Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Trojan.MulDrop9.30818

Added to the Dr.Web virus database: 2019-07-17

Virus description added:

Technical Information

Modifies file system
Creates the following files
  • %TEMP%\sce19479.tmp
  • %TEMP%\sec.log
  • %TEMP%\screensaver.log
  • %TEMP%\adsutilenumall.vbs
  • %TEMP%\regulariisitem.vbs
  • <SYSTEM32>\10.0.67.8_<File name>_chk.xml
Deletes the following files
  • %TEMP%\sce19479.tmp
  • %TEMP%\sec.log
  • %TEMP%\screensaver.log
  • %TEMP%\adsutilenumall.vbs
  • %TEMP%\regulariisitem.vbs
Miscellaneous
Creates and executes the following
  • '<SYSTEM32>\cscript.exe' %TEMP%\RegularIISItem.vbs n MaxConnections
  • '<SYSTEM32>\cscript.exe' //nologo %TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cscript.exe' %TEMP%\RegularIISItem.vbs y ScriptMaps
  • '<SYSTEM32>\cscript.exe' %TEMP%\RegularIISItem.vbs y EnableDirBrowsing
  • '<SYSTEM32>\cscript.exe' %TEMP%\RegularIISItem.vbs y path
  • '<SYSTEM32>\cscript.exe' %TEMP%\RegularIISItem.vbs y AccessFlags
  • '<SYSTEM32>\cmd.exe' /c echo If (Err.Number ^<^> 0) Then Err.Clear>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo For Each ChildObject In IIsObject>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If (Err.Number ^<^> 0) Then Exit For>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo ChildObjectName = Right(ChildObject.AdsPath, Len(ChildObject.AdsPath) - 6)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo ChildObjectName = Right(ChildObjectName, Len(ChildObjectName) - InStr(ChildObjectName, "/") + 1)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo if 1 = RegExpTest("^\/w3svc(\/\d+(\/root)?)?$", ChildObjectName).Count then>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo "[" ^& ChildObjectName ^& "]">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If ChildObjectName ^<^> "" Then EnumCommand = EnumCommand(ChildObjectName)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo elseif 1 = RegExpTest("^(\/smtpsvc|\/msftpsvc)$", ChildObjectName).Count then>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo bInRoot = LCase(WScript.arguments(0))>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo EnumCommand "">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Next>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo AttrName = WScript.arguments(1)>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo function RegExpTest(pattern, strng)>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo set regEx = new RegExp>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo regEx.Pattern = pattern>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo regEx.IgnoreCase = True>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Next>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo end if>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo End If>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo " """ ^& ValueList(ValueIndex) ^& """">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo regEx.Global = True>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& " : " ^& "(" ^& PropertyDataType ^& ") " ^& ValueList>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Case "INTEGER">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") " ^& UnsignedIntegerToString(ValueList)>>...' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& " : " ^& "(" ^& PropertyDataType ^& ") " ^& UnsignedIntegerToString(ValueList)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Case "BOOLEAN">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Case "LIST">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") (" ^& (UBound (ValueList) + 1) ^& " Items...' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo ValueList = ValueList ^& ValueListArray(ValueIndex) ^& " ">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") " ^& ValueList>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& " : " ^& "(" ^& PropertyDataType ^& ") (" ^& (UBound (ValueList) + 1) ^& " Items)">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Case "IPSEC">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") " ^& CStr(ValueList)>>%TEMP%\adsutilenuma...' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& " : " ^& "(" ^& PropertyDataType ^& ") " ^& CStr(ValueList)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Case Else>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If 0 = StrComp("MIMEMAP",PropertyName, 1) Then>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo MimeMapGet ObjectPath, MachineName>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo "DataType: " ^& """" ^& PropertyObject.Syntax ^& """" ^& " Not Yet Supported on property: " ^& PropertyName>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo For ValueIndex = 0 To UBound(ValueList)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo End Select>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo End If>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo set RegExpTest = regEx.Execute(strng)>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo set StdIn = WScript.StdIn>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo loop>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo if "y" ^<^> bInRoot then>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo NamePattern = "^\[\/w3svc\/\d+\]">>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo