It reads commands from an official IIS log, which are used ... malicious encoding. These files, which function as backdoors, are stored in an arbitrary folder, the location of which is specified ...