From ef411e14ca2e46177decfe3c2b01db7f535b01ba Mon Sep 17 00:00:00 2001 From: WindowsAddict Date: Wed, 2 Jul 2025 23:35:17 +0530 Subject: Evade AV detection --- MAS/Separate-Files-Version/Troubleshoot.cmd | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'MAS/Separate-Files-Version/Troubleshoot.cmd') diff --git a/MAS/Separate-Files-Version/Troubleshoot.cmd b/MAS/Separate-Files-Version/Troubleshoot.cmd index 79d5f36..0064aa4 100644 --- a/MAS/Separate-Files-Version/Troubleshoot.cmd +++ b/MAS/Separate-Files-Version/Troubleshoot.cmd @@ -207,7 +207,7 @@ goto dk_done ::pstst $ExecutionContext.SessionState.LanguageMode :pstst -for /f "delims=" %%a in ('%psc% "if ($PSVersionTable.PSEdition -ne 'Core') {$f=[io.file]::ReadAllText('!_batp!') -split ':pstst';iex ($f[1])}" %nul6%') do (set tstresult=%%a) +for /f "delims=" %%a in ('%psc% "if ($PSVersionTable.PSEdition -ne 'Core') {$f=[System.IO.File]::ReadAllText('!_batp!') -split ':pstst';& ([scriptblock]::Create($f[1]))}" %nul6%') do (set tstresult=%%a) if /i not "%tstresult%"=="FullLanguage" ( %eline% @@ -718,7 +718,7 @@ echo Checking SPP permission related issues... call :checkperms if defined permerror ( call :dk_color %Red% "[!permerror!]" -%psc% "$f=[io.file]::ReadAllText('!_batp!') -split ':fixsppperms\:.*';iex ($f[1])" %nul% +%psc% "$f=[System.IO.File]::ReadAllText('!_batp!') -split ':fixsppperms\:.*';& ([scriptblock]::Create($f[1]))" %nul% call :checkperms if defined permerror ( call :dk_color %Red% "[!permerror!] [Failed To Fix]" @@ -788,8 +788,8 @@ if defined _vis ( echo: echo Reinstalling system licenses... -%psc% "$sls = Get-WmiObject SoftwareLicensingService; $f=[io.file]::ReadAllText('!_batp!') -split ':xrm\:.*';iex ($f[1]); ReinstallLicenses" %nul% -if %errorlevel% NEQ 0 %psc% "$sls = Get-WmiObject SoftwareLicensingService; $f=[io.file]::ReadAllText('!_batp!') -split ':xrm\:.*';iex ($f[1]); ReinstallLicenses" %nul% +%psc% "$sls = Get-WmiObject SoftwareLicensingService; $f=[System.IO.File]::ReadAllText('!_batp!') -split ':xrm\:.*';& ([scriptblock]::Create($f[1])); ReinstallLicenses" %nul% +if %errorlevel% NEQ 0 %psc% "$sls = Get-WmiObject SoftwareLicensingService; $f=[System.IO.File]::ReadAllText('!_batp!') -split ':xrm\:.*';& ([scriptblock]::Create($f[1])); ReinstallLicenses" %nul% if %errorlevel% EQU 0 ( echo [Successful] ) else ( @@ -1435,7 +1435,7 @@ exit /b :regownstart -%psc% "$f=[io.file]::ReadAllText('!_batp!') -split ':regown\:.*';iex ($f[1]);" +%psc% "$f=[System.IO.File]::ReadAllText('!_batp!') -split ':regown\:.*';& ([scriptblock]::Create($f[1]));" exit /b :: Below code takes ownership of a volatile registry key and deletes it -- cgit v1.2.3