else>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo NamePattern = "^\[\/w3svc\/\d+\/root\]">>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo end if>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo for each key in SiteDict>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo if 1 = RegExpTest(NamePattern, key).Count then>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo end if>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo if SiteDict.Item(key).Exists(LCase(AttrName)) then>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo elseif SiteDict.Item("[/w3svc]").Exists(LCase(AttrName)) then>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo AttrValue = SiteDict.Item("[/w3svc]").Item(LCase(AttrName))>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo else>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo AttrValue = """NotConfig""">>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo if "y" = bInRoot then key = Left(key, Len(key) - 6) + "]">>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo key ^& "(" ^& SiteDict.Item(key).Item("servercomment") ^& "):" ^& AttrName ^& "=" ^& AttrValue>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo next>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c cscript //nologo %TEMP%\adsutilenumall.vbs > %TEMP%\bvs_iis.log' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo AttrValue = SiteDict.Item(key).Item(LCase(AttrName))>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo end if>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo SiteDict.Item(CurSite).Item(CurAttr) = SiteDict.Item(CurSite).Item(CurAttr) ^& ";" ^& LTrim(str)>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo For ValueIndex = 0 To UBound(ValueListArray)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo CurSite = "">>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo CurAttr = "">>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo ValueList = "0x">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo do while not StdIn.AtEndOfStream>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo str = LCase(StdIn.ReadLine)>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo if 1 = RegExpTest("^\[\/w3svc", str).Count then>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo set AttrDict = CreateObject("Scripting.Dictionary")>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo CurSite = str>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo SiteDict.Add CurSite, AttrDict>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo elseif "" ^<^> CurSite then>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo set sections = RegExpTest("(\S+)\s*:\s*\(\S+\)\s*(\S.*)", str)>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo if 1 = sections.Count then>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo ColonPos = InStr(1, str, ":", 1)>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo StrLeft = Left(str, ColonPos - 1)>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo StrRight = Right(str, Len(str) - ColonPos)>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo SubMatches0 = Trim(StrLeft)>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo SubMatches1 = Trim(Right(StrRight, Len(StrRight) - InStr(1, StrRight, ")", 1)))>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo CurAttr = SubMatches0>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo if not SiteDict.Item(CurSite).Exists(CurAttr) then SiteDict.Item(CurSite).Add CurAttr, SubMatches1>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo end function>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Set IIsSchemaObject = GetObject(IIsObject.Schema)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Case "BINARY">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo set SiteDict = CreateObject("Scripting.Dictionary")>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If not (PropertyAttribObj.IsInherit) Then>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Set PropertyAttribObj = IIsObject.GetPropertyAttribObj(PropertyName)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo MimeOutPutStr = "MimeMap : (MimeMapList) ">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo For MimeEntryIndex = 0 To UBound(MimeMapList)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Set MimeEntry = MimeMapList(MimeEntryIndex)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo MimeOutPutStr = MimeOutPutStr ^& """" ^& MimeEntry.Extension ^& "," ^& MimeEntry.MimeType ^& """ ">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Next>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo MimeOutPutStr>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Function IsSecureProperty(ObjectParameter,MachineName)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Set PropObj = GetObject("IIS://" ^& MachineName ^& "/schema/" ^& ObjectParameter)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo MimeMapList = MimeMapObject.Get("MimeMap")>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Attribute = PropObj.Secure>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo IsSecureProperty = True>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Else>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo IsSecureProperty = False>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo End