> 118.87.20.81:69
10/29-01:13:43.696902  [**] [1:3001441:1] E3[rb] TFTP GET .exe from external source [**] [Classification: Successful Administrator Privilege Gain] [Priority: 1] {UDP} 192.168.1.201:1029 -> 118.87.20.81:69
10/29-01:13:43.696902  [**] [1:2008120:1] E3[rb] ET POLICY Outbound TFTP Read Request [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.1.201:1029 -> 118.87.20.81:69
10/29-01:13:43.696902  [**] [1:1444:3] E3[rb] TFTP GET from external source [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.1.201:1029 -> 118.87.20.81:69