HardenSysvol

Report date: 11/27/2025 12:38:20

📊 Dashboard

🔍 Details

Domain

INFO.LAB

Scanned Files

221

Suspicious Files

Elapsed Time

00:00:23

Summary

Indicator Risk : 100

Top 5 Files
Name	Count
Zones_DNS2.docx	5
useradd.bat	3
adduser.vbs	3
Zones_DNS1.docx	3
Zones_DNS1.docx	3

Top 5 Reason
Name	Count
password	12
pass	10
Suspicious Image	9
requires_check	8
Commande Net User	6

Harden-Sysvol Version : 2.2.0
Release : 11/2025
Author : Dakhama Mehdi

Credit : HardenAD Community HardenAD
Credit : It-connect Community It-Connect
Thanks : Przemyslaw Klys Evotec for Module PSWriteHTML/PswriteOffice

Types of Extensions found
Name	Count
docx	5
bat	3
vbs	1
txt	1
xlsx	1
exe	4
doc	8
msi	4
bmp	4
csv	1
7z	1
zip	2
odp	2
jpg	9
pptx	1
png	1
reg	1
pdf	1
ico	1
ods	1
odt	1
pfx	2
xls	4

FilePath	Reason	Value	Created
\\INFO.LAB\sysvol\info.lab\Policies\{56D66B52-9F35-497C-B7D3-BF1B785E1CAA}\Machine\microsoft\windows nt\Audit\audit.csv	credential	,System,Audit Credential Validation,{0cce923f-69ae-11d9-bed3-505054503030},Success and Failure,,3	2022-01-03
\\INFO.LAB\sysvol\info.lab\scripts\Applis\7z1900-x64.msi	NotSigned	File is Not Signed	2020-10-28
\\INFO.LAB\sysvol\info.lab\scripts\certificat\bill03.pfx	Protected Certificate	"The specified network password is not correct.	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\certificat\pfx_pass.pfx	Protected Certificate	"The specified network password is not correct.	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\images\ctfexample (1).jpg	Suspicious Image	ZIP detected in pictures. Containing: got2.jpg	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\images\ctfexample.jpg	Suspicious Image	ZIP detected in pictures. Containing: got2.jpg	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\images\dog.jpg	Suspicious Image	ZIP detected in pictures. Containing: hidden_text.txt	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Applis\vlc-3.0.8-win64.msi	Large size	Size is so much, file ignored: (size: 53.35 MB)	2020-10-28
\\INFO.LAB\sysvol\info.lab\scripts\images\solitaire.jpg	check required	Binary does not match	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\openoffice\file_example_ODS_100.ods	password	at least 2 characters found	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\images\hiden.jpg	Suspicious Image	ZIP detected in pictures. Containing: trid.exe, readme.txt	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\images\hiden2.jpg	Suspicious Image	EXE file found in image with unexpected binary ending	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\images\imageexe.bmp	Suspicious Image	EXE file with '0000004000' string detected	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\openoffice\sample2.odt	password	at least 3 characters found	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\images\imagemsi.bmp	Suspicious Image	File MSI detected in the image	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\excel\file_example_XLSX_50.xlsx	pass	@{Value=password}	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\excel\file_example_XLSX_50.xlsx	password	@{Value=password}	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\excel\file_example_XLS_50.xls	error	You cannot call a method on a null-valued expression.	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\excel\Sample-Spreadsheet-100-rows.xls	error	You cannot call a method on a null-valued expression.	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\excel\Sample-Spreadsheet-10000-rows.xls	error	You cannot call a method on a null-valued expression.	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\word\Downloading Documents.doc	requires_check	Word is not installed	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\word\file-sample_100kB.doc	requires_check	Word is not installed	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\word\file-sample_1MB.doc	requires_check	Word is not installed	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\word\Sample-doc-file-1000kb.doc	requires_check	Word is not installed	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\word\Sample-doc-file-100kb.doc	requires_check	Word is not installed	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\word\Sample-doc-file-2000kb (1).doc	requires_check	Word is not installed	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\word\test.doc	requires_check	Word is not installed	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\file_example_XLS_1000.xls	error	You cannot call a method on a null-valued expression.	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\images\example (1).jpg	Suspicious Image	ZIP detected in pictures. Containing: secret.txt	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\images\example.jpg	Suspicious Image	ZIP detected in pictures. Containing: secret.txt	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\shavi-v1.msi	NotSigned	File is Not Signed	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\Zones_DNS.docx	pass	La taille des zones DNS pour les grandes entreprises ne dépasse généralement pas quelques KO, voire 4 ou 5 MO, ce qui nous permet d'avoir plusieurs sauvegardes sans risque d'occuper trop d'espace.	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\Zones_DNS.docx	pass	Cochez également la case "Exécuter même si l'utilisateur n'est pas connecté". Cela nécessitera la saisie du mot de passe. Il est recommandé d'utiliser un compte de service de type GMSA ou tout autre compte dédié aux tâches/scripts d'automatisation sur les contrôleurs de domaine	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\Zones_DNS1.docx	pass	La sauvegarde des contrôleurs de domaine avec différents outils (Veeam, Commvault, Windows Backup) ne permet de sauvegarder que le fichier en cours. passwords	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\Zones_DNS1.docx	pass	La taille des zones DNS pour les grandes entreprises ne dépasse généralement pas quelques KO, voire 4 ou 5 MO, ce qui nous permet d'avoir plusieurs sauvegardes sans risque d'occuper trop d'espace.	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\Zones_DNS1.docx	password	at least 2 characters found	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\Zones_DNS2.docx	auth	Authentification = coucou	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\Zones_DNS2.docx	auth	Authent	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\Zones_DNS2.docx	mdp	at least 2 characters found	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\Zones_DNS2.docx	pass	at least 2 characters found	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\Zones_DNS2.docx	password	at least 2 characters found	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Zip\Documents.7z	Zip protected	File protected by password	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Zip\au2mator 5.0.194.zip	Large size	Size is so much, file ignored: (size: 458.41 MB)	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Zip\Documents.zip	Zip protected	File protected by password	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\3.bmp	check required	Binary does not match	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\7IsD.exe	check required	Binary does not match	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\temp\BIMcollab Zoom 8.1 build 7.msi	Large size	Size is so much, file ignored: (size: 250.69 MB)	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\7z2301-x64 .doc	check required	Binary does not match	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\7z2301-x64.exe	NotSigned	File is Not Signed	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\7zip.reg	password	"Password"="C:\\Program Files\\7-Zip\\"	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\a8a0maxk9.png	Large size	File ignored: (size: 4.14 MB)	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Active Directory Security Self Assessment v1.4.pdf	\blogin\b	at least 1 characters found	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\ADcheck.ico	check required	Binary does not match	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\adduser.vbs	password	Dim strUserAccount, strFullName, strLastName, strFirstName, strMail, strPassword	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\adduser.vbs	password	strPassword = "P@ssw0rd"	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\adduser.vbs	password	objNewUser.SetPassword str	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Admin.bat	Commande Net User	net user user info /domain	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\file_example_ODP.odp	password	at least 2 characters found	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\laurent.txt	IPv4	ipadress = 192.168.10.10	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\laurent.txt	SHA-1	sha1=6153A6FA0E4880D9B8D0BE4720F78E895265D0A9	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\morskie-oko-tatry.jpg	Large size	Size is so much, file ignored: (size: 20.3 MB)	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\ppt.pptx	requires_check	Office is not installed	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Registry.bmp	check required	Binary does not match	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Sans nom 1.odp	password	at least 2 characters found	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\NetTools.exe	NotSigned	File is Not Signed	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\testbat.bat	Commande Net User	net user user info /domain	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\testbat.bat	Commande Net User	net use * \\s-dc\netlogon /Persistent:yes /user:username Pa$$W0rd	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\useradd.bat	Commande Net User	net user user info /domain	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\useradd.bat	Commande Net User	net user user2 info /add	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\useradd.bat	Commande Net User	net user /add user3 info1	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Vhd2disk.exe	NotSigned	File is Not Signed	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Zones_DNS.docx	pass	La taille des zones DNS pour les grandes entreprises ne dépasse généralement pas quelques KO, voire 4 ou 5 MO, ce qui nous permet d'avoir plusieurs sauvegardes sans risque d'occuper trop d'espace.	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Zones_DNS.docx	pass	Cochez également la case "Exécuter même si l'utilisateur n'est pas connecté". Cela nécessitera la saisie du mot de passe. Il est recommandé d'utiliser un compte de service de type GMSA ou tout autre compte dédié aux tâches/scripts d'automatisation sur les contrôleurs de domaine	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Zones_DNS1.docx	pass	La sauvegarde des contrôleurs de domaine avec différents outils (Veeam, Commvault, Windows Backup) ne permet de sauvegarder que le fichier en cours. passwords	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Zones_DNS1.docx	pass	La taille des zones DNS pour les grandes entreprises ne dépasse généralement pas quelques KO, voire 4 ou 5 MO, ce qui nous permet d'avoir plusieurs sauvegardes sans risque d'occuper trop d'espace.	2024-10-25
\\INFO.LAB\sysvol\info.lab\scripts\Zones_DNS1.docx	password	at least 2 characters found	2024-10-25