If>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Function UnsignedIntegerToString(ValueData)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo UnsignedIntegerToString = ValueData>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo DataPath = DataPathList(0)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo UnsignedIntegerToString = CStr(UnsignedIntegerToString)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If (Attribute = True) Then>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If (UBound(DataPathList) ^< 0) Then Exit Function>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If (UnsignedIntegerToString ^< 0) Then UnsignedIntegerToString = UnsignedIntegerToString + ^4294967296>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c reg query "HKCU\Control Panel\Desktop" /v ScreenSaveTimeout > %TEMP%\screensaver.log' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c reg query "HKCU\Control Panel\Desktop" /v ScreenSaveActive >> %TEMP%\screensaver.log' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c reg query "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v IPEnableRouter >> %TEMP%\screensaver.log' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Spacer = " ">%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo SpacerSize = Len(Spacer)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo function RegExpTest(pattern, strng)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo set regEx = new RegExp>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo regEx.Pattern = pattern>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo regEx.IgnoreCase = True>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo regEx.Global = True>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Function MimeMapGet(ObjectPath, MachineName)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo end function>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c reg query "HKCU\Control Panel\Desktop" /v ScreenSaverIsSecure >> %TEMP%\screensaver.log' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo On Error Resume Next>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo MimePath = "IIS://" ^& MachineName>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If ObjectPath ^<^> "" Then MimePath = MimePath ^& "/" ^& ObjectPath>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Set MimeMapObject = GetObject(MimePath)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If (Err.Number ^<^> 0) Then Exit Function>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If Err.Number ^<^> 0 Then DataPathList = IIsObject.GetDataPaths(MimeMap, 0)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo set RegExpTest = regEx.Execute(strng)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo DataPathList = MimeMapObject.GetDataPaths("MimeMap", 1)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Sub SanitizePath(ObjectPath)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If (Err.Number ^<^> 0) Then WScript.Echo "Error trying to enumerate the Optional properties (Couldn't Get Property Information): " ^& PropertyObjPath>>%TEMP%\adsutil...' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Set PropertyObject = GetObject("IIS://" ^& MachineName ^& "/Schema/" ^& PropertyName)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If UCase(DataPath) ^<^> UCase(MimePath) Then Exit Function>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo PropertyDataType = UCase(PropertyObject.Syntax)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Select Case PropertyDataType>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Case "STRING">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo ValueList = IIsObject.Get(PropertyName)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If (IsSecureProperty(PropertyName,MachineName) = True) Then>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") " ^& """" ^& "**********" ^& """">>%TEMP%...' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Else>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If (Len(PropertyName) ^< SpacerSize) Then>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") """ ^& ValueList ^& """">>%TEMP%\adsu...' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Else>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& " : " ^& "(" ^& PropertyDataType ^& ")" ^& """" ^& ValueList ^& """">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo End If>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo End If>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Case "EXPANDSZ">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If (Len(PropertyName) ^< SpacerSize) Then>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") """ ^& ValueList ^& """">>%TEMP%\adsutile...' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& " : " ^& "(" ^& PropertyDataType ^& ") """ ^& ValueList ^& """">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo elseif 1 = RegExpTest("^\s+", str).Count then>>%TEMP%\RegularIISItem.