Software: Apache. PHP/5.5.15 uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 SYSTEM Safe-mode: OFF (not secure) C:\Windows\Temp\ drwxrwxrwx | |
| Viewing file: Select action/file-type: ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=26724 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = srvmGetEnvVar pRequest->sprvm_rexec_req_msg_num_args = 1 pRequest->sprvm_rexec_req_msg_arg = PATH pRequest->sprvm_rexec_req_msg_arg[0] = PATH pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 11:52:59 Received a request from client srvmGetEnvVar args[0] = PATH writing < C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\; > ExeStat 0, Category 0 After call to WriteFile. totalWritten=67920, cbWritten=67920 ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=18528 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = sprvmGetInfo pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 11:55:16 Received a request from client sprvmGetInfo writing < > ExeStat 0, Category 0 After call to WriteFile. totalWritten=18768, cbWritten=18768 Failure in WriteFile [234] More data is available. ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=26724 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = C:\product\11.2.0\client_1\bin\getcrshome.exe pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 11:55:16 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe ---Started new thread--- 09/16/10 11:55:16 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe Exe: getcrshome.exe, Path: C:\product\11.2.0\client_1\bin\ About to call spawn with cmd [C:\product\11.2.0\client_1\bin\getcrshome.exe] writing < > ExeStat 1, Category 0 After call to WriteFile. totalWritten=67920, cbWritten=67920 ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=18528 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = sprvmGetInfo pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 11:59:54 Received a request from client sprvmGetInfo writing < > ExeStat 0, Category 0 After call to WriteFile. totalWritten=18768, cbWritten=18768 Failure in WriteFile [234] More data is available. ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=26724 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = C:\product\11.2.0\client_1\bin\getcrshome.exe pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 11:59:54 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe ---Started new thread--- 09/16/10 11:59:54 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe Exe: getcrshome.exe, Path: C:\product\11.2.0\client_1\bin\ About to call spawn with cmd [C:\product\11.2.0\client_1\bin\getcrshome.exe] writing < > ExeStat 1, Category 0 After call to WriteFile. totalWritten=67920, cbWritten=67920 ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=26724 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = C:\product\11.2.0\client_1\bin\getcrshome.exe pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 11:59:56 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe ---Started new thread--- 09/16/10 11:59:56 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe Exe: getcrshome.exe, Path: C:\product\11.2.0\client_1\bin\ About to call spawn with cmd [C:\product\11.2.0\client_1\bin\getcrshome.exe] writing < > ExeStat 1, Category 0 After call to WriteFile. totalWritten=67920, cbWritten=67920 ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=18528 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = sprvmGetInfo pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 12:17:27 Received a request from client sprvmGetInfo writing < > ExeStat 0, Category 0 After call to WriteFile. totalWritten=18768, cbWritten=18768 Failure in WriteFile [234] More data is available. ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=26724 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = C:\product\11.2.0\client_1\bin\getcrshome.exe pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 12:17:27 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe ---Started new thread--- 09/16/10 12:17:27 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe Exe: getcrshome.exe, Path: C:\product\11.2.0\client_1\bin\ About to call spawn with cmd [C:\product\11.2.0\client_1\bin\getcrshome.exe] writing < > ExeStat 1, Category 0 After call to WriteFile. totalWritten=67920, cbWritten=67920 ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=26724 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = C:\product\11.2.0\client_1\bin\getcrshome.exe pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 12:17:28 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe ---Started new thread--- 09/16/10 12:17:28 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe Exe: getcrshome.exe, Path: C:\product\11.2.0\client_1\bin\ About to call spawn with cmd [C:\product\11.2.0\client_1\bin\getcrshome.exe] writing < > ExeStat 1, Category 0 After call to WriteFile. totalWritten=67920, cbWritten=67920 ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=26724 