Suspicious Shares
DC	Share	Type	ACL	Reason	Comment
DC-1.info.lab	CertEnroll	Disk	Clean	-	Partage de services de certificats Active Directory
DC-1.info.lab	Dossier-de-travail	Disk	WrongACL	AUTORITE NT\SERVICE LOCAL has '268435456, FullControl'
DC-1.info.lab	Dossier-de-travail	Disk	WrongACL	INFO\Utilisateurs du domaine has 'WriteAttributes'
DC-1.info.lab	Dossier-de-travail	Disk	WrongACL	INFO\mehdi has 'WriteAttributes'
DC-1.info.lab	REMINST	Disk	WrongACL	S-1-5-80-1688844526-3235337491-1375791646-891369040-3692469510 has 'FullControl'	Partage des services de déploiement Windows
DC-1.info.lab	Share	Disk	Clean	-
DC-1.info.lab	share2	Disk	Clean	-
DC-1.info.lab	sources	Disk	WrongACL	Tout le monde has 'FullControl'
DC-1.info.lab	sources	Disk	WrongACL	AUTORITE NT\Utilisateurs authentifiés has 'FullControl'
DC-1.info.lab	sources	Disk	WrongACL	INFO\mehdi has 'FullControl'
DC-1.info.lab	Test	Disk	WrongACL	BUILTIN\Utilisateurs has 'Modify'
DC-1.info.lab	Test	Disk	WrongACL	INFO\user1 has 'Modify'

Errors logs
Error
Unexpected folder found in SYSVOL: \\INFO.LAB\sysvol\APkCVFNwrq
Unexpected folder found in SYSVOL: \\INFO.LAB\sysvol\bervWlVhwf
Unexpected folder found in SYSVOL: \\INFO.LAB\sysvol\hXMYimRjat
Unexpected folder found in SYSVOL: \\INFO.LAB\sysvol\info.lab
Unexpected folder found in SYSVOL: \\INFO.LAB\sysvol\KQrZMgDwhp