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If (Err.Number = 0) Then>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo SanitizePath DataPath>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Err.Clear>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If Left(ObjectPath, 1) = "/" Then ObjectPath = Right(ObjectPath, Len(ObjectPath) - 1)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If Right(ObjectPath, 1) = "/" Then ObjectPath = Left(ObjectPath, Len(ObjectPath) - 1)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo End Sub>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Function EnumCommand(StartPath)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo ObjectPath = StartPath>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo SanitizePath ObjectPath>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo MachineName = "localhost">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo IIsObjectPath = "IIS://" ^& MachineName>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If (ObjectPath ^<^> "") Then IIsObjectPath = IIsObjectPath ^& "/" ^& ObjectPath>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo ValueListArray = IIsObject.Get(PropertyName)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo Set IIsObject = GetObject(IIsObjectPath)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo ReDim PropertyListSet(1)>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo PropertyListSet(0) = IIsSchemaObject.MandatoryProperties>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo PropertyListSet(1) = IIsSchemaObject.OptionalProperties>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo If TypeName (PropertyListSet(1)) ^<^> "Variant()" Then>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo "Warning: The optionalproperties list is of an invalid type">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo ElseIf (UBound (PropertyListSet(1)) = -1) Then>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo "Warning: The OptionalProperties list for this node is empty.">>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo For Each PropertyList In PropertyListSet>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo For Each PropertyName In PropertyList>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c echo ObjectPath = Replace(Trim(ObjectPath), "\", "/")>>%TEMP%\adsutilenumall.vbs' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c secedit /export /cfg %TEMP%\sec.log' (with hidden window)
Executes the following
  • '<SYSTEM32>\cmd.exe' /c secedit /export /cfg %TEMP%\sec.log
  • '<SYSTEM32>\cmd.exe' /c echo NamePattern = "^\[\/w3svc\/\d+\/root\]">>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo end if>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo for each key in SiteDict>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo if 1 = RegExpTest(NamePattern, key).Count then>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo if SiteDict.Item(key).Exists(LCase(AttrName)) then>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo AttrValue = SiteDict.Item(key).Item(LCase(AttrName))>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo elseif SiteDict.Item("[/w3svc]").Exists(LCase(AttrName)) then>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo AttrValue = SiteDict.Item("[/w3svc]").Item(LCase(AttrName))>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo else>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo AttrValue = """NotConfig""">>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo if "y" = bInRoot then key = Left(key, Len(key) - 6) + "]">>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo key ^& "(" ^& SiteDict.Item(key).Item("servercomment") ^& "):" ^& AttrName ^& "=" ^& AttrValue>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo next>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo CurSite = str>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c cscript //nologo %TEMP%\adsutilenumall.vbs > %TEMP%\bvs_iis.log
  • '<SYSTEM32>\cmd.exe' /S /D /c" type %TEMP%\sec.log"
  • '<SYSTEM32>\find.exe' /i "AuditProcessTracking"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\sec.log|find /i "AuditAccountManage"
  • '<SYSTEM32>\find.exe' /i "AuditAccountManage"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\sec.log|find /i "AuditSystemEvents"
  • '<SYSTEM32>\find.exe' /i "AuditSystemEvents"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\sec.log|find /i "AuditDSAccess"
  • '<SYSTEM32>\find.exe' /i "AuditDSAccess"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\sec.log|find /i "AuditPrivilegeUse"
  • '<SYSTEM32>\find.exe' /i "AuditPrivilegeUse"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\sec.log|find /i "AuditObjectAccess"
  • '<SYSTEM32>\find.exe' /i "AuditObjectAccess"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\sec.log | find "AuditAccountLogon"
  • '<SYSTEM32>\cmd.exe' /c echo NamePattern = "^\[\/w3svc\/\d+\]">>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo else>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo if "y" ^<^> bInRoot then>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo loop>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo end if>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo set regEx = new RegExp>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo regEx.Pattern = pattern>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo regEx.IgnoreCase = True>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo regEx.Global = True>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo set RegExpTest = regEx.Execute(strng)>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo end function>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo set SiteDict = CreateObject("Scripting.Dictionary")>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo CurSite = "">>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo CurAttr = "">>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo set StdIn = WScript.StdIn>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo do while not StdIn.AtEndOfStream>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo str = LCase(StdIn.ReadLine)>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo if 1 = RegExpTest("^\[\/w3svc", str).Count then>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /S /D /c" type %TEMP%\sec.log "
