| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="Bandit" | |
| progid="Bandit" | |
| version="1.00" | |
| classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
| > |
mklink /h C:\Windows\System32\Tasks\tasks.dll C:\Tools\Tasks.dll
Hardlink created for C:\Windows\System32\Tasks\tasks.dll <<===>> C:\Tools\Tasks.dll
This can redirect the search to an arbitrary location and evade tools that are looking for filemods in a particular location.
xref: https://googleprojectzero.blogspot.com/2015/12/between-rock-and-hard-link.html
| using System; | |
| using System.EnterpriseServices; | |
| using System.Runtime.InteropServices; | |
| using System.Reflection; | |
| using System.Reflection.Emit; | |
| using System.Collections; | |
| using System.Collections.Generic; |
| # | |
| # Usage: | |
| # PS> . .\Cleanup-ClickOnce.ps1 | |
| # PS> Cleanup-ClickOnce -Name MyAppName | |
| # | |
| # Other than that you might also try using these commands: | |
| # PS> rundll32 dfshim.dll,ShArpMaintain C:\Path\To\ClickOnce.application | |
| # PS> rundll32 dfshim.dll CleanOnlineAppCache | |
| # |