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = C:\product\11.2.0\client_1\bin\getcrshome.exe pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 12:17:31 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe ---Started new thread--- 09/16/10 12:17:31 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe Exe: getcrshome.exe, Path: C:\product\11.2.0\client_1\bin\ About to call spawn with cmd [C:\product\11.2.0\client_1\bin\getcrshome.exe] writing < > ExeStat 1, Category 0 After call to WriteFile. totalWritten=67920, cbWritten=67920 ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=26724 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = C:\product\11.2.0\client_1\bin\getcrshome.exe pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 12:17:36 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe ---Started new thread--- 09/16/10 12:17:36 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe Exe: getcrshome.exe, Path: C:\product\11.2.0\client_1\bin\ About to call spawn with cmd [C:\product\11.2.0\client_1\bin\getcrshome.exe] writing < > ExeStat 1, Category 0 After call to WriteFile. totalWritten=67920, cbWritten=67920 ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=26724 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = C:\product\11.2.0\client_1\bin\getcrshome.exe pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 12:17:37 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe ---Started new thread--- 09/16/10 12:17:37 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe Exe: getcrshome.exe, Path: C:\product\11.2.0\client_1\bin\ About to call spawn with cmd [C:\product\11.2.0\client_1\bin\getcrshome.exe] writing < > ExeStat 1, Category 0 After call to WriteFile. totalWritten=67920, cbWritten=67920 ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=26724 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = C:\product\11.2.0\client_1\bin\getcrshome.exe pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 12:20:14 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe ---Started new thread--- 09/16/10 12:20:14 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe Exe: getcrshome.exe, Path: C:\product\11.2.0\client_1\bin\ About to call spawn with cmd [C:\product\11.2.0\client_1\bin\getcrshome.exe] writing < > ExeStat 1, Category 0 After call to WriteFile. totalWritten=67920, cbWritten=67920 ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=26724 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = C:\product\11.2.0\client_1\bin\getcrshome.exe pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 12:22:45 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe ---Started new thread--- 09/16/10 12:22:45 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe Exe: getcrshome.exe, Path: C:\product\11.2.0\client_1\bin\ About to call spawn with cmd [C:\product\11.2.0\client_1\bin\getcrshome.exe] writing < > ExeStat 1, Category 0 After call to WriteFile. totalWritten=67920, cbWritten=67920 ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=26724 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = C:\product\11.2.0\client_1\bin\getcrshome.exe pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 12:22:48 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe ---Started new thread--- 09/16/10 12:22:48 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe Exe: getcrshome.exe, Path: C:\product\11.2.0\client_1\bin\ About to call spawn with cmd [C:\product\11.2.0\client_1\bin\getcrshome.exe] writing < > ExeStat 1, Category 0 After call to WriteFile. totalWritten=67920, cbWritten=67920 ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=18528 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = sprvmGetInfo pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 15:57:19 Received a request from client sprvmGetInfo writing < > ExeStat 0, Category 0 After call to WriteFile. totalWritten=18768, cbWritten=18768 Failure in WriteFile [234] More data is available. ReadFile the pipe for req_info Total bytes read for req_info=20 req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3 Reading new request format from the pipe calling ReadFile... Total bytes read by ReadFile=26724 pRequest->sprvm_rexec_info.sprvm_info_versio = 3 pRequest->sprvm_rexec_req_msg_cmd = C:\product\11.2.0\client_1\bin\getcrshome.exe pRequest->sprvm_rexec_req_msg_num_args = 0 pRequest->sprvm_rexec_req_msg_arg = pRequest->sprvm_rexec_req_msg_num_envs = 0 09/16/10 15:57:19 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe ---Started new thread--- 09/16/10 15:57:19 Received a request from client C:\product\11.2.0\client_1\bin\getcrshome.exe Exe: getcrshome.exe, Path: C:\product\11.2.0\client_1\bin\ About to call spawn with cmd [C:\product\11.2.0\client_1\bin\getcrshome.exe] writing < > ExeStat 1, Category 0 After call to WriteFile. totalWritten=67920, cbWritten=67920 |
:: Command execute :: | |
--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]-- |