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\sec.log|find /i "AuditProcessTracking"
  • '<SYSTEM32>\cmd.exe' /c echo set AttrDict = CreateObject("Scripting.Dictionary")>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo elseif "" ^<^> CurSite then>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo set sections = RegExpTest("(\S+)\s*:\s*\(\S+\)\s*(\S.*)", str)>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo if 1 = sections.Count then>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo ColonPos = InStr(1, str, ":", 1)>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo StrLeft = Left(str, ColonPos - 1)>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo StrRight = Right(str, Len(str) - ColonPos)>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo SubMatches0 = Trim(StrLeft)>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo SubMatches1 = Trim(Right(StrRight, Len(StrRight) - InStr(1, StrRight, ")", 1)))>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo CurAttr = SubMatches0>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo if not SiteDict.Item(CurSite).Exists(CurAttr) then SiteDict.Item(CurSite).Add CurAttr, SubMatches1>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo elseif 1 = RegExpTest("^\s+", str).Count then>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo SiteDict.Item(CurSite).Item(CurAttr) = SiteDict.Item(CurSite).Item(CurAttr) ^& ";" ^& LTrim(str)>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo end if>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo function RegExpTest(pattern, strng)>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo SiteDict.Add CurSite, AttrDict>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\find.exe' "AuditAccountLogon"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .idq" | cscript %TEMP%\RegularIISItem.vbs y ScriptMaps
  • '<SYSTEM32>\cmd.exe' /S /D /c" type %TEMP%\bvs_iis.log "
  • '<SYSTEM32>\findstr.exe' /i "^\[/msftpsvc\]"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .idc" | cscript %TEMP%\RegularIISItem.vbs y ScriptMaps
  • '<SYSTEM32>\findstr.exe' /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .idc"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .stm" | cscript %TEMP%\RegularIISItem.vbs y ScriptMaps
  • '<SYSTEM32>\findstr.exe' /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .stm"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .htw" | cscript %TEMP%\RegularIISItem.vbs y ScriptMaps
  • '<SYSTEM32>\findstr.exe' /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .htw"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .htr" | cscript %TEMP%\RegularIISItem.vbs y ScriptMaps
  • '<SYSTEM32>\findstr.exe' /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .htr"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[ HttpErrors"
  • '<SYSTEM32>\findstr.exe' /i "^\[ HttpErrors"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\sec.log|find /i "MinimumPasswordLength"
  • '<SYSTEM32>\find.exe' /i "MinimumPasswordLength"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\sec.log|find /i "PasswordComplexity"
  • '<SYSTEM32>\cmd.exe' /c cmd /c wmic useraccount where "Disabled=FALSE and Domain='xrfvbnv'" get name | find /v /i "name" | find /i /v /n ""
  • '<SYSTEM32>\cmd.exe' /c echo AttrName = WScript.arguments(1)>>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c wmic useraccount where "Disabled=FALSE and Domain='xrfvbnv'" get name
  • '<SYSTEM32>\find.exe' /v /i "name"
  • '<SYSTEM32>\find.exe' /i /v /n ""
  • '<SYSTEM32>\wbem\wmic.exe' useraccount where "Disabled=FALSE and Domain='xrfvbnv'" get name
  • '<SYSTEM32>\cmd.exe' /c type <SYSTEM32>\inetsrv\metabase.xml | find /i "WebDAV"
  • '<SYSTEM32>\find.exe' /i "WebDAV"
  • '<SYSTEM32>\cmd.exe' /c (if not exist %TEMP%\sec.log secedit /export /cfg %TEMP%\sec.log) && type %TEMP%\sec.log | find /i "EnableGuestAccount"
  • '<SYSTEM32>\find.exe' /i "EnableGuestAccount"
  • '<SYSTEM32>\cmd.exe' /c wmic os get version, ServicePackMajorVersion | find /i /v "Version"
  • '<SYSTEM32>\wbem\wmic.exe' os get version, ServicePackMajorVersion
  • '<SYSTEM32>\find.exe' /i /v "Version"
  • '<SYSTEM32>\cmd.exe' /c wmic qfe get hotfixid | find /i /v "hotfixid" | find /i /v /n "" | find "[10]" && echo yes
  • '<SYSTEM32>\wbem\wmic.exe' qfe get hotfixid
  • '<SYSTEM32>\find.exe' /i /v "hotfixid"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/msftpsvc\]" || echo NotInstalled
  • '<SYSTEM32>\find.exe' /i "1,%WINDIR%\Microsoft.NET\"
  • '<SYSTEM32>\findstr.exe' /i "^\[/smtpsvc\]"
  • '<SYSTEM32>\cmd.exe' /c type <SYSTEM32>\inetsrv\metabase.xml | find /i "1,%WINDIR%\Microsoft.NET\"
  • '<SYSTEM32>\findstr.exe' /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .idq"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\sec.log | find "AuditLogonEvents"
  • '<SYSTEM32>\find.exe' "AuditLogonEvents"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\sec.log | find "AuditPolicyChange"
  • '<SYSTEM32>\find.exe' "AuditPolicyChange"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\sec.log
  • '<SYSTEM32>\cmd.exe' /c if exist "<SYSTEM32>\inetsrv\iisadmpwd" (echo exist) else (echo noexist)
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment AccessFlags" | cscript %TEMP%\RegularIISItem.vbs y AccessFlags
  • '<SYSTEM32>\findstr.exe' /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment AccessFlags"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment path" | cscript %TEMP%\RegularIISItem.vbs y path
  • '<SYSTEM32>\findstr.exe' /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment path"
  • '<SYSTEM32>\cmd.exe' /c type <SYSTEM32>\inetsrv\metabase.xml | find /i "accesssslflags="
  • '<SYSTEM32>\cmd.exe' /S /D /c" type <SYSTEM32>\inetsrv\metabase.xml "
  • '<SYSTEM32>\find.exe' /i "accesssslflags="
  • '<SYSTEM32>\find.exe' "[10]"
  • '<SYSTEM32>\findstr.exe' /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .printer"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment EnableDirBrowsing" | cscript %TEMP%\RegularIISItem.vbs y EnableDirBrowsing
  • '<SYSTEM32>\findstr.exe' /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment EnableDirBrowsing"
  • '<SYSTEM32>\cmd.exe' /c if exist "<SYSTEM32>\inetsrv\iisadmin" (echo exist) else (echo noexist)
  • '<SYSTEM32>\cmd.exe' /c if exist "%CommonProgramFiles%\System\msadc\Samples" (echo exist) else (echo noexist)
  • '<SYSTEM32>\cmd.exe' /c if exist "<SYSTEM32>\inetsrv\adminsamples" (echo exist) else (echo noexist)
  • '<SYSTEM32>\cmd.exe' /c if exist "C:\inetpub\iissamples" (echo exist) else (echo noexist)
  • '<SYSTEM32>\cmd.exe' /c if exist "C:\inetpub\AdminScripts" (echo exist) else (echo noexist)
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .shtml" | cscript %TEMP%\RegularIISItem.vbs y ScriptMaps
  • '<SYSTEM32>\findstr.exe' /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .shtml"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .ida" | cscript %TEMP%\RegularIISItem.vbs y ScriptMaps
  • '<SYSTEM32>\findstr.exe' /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .ida"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] servercomment MaxConnections" | cscript %TEMP%\RegularIISItem.vbs n MaxConnections
  • '<SYSTEM32>\findstr.exe' /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] servercomment MaxConnections"
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/W3SVC\] \[/W3SVC/[0-9]*\] \[/W3SVC/[0-9]*/ROOT\] servercomment ScriptMaps .printer" | cscript %TEMP%\RegularIISItem.vbs y ScriptMaps
  • '<SYSTEM32>\cmd.exe' /c type %TEMP%\bvs_iis.log | findstr /i "^\[/smtpsvc\]" || echo NotInstalled
  • '<SYSTEM32>\find.exe' /i "PasswordComplexity"
  • '<SYSTEM32>\cmd.exe' /c echo bInRoot = LCase(WScript.arguments(0))>%TEMP%\RegularIISItem.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If 0 = StrComp("MIMEMAP",PropertyName, 1) Then>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Next>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo MimeOutPutStr>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Function IsSecureProperty(ObjectParameter,MachineName)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Set PropObj = GetObject("IIS://" ^& MachineName ^& "/schema/" ^& ObjectParameter)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Attribute = PropObj.Secure>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If (Attribute = True) Then>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo IsSecureProperty = True>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Else>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo IsSecureProperty = False>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo End If>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Function UnsignedIntegerToString(ValueData)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo UnsignedIntegerToString = ValueData>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If (UnsignedIntegerToString ^< 0) Then UnsignedIntegerToString = UnsignedIntegerToString + ^4294967296>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo regEx.Global = True>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo UnsignedIntegerToString = CStr(UnsignedIntegerToString)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo ObjectPath = Replace(Trim(ObjectPath), "\", "/")>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If Left(ObjectPath, 1) = "/" Then ObjectPath = Right(ObjectPath, Len(ObjectPath) - 1)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If Right(ObjectPath, 1) = "/" Then ObjectPath = Left(ObjectPath, Len(ObjectPath) - 1)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo End Sub>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Function EnumCommand(StartPath)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo ObjectPath = StartPath>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo SanitizePath ObjectPath>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo MachineName = "localhost">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo IIsObjectPath = "IIS://" ^& MachineName>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If (ObjectPath ^<^> "") Then IIsObjectPath = IIsObjectPath ^& "/" ^& ObjectPath>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Set IIsObject = GetObject(IIsObjectPath)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Set IIsSchemaObject = GetObject(IIsObject.Schema)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo ReDim PropertyListSet(1)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Set MimeEntry = MimeMapList(MimeEntryIndex)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo MimeOutPutStr = MimeOutPutStr ^& """" ^& MimeEntry.Extension ^& "," ^& MimeEntry.MimeType ^& """ ">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo For MimeEntryIndex = 0 To UBound(MimeMapList)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo MimeOutPutStr = "MimeMap : (MimeMapList) ">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo MimeMapList = MimeMapObject.Get("MimeMap")>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c reg query "HKCU\Control Panel\Desktop" /v ScreenSaveTimeout > %TEMP%\screensaver.log
  • '<SYSTEM32>\reg.exe' query "HKCU\Control Panel\Desktop" /v ScreenSaveTimeout
  • '<SYSTEM32>\cmd.exe' /c reg query "HKCU\Control Panel\Desktop" /v ScreenSaverIsSecure >> %TEMP%\screensaver.log
  • '<SYSTEM32>\reg.exe' query "HKCU\Control Panel\Desktop" /v ScreenSaverIsSecure
  • '<SYSTEM32>\cmd.exe' /c reg query "HKCU\Control Panel\Desktop" /v ScreenSaveActive >> %TEMP%\screensaver.log
  • '<SYSTEM32>\reg.exe' query "HKCU\Control Panel\Desktop" /v ScreenSaveActive
  • '<SYSTEM32>\cmd.exe' /c reg query "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v IPEnableRouter >> %TEMP%\screensaver.log
  • '<SYSTEM32>\reg.exe' query "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v IPEnableRouter
  • '<SYSTEM32>\cmd.exe' /c echo Spacer = " ">%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo SpacerSize = Len(Spacer)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo function RegExpTest(pattern, strng)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo set regEx = new RegExp>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo regEx.Pattern = pattern>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo PropertyListSet(0) = IIsSchemaObject.MandatoryProperties>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Sub SanitizePath(ObjectPath)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo regEx.IgnoreCase = True>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo end function>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Function MimeMapGet(ObjectPath, MachineName)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo On Error Resume Next>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo MimePath = "IIS://" ^& MachineName>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If ObjectPath ^<^> "" Then MimePath = MimePath ^& "/" ^& ObjectPath>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Set MimeMapObject = GetObject(MimePath)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If (Err.Number ^<^> 0) Then Exit Function>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo DataPathList = MimeMapObject.GetDataPaths("MimeMap", 1)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If Err.Number ^<^> 0 Then DataPathList = IIsObject.GetDataPaths(MimeMap, 0)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If (UBound(DataPathList) ^< 0) Then Exit Function>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo DataPath = DataPathList(0)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo SanitizePath DataPath>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If UCase(DataPath) ^<^> UCase(MimePath) Then Exit Function>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\secedit.exe' /export /cfg %TEMP%\sec.log
  • '<SYSTEM32>\cmd.exe' /c echo set RegExpTest = regEx.Execute(strng)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo PropertyListSet(1) = IIsSchemaObject.OptionalProperties>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If TypeName (PropertyListSet(1)) ^<^> "Variant()" Then>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo "Warning: The optionalproperties list is of an invalid type">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& " : " ^& "(" ^& PropertyDataType ^& ") " ^& ValueList>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Case "INTEGER">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") " ^& UnsignedIntegerToString(ValueList)>>...
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& " : " ^& "(" ^& PropertyDataType ^& ") " ^& UnsignedIntegerToString(ValueList)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Case "BOOLEAN">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Case "LIST">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") (" ^& (UBound (ValueList) + 1) ^& " Items...
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& " : " ^& "(" ^& PropertyDataType ^& ") (" ^& (UBound (ValueList) + 1) ^& " Items)">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo For ValueIndex = 0 To UBound(ValueList)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo " """ ^& ValueList(ValueIndex) ^& """">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Case "IPSEC">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") " ^& CStr(ValueList)>>%TEMP%\adsutilenuma...
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& " : " ^& "(" ^& PropertyDataType ^& ") " ^& CStr(ValueList)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Case Else>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo MimeMapGet ObjectPath, MachineName>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo EnumCommand "">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo "DataType: " ^& """" ^& PropertyObject.Syntax ^& """" ^& " Not Yet Supported on property: " ^& PropertyName>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo End Select>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo End If>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo End If>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Next>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If (Err.Number ^<^> 0) Then Err.Clear>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo For Each ChildObject In IIsObject>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If (Err.Number ^<^> 0) Then Exit For>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo ChildObjectName = Right(ChildObject.AdsPath, Len(ChildObject.AdsPath) - 6)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo ChildObjectName = Right(ChildObjectName, Len(ChildObjectName) - InStr(ChildObjectName, "/") + 1)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo if 1 = RegExpTest("^\/w3svc(\/\d+(\/root)?)?$", ChildObjectName).Count then>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo "[" ^& ChildObjectName ^& "]">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If ChildObjectName ^<^> "" Then EnumCommand = EnumCommand(ChildObjectName)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo elseif 1 = RegExpTest("^(\/smtpsvc|\/msftpsvc)$", ChildObjectName).Count then>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") " ^& ValueList>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") " ^& """" ^& "**********" ^& """">>%TEMP%...
  • '<SYSTEM32>\cmd.exe' /c echo Next>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If (IsSecureProperty(PropertyName,MachineName) = True) Then>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo ElseIf (UBound (PropertyListSet(1)) = -1) Then>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo "Warning: The OptionalProperties list for this node is empty.">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo For Each PropertyList In PropertyListSet>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo For Each PropertyName In PropertyList>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Err.Clear>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Set PropertyAttribObj = IIsObject.GetPropertyAttribObj(PropertyName)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If (Err.Number = 0) Then>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If not (PropertyAttribObj.IsInherit) Then>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Set PropertyObject = GetObject("IIS://" ^& MachineName ^& "/Schema/" ^& PropertyName)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If (Err.Number ^<^> 0) Then WScript.Echo "Error trying to enumerate the Optional properties (Couldn't Get Property Information): " ^& PropertyObjPath>>%TEMP%\adsutil...
  • '<SYSTEM32>\cmd.exe' /c echo PropertyDataType = UCase(PropertyObject.Syntax)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Select Case PropertyDataType>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Case "STRING">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo ValueList = IIsObject.Get(PropertyName)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo end if>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo For ValueIndex = 0 To UBound(ValueListArray)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Else>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If (Len(PropertyName) ^< SpacerSize) Then>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") """ ^& ValueList ^& """">>%TEMP%\adsu...
  • '<SYSTEM32>\cmd.exe' /c echo Else>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& " : " ^& "(" ^& PropertyDataType ^& ")" ^& """" ^& ValueList ^& """">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo End If>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo End If>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Case "EXPANDSZ">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo If (Len(PropertyName) ^< SpacerSize) Then>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& Left(Spacer, Len(Spacer) - Len(PropertyName)) ^& ": " ^& "(" ^& PropertyDataType ^& ") """ ^& ValueList ^& """">>%TEMP%\adsutile...
  • '<SYSTEM32>\cmd.exe' /c echo WScript.Echo PropertyName ^& " : " ^& "(" ^& PropertyDataType ^& ") """ ^& ValueList ^& """">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo Case "BINARY">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo ValueListArray = IIsObject.Get(PropertyName)>>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo ValueList = "0x">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c echo ValueList = ValueList ^& ValueListArray(ValueIndex) ^& " ">>%TEMP%\adsutilenumall.vbs
  • '<SYSTEM32>\cmd.exe' /c del /f/s/q %TEMP%\sec.log && del /f/s/q %TEMP%\screensaver.log && del /f/s/q %TEMP%\adsutilenumall.vbs && del /f/s/q %TEMP%\RegularIISItem.vbs && del /f/s/q %TEMP%\bvs_iis